Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SearchScopes removed but now slow with no desktop icons


  • This topic is locked This topic is locked
23 replies to this topic

#1 DshnRob

DshnRob

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 08 October 2015 - 09:30 PM

Hello,
 
I recently upgraded to Windows 10.  At first everything ran fine, but slowly the system became slower and more sluggish until I finally determined a virus was on the system.  I ran Malwarebytes which found the searchscopes and had it removed.
 
Next I ran a second scan from Emsisoft which did not find any additional infection. 
 
I thought all was well until a couple of days ago.  My system started running slow again and this time the desktop icons completely disappeared.  I ran scans again (even in safe mode) to no avail.
 
The system is still slow and I have no idea what is on my system that is causing this sluggishness.
 
Please let me know what I can do in hopes of stopping this infection.
 
Thanks in advance for your help.
-DshnRob
 
p.s. I have attached the FRST log and attached the addition.txt log file to this posting.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015
Ran by pibert (administrator) on PIBERT-HP (08-10-2015 20:57:10)
Running from C:\Users\pibert\Downloads
Loaded Profiles: pibert (Available Profiles: pibert & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Farbar) C:\Users\pibert\Downloads\FRST64 (1).exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [540672 2015-04-19] (Greenshot)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-06-17] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-09-29] (Intuit Inc. All rights reserved.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-07-30]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-07-30]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-07-30]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{44aeddc4-12ee-4a98-b559-b24c65562f66}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9c881b6e-e56c-454c-a496-1321a1dd7400}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-1429684805-3901036955-522432100-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-1429684805-3901036955-522432100-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {856085A5-39A2-4ACD-A416-CE9C2BE54E56} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1429684805-3901036955-522432100-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1429684805-3901036955-522432100-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-06-09] (HP)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-06-09] (HP)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2014-09-29] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-07-30] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2015-07-10] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
 
Chrome:
=======
CHR Profile: C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-30]
CHR Extension: (Google Docs) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-30]
CHR Extension: (Google Drive) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-30]
CHR Extension: (YouTube) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-30]
CHR Extension: (Google Search) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-30]
CHR Extension: (Google Docs Offline) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-17]
CHR Extension: (Website Logon) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe [2015-07-30]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05]
CHR Extension: (Gmail) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-30]
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-06-17] (Portrait Displays, Inc.)
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-07-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-09-29] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-09-29] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-09-29] (Intuit Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-07-30] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-07-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-10-04] (Emsisoft GmbH)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-07-30] (Microsoft Corporation)
R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2512016 2015-07-10] (MediaTek Inc.)
R3 NWVoltron; C:\Windows\System32\drivers\NWVoltron.sys [28920 2015-07-30] ()
S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-23] (n/a)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-05-28] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-04] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-08 20:53 - 2015-10-08 20:55 - 02194944 _____ (Farbar) C:\Users\pibert\Downloads\FRST64 (1).exe
2015-10-08 20:21 - 2015-10-08 20:21 - 00016148 _____ C:\WINDOWS\system32\PIBERT-HP_pibert_HistoryPrediction.bin
2015-10-08 07:39 - 2015-10-08 07:39 - 00000000 ___HD C:\OneDriveTemp
2015-10-04 15:27 - 2015-10-04 15:27 - 00014036 _____ C:\Users\pibert\Downloads\hijackthis.log
2015-10-04 15:26 - 2015-10-04 15:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\pibert\Downloads\HijackThis.exe
2015-10-04 15:06 - 2015-10-04 15:07 - 00040104 _____ C:\Users\pibert\Downloads\Addition.txt
2015-10-04 15:05 - 2015-10-08 20:58 - 00019740 _____ C:\Users\pibert\Downloads\FRST.txt
2015-10-04 15:05 - 2015-10-08 20:57 - 00000000 ____D C:\FRST
2015-10-04 15:04 - 2015-10-04 15:05 - 02193920 _____ (Farbar) C:\Users\pibert\Downloads\FRST64.exe
2015-10-04 15:03 - 2015-10-04 15:03 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\pibert\Downloads\FixExec.exe
2015-10-04 15:03 - 2015-10-04 15:03 - 00001400 _____ C:\Users\pibert\Desktop\FixExec.txt
2015-10-04 14:48 - 2015-10-04 15:00 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-04 14:48 - 2015-10-04 14:48 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-04 14:44 - 2015-10-04 14:48 - 18801736 _____ C:\Users\pibert\Downloads\RogueKiller.exe
2015-10-04 14:20 - 2015-10-04 14:20 - 00000000 ____D C:\Users\pibert\Desktop\rkill
2015-10-04 14:19 - 2015-10-04 14:19 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\pibert\Downloads\iExplore (1).exe
2015-10-04 12:16 - 2015-10-08 17:22 - 00000786 _____ C:\Users\pibert\Desktop\Start Emsisoft Emergency Kit.lnk
2015-10-04 12:16 - 2015-10-08 17:22 - 00000000 ____D C:\EEK
2015-10-04 12:04 - 2015-10-04 12:16 - 167856392 _____ C:\Users\pibert\Downloads\EmsisoftEmergencyKit.exe
2015-10-04 09:01 - 2015-10-04 09:01 - 02870984 _____ (ESET) C:\Users\pibert\Downloads\esetsmartinstaller_enu.exe
2015-10-04 09:01 - 2015-10-04 09:01 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-04 08:22 - 2015-10-04 08:22 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-10-04 08:13 - 2015-10-04 08:13 - 00000000 ____D C:\WINDOWS\pss
2015-10-04 07:21 - 2015-10-04 07:23 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\pibert\Desktop\unhide.exe
2015-10-04 07:20 - 2015-10-04 07:20 - 01801288 _____ (Malwarebytes) C:\Users\pibert\Downloads\JRT (6).exe
2015-10-02 20:55 - 2015-10-02 20:55 - 04945408 _____ C:\Users\pibert\Desktop\Krewe of Olympus - Texas, Inc. 20112012i (Portable).QBM
2015-10-01 17:30 - 2015-10-04 17:48 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-01 17:16 - 2015-09-24 19:13 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-01 17:16 - 2015-09-24 18:24 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-01 17:16 - 2015-09-24 18:23 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-01 17:16 - 2015-09-24 18:17 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-01 17:16 - 2015-09-24 18:08 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-01 17:16 - 2015-09-24 18:06 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-01 17:16 - 2015-09-24 18:01 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-01 17:16 - 2015-09-24 18:00 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-01 17:16 - 2015-09-24 17:43 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-01 17:16 - 2015-09-24 17:42 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-01 17:16 - 2015-09-24 17:25 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-01 17:16 - 2015-09-17 01:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-01 17:16 - 2015-09-17 01:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-01 17:16 - 2015-09-17 01:49 - 08020816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-01 17:16 - 2015-09-17 01:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-01 17:16 - 2015-09-17 01:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-01 17:16 - 2015-09-17 01:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-01 17:16 - 2015-09-17 01:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-01 17:16 - 2015-09-17 01:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-01 17:16 - 2015-09-17 01:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-01 17:16 - 2015-09-17 01:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-01 17:16 - 2015-09-17 01:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-01 17:16 - 2015-09-17 01:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-01 17:16 - 2015-09-17 01:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-01 17:16 - 2015-09-17 01:47 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-01 17:16 - 2015-09-17 01:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-01 17:16 - 2015-09-17 01:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-01 17:16 - 2015-09-17 01:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-01 17:16 - 2015-09-17 01:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-01 17:16 - 2015-09-17 01:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-01 17:16 - 2015-09-17 01:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-01 17:16 - 2015-09-17 01:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-01 17:16 - 2015-09-17 01:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-01 17:16 - 2015-09-17 01:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-01 17:16 - 2015-09-17 01:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-01 17:16 - 2015-09-17 01:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-01 17:16 - 2015-09-17 01:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-01 17:16 - 2015-09-17 01:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-01 17:16 - 2015-09-17 01:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-01 17:16 - 2015-09-17 01:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-01 17:16 - 2015-09-17 01:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-01 17:16 - 2015-09-17 01:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-01 17:16 - 2015-09-17 01:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-01 17:16 - 2015-09-17 01:12 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-01 17:16 - 2015-09-17 01:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-01 17:16 - 2015-09-17 01:07 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-01 17:16 - 2015-09-17 01:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-01 17:16 - 2015-09-17 01:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-01 17:16 - 2015-09-17 01:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-01 17:16 - 2015-09-17 01:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-01 17:16 - 2015-09-17 01:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-01 17:16 - 2015-09-17 01:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-01 17:16 - 2015-09-17 01:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-01 17:16 - 2015-09-17 01:00 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-01 17:16 - 2015-09-17 01:00 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-01 17:16 - 2015-09-17 01:00 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-01 17:16 - 2015-09-17 00:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-01 17:16 - 2015-09-17 00:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-01 17:16 - 2015-09-17 00:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-01 17:16 - 2015-09-17 00:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-01 17:16 - 2015-09-17 00:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-01 17:16 - 2015-09-17 00:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-01 17:16 - 2015-09-17 00:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-01 17:16 - 2015-09-17 00:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-01 17:16 - 2015-09-17 00:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-01 17:16 - 2015-09-17 00:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-01 17:16 - 2015-09-17 00:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-01 17:16 - 2015-09-17 00:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-01 17:16 - 2015-09-17 00:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-01 17:16 - 2015-09-17 00:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-01 17:16 - 2015-09-17 00:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-01 17:16 - 2015-09-17 00:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-01 17:16 - 2015-09-17 00:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-01 17:16 - 2015-09-17 00:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-01 17:16 - 2015-09-17 00:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-01 17:16 - 2015-09-17 00:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-01 17:16 - 2015-09-17 00:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-01 17:16 - 2015-09-17 00:51 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-01 17:16 - 2015-09-17 00:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-01 17:16 - 2015-09-17 00:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-01 17:16 - 2015-09-17 00:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-01 17:16 - 2015-09-17 00:51 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-01 17:16 - 2015-09-17 00:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-01 17:16 - 2015-09-17 00:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-01 17:16 - 2015-09-17 00:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-01 17:16 - 2015-09-17 00:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-01 17:16 - 2015-09-17 00:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-01 17:16 - 2015-09-17 00:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-01 17:16 - 2015-09-17 00:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-01 17:16 - 2015-09-17 00:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-01 17:16 - 2015-09-17 00:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-01 17:16 - 2015-09-17 00:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-01 17:16 - 2015-09-17 00:47 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-01 17:16 - 2015-09-17 00:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-01 17:16 - 2015-09-17 00:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-01 17:16 - 2015-09-17 00:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-01 17:16 - 2015-09-17 00:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-01 17:16 - 2015-09-17 00:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-01 17:16 - 2015-09-17 00:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-01 17:16 - 2015-09-17 00:45 - 19325440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-01 17:16 - 2015-09-17 00:45 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-01 17:16 - 2015-09-17 00:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-01 17:16 - 2015-09-17 00:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-01 17:16 - 2015-09-17 00:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-01 17:16 - 2015-09-17 00:45 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-01 17:16 - 2015-09-17 00:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-01 17:16 - 2015-09-17 00:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-01 17:16 - 2015-09-17 00:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-01 17:16 - 2015-09-17 00:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-01 17:16 - 2015-09-17 00:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-01 17:16 - 2015-09-17 00:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-01 17:16 - 2015-09-17 00:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-01 17:16 - 2015-09-17 00:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-01 17:16 - 2015-09-17 00:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-01 17:16 - 2015-09-17 00:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-01 17:16 - 2015-09-17 00:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-01 17:16 - 2015-09-17 00:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-01 17:16 - 2015-09-17 00:37 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-01 17:16 - 2015-09-17 00:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-01 17:16 - 2015-09-17 00:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-01 17:16 - 2015-09-17 00:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-01 17:16 - 2015-09-17 00:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-01 17:16 - 2015-09-17 00:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-01 17:16 - 2015-09-17 00:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-01 17:16 - 2015-09-17 00:32 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-01 17:16 - 2015-09-17 00:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-01 17:16 - 2015-09-17 00:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-01 17:16 - 2015-09-17 00:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-01 17:16 - 2015-09-17 00:31 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-01 17:16 - 2015-09-17 00:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-01 17:16 - 2015-09-17 00:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-01 17:16 - 2015-09-17 00:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-01 17:16 - 2015-09-17 00:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-01 17:16 - 2015-09-17 00:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-01 17:16 - 2015-09-17 00:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-01 17:16 - 2015-09-17 00:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-01 17:16 - 2015-09-12 21:05 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-01 17:16 - 2015-09-12 20:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-01 17:15 - 2015-09-24 19:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-01 17:15 - 2015-09-24 19:34 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-01 17:15 - 2015-09-24 18:34 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-01 17:15 - 2015-09-24 18:34 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-01 17:15 - 2015-09-24 18:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-01 17:15 - 2015-09-24 18:07 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-01 17:15 - 2015-09-24 18:05 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-01 17:15 - 2015-09-24 18:01 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-01 17:15 - 2015-09-24 18:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-01 17:15 - 2015-09-24 18:00 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-01 17:15 - 2015-09-24 18:00 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-01 17:15 - 2015-09-24 17:53 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-01 17:15 - 2015-09-24 17:43 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-01 17:15 - 2015-09-24 17:25 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-01 17:15 - 2015-09-24 17:25 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-01 17:15 - 2015-09-24 17:25 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-01 17:15 - 2015-09-24 17:25 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-01 17:15 - 2015-09-24 17:24 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-01 17:15 - 2015-09-24 17:19 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-01 17:15 - 2015-09-19 00:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-01 17:15 - 2015-09-17 01:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-01 17:15 - 2015-09-17 01:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-01 17:15 - 2015-09-17 01:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-01 17:15 - 2015-09-17 01:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-01 17:15 - 2015-09-17 01:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-01 17:15 - 2015-09-17 01:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-01 17:15 - 2015-09-17 01:39 - 00081488 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-01 17:15 - 2015-09-17 01:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-01 17:15 - 2015-09-17 01:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-01 17:15 - 2015-09-17 01:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-01 17:15 - 2015-09-17 01:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-01 17:15 - 2015-09-17 01:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-01 17:15 - 2015-09-17 01:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-01 17:15 - 2015-09-17 01:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-01 17:15 - 2015-09-17 01:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-01 17:15 - 2015-09-17 01:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-01 17:15 - 2015-09-17 01:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-01 17:15 - 2015-09-17 01:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-01 17:15 - 2015-09-17 01:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-01 17:15 - 2015-09-17 01:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-01 17:15 - 2015-09-17 01:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-01 17:15 - 2015-09-17 01:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-01 17:15 - 2015-09-17 01:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-01 17:15 - 2015-09-17 01:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-01 17:15 - 2015-09-17 01:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-01 17:15 - 2015-09-17 01:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-01 17:15 - 2015-09-17 00:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-01 17:15 - 2015-09-17 00:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-01 17:15 - 2015-09-17 00:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-01 17:15 - 2015-09-17 00:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-01 17:15 - 2015-09-17 00:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-01 17:15 - 2015-09-17 00:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 17:15 - 2015-09-17 00:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-01 17:15 - 2015-09-17 00:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-01 17:15 - 2015-09-17 00:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-01 17:15 - 2015-09-17 00:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-01 17:15 - 2015-09-17 00:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-01 17:15 - 2015-09-17 00:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-01 17:15 - 2015-09-17 00:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-01 17:15 - 2015-09-17 00:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-01 17:15 - 2015-09-17 00:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-01 17:15 - 2015-09-17 00:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-01 17:15 - 2015-09-17 00:49 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-01 17:15 - 2015-09-17 00:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-01 17:15 - 2015-09-17 00:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-01 17:15 - 2015-09-17 00:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-01 17:15 - 2015-09-17 00:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-01 17:15 - 2015-09-17 00:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-01 17:15 - 2015-09-17 00:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-01 17:15 - 2015-09-17 00:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-01 17:15 - 2015-09-17 00:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-01 17:15 - 2015-09-17 00:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-01 17:15 - 2015-09-17 00:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-01 17:15 - 2015-09-17 00:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-01 17:15 - 2015-09-17 00:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-01 17:15 - 2015-09-17 00:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-01 17:15 - 2015-09-17 00:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-01 17:15 - 2015-09-17 00:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-01 17:15 - 2015-09-17 00:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-01 17:15 - 2015-09-17 00:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-01 17:15 - 2015-09-17 00:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 17:15 - 2015-09-17 00:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-01 17:15 - 2015-09-17 00:33 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-01 17:15 - 2015-09-17 00:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-01 17:15 - 2015-09-17 00:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-09-25 06:33 - 2015-10-08 16:56 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-25 06:33 - 2015-09-25 06:33 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-25 06:33 - 2015-09-25 06:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-25 06:33 - 2015-09-25 06:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-25 06:33 - 2015-09-25 06:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-25 06:33 - 2015-06-18 08:52 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-25 06:33 - 2015-06-18 08:52 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-25 06:33 - 2015-06-18 08:52 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-25 06:32 - 2015-09-25 06:33 - 24345376 _____ (Malwarebytes Corporation ) C:\Users\pibert\Downloads\mbam-setup (1).exe
2015-09-25 06:32 - 2015-09-25 06:32 - 24345376 _____ (Malwarebytes Corporation ) C:\Users\pibert\Downloads\mbam-setup.exe
2015-09-25 06:25 - 2015-09-25 06:25 - 01662976 _____ C:\Users\pibert\Downloads\AdwCleaner (4).exe
2015-09-19 17:27 - 2015-09-19 17:27 - 01662976 _____ C:\Users\pibert\Downloads\AdwCleaner (3).exe
2015-09-19 17:26 - 2015-09-25 06:27 - 00000000 ____D C:\AdwCleaner
2015-09-19 17:23 - 2015-09-19 17:25 - 01662976 _____ C:\Users\pibert\Downloads\AdwCleaner (2).exe
2015-09-19 17:20 - 2015-09-19 17:20 - 01662976 _____ C:\Users\pibert\Downloads\AdwCleaner (1).exe
2015-09-19 17:18 - 2015-09-19 17:19 - 01798976 _____ (Malwarebytes) C:\Users\pibert\Downloads\JRT (5).exe
2015-09-19 17:17 - 2015-09-19 17:17 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\pibert\Downloads\iExplore.exe
2015-09-16 22:05 - 2015-09-16 22:05 - 01798976 _____ (Malwarebytes) C:\Users\pibert\Downloads\JRT (4).exe
2015-09-16 22:05 - 2015-09-16 22:05 - 01798976 _____ (Malwarebytes) C:\Users\pibert\Downloads\JRT (3).exe
2015-09-16 21:26 - 2015-09-16 21:27 - 00000000 ____D C:\Users\pibert\Desktop\OldHDrive
2015-09-13 20:45 - 2015-09-13 20:46 - 29409280 _____ (Wondershare Software Co.,Ltd. ) C:\Users\pibert\Downloads\drfone-for-ios_full1283.exe
2015-09-13 20:16 - 2015-09-13 20:16 - 00000000 ____D C:\Program Files (x86)\EaseUS
2015-09-13 20:15 - 2015-09-13 20:15 - 18878416 _____ (EaseUS ) C:\Users\pibert\Downloads\ems_free.exe
2015-09-11 23:28 - 2015-09-11 23:28 - 00000000 ___RD C:\Users\pibert\AppData\Roaming\Brother
2015-09-11 23:28 - 2015-09-11 23:28 - 00000000 ____D C:\Users\pibert\AppData\LocalLow\Brother
2015-09-11 22:17 - 2015-09-11 22:17 - 00000000 ____D C:\Users\pibert\AppData\LocalLow\Temp
2015-09-11 20:22 - 2015-09-11 23:32 - 00020679 _____ C:\Users\pibert\Desktop\ProfitLoss_Events (1).xlsx
2015-09-11 20:21 - 2015-09-11 20:21 - 00012812 _____ C:\Users\pibert\Downloads\ProfitLoss_Events.xlsx
2015-09-11 20:21 - 2015-09-11 20:21 - 00012812 _____ C:\Users\pibert\Downloads\ProfitLoss_Events (2).xlsx
2015-09-11 20:21 - 2015-09-11 20:21 - 00012812 _____ C:\Users\pibert\Downloads\ProfitLoss_Events (1).xlsx
2015-09-08 21:17 - 2015-09-08 21:19 - 00011926 _____ C:\Users\pibert\Downloads\augu-sept2015.xlsx
2015-09-08 21:14 - 2015-09-08 21:15 - 00001592 _____ C:\Users\pibert\Downloads\stmt (7).csv
2015-09-08 17:08 - 2015-08-27 01:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-08 17:08 - 2015-08-27 01:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-08 17:08 - 2015-08-27 00:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-08 17:08 - 2015-08-27 00:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-08 17:08 - 2015-08-27 00:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-08 17:08 - 2015-08-27 00:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-08 17:08 - 2015-08-27 00:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-08 17:08 - 2015-08-27 00:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-08 17:08 - 2015-08-27 00:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-08 17:08 - 2015-08-27 00:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-08 17:08 - 2015-08-27 00:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-08 17:08 - 2015-08-27 00:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-08 17:08 - 2015-08-27 00:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-08 17:08 - 2015-08-27 00:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-08 17:08 - 2015-08-27 00:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-08 17:08 - 2015-08-27 00:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-08 17:08 - 2015-08-27 00:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-08 17:08 - 2015-08-27 00:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-08 17:08 - 2015-08-27 00:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-08 17:08 - 2015-08-27 00:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-08 17:08 - 2015-08-27 00:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-08 17:08 - 2015-08-27 00:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-08 17:08 - 2015-08-27 00:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-08 17:08 - 2015-08-27 00:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-08 20:53 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-08 20:32 - 2015-07-29 19:56 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{10049D5C-5DFF-430F-B0AE-B123CF71F972}
2015-10-08 20:15 - 2015-07-30 19:59 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-08 20:06 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-08 19:12 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-08 17:08 - 2015-08-05 18:15 - 00000166 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-10-08 16:04 - 2015-07-30 18:48 - 00007909 _____ C:\WINDOWS\BRRBCOM.INI
2015-10-08 07:40 - 2015-07-30 17:20 - 01005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-08 07:39 - 2015-07-30 17:38 - 00000000 ____D C:\Users\pibert\OneDrive
2015-10-08 07:37 - 2015-07-30 19:59 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-08 07:37 - 2015-07-29 19:53 - 00000000 ____D C:\Users\pibert\AppData\LocalLow\AuthenTec
2015-10-08 07:37 - 2012-05-28 14:29 - 00000000 ____D C:\ProgramData\truesuite
2015-10-06 12:01 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-06 11:18 - 2012-05-28 14:25 - 00000000 ____D C:\ProgramData\PDFC
2015-10-04 18:50 - 2015-07-30 19:02 - 00000000 ____D C:\Users\pibert\Desktop\KreweBiz
2015-10-04 17:48 - 2015-07-29 21:45 - 00243246 ____N C:\WINDOWS\Minidump\100415-20500-01.dmp
2015-10-04 17:48 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-04 15:44 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-04 15:19 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-04 15:19 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-04 15:19 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-04 15:19 - 2015-07-10 06:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-04 15:19 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-04 15:19 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-04 15:19 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-04 15:19 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-04 15:19 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-04 15:16 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-04 08:57 - 2015-07-30 19:58 - 00000000 ____D C:\Users\pibert\AppData\Local\Google
2015-10-03 13:35 - 2015-07-30 17:36 - 00000000 ____D C:\Users\pibert\AppData\Local\Packages
2015-10-01 17:30 - 2015-07-30 17:17 - 00005174 _____ C:\WINDOWS\PFRO.log
2015-10-01 17:30 - 2015-07-29 21:45 - 00244654 ____N C:\WINDOWS\Minidump\100115-33390-01.dmp
2015-10-01 17:20 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-30 21:05 - 2015-07-30 19:48 - 00000000 ____D C:\Users\pibert\AppData\Roaming\ControlCenter4
2015-09-30 21:03 - 2015-07-30 18:47 - 00000000 ____D C:\ProgramData\ControlCenter4
2015-09-30 21:02 - 2015-07-30 18:47 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2015-09-29 20:40 - 2015-07-30 19:59 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-29 16:54 - 2015-07-29 19:56 - 00003814 _____ C:\WINDOWS\System32\Tasks\Registration
2015-09-24 20:35 - 2015-07-30 17:46 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-20 13:16 - 2015-08-15 09:16 - 00000000 ____D C:\Users\pibert\AppData\Local\Greenshot
2015-09-19 17:30 - 2015-07-10 07:20 - 00349432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-19 17:28 - 2015-07-10 08:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-16 21:10 - 2015-07-30 19:59 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 21:10 - 2015-07-30 19:59 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 21:05 - 2015-07-10 07:20 - 00020731 _____ C:\WINDOWS\setupact.log
2015-09-15 21:18 - 2015-08-13 16:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-15 20:41 - 2015-07-30 17:38 - 00002380 _____ C:\Users\pibert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-15 11:12 - 2015-07-10 06:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 11:12 - 2015-07-10 06:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2012-05-28 14:29 - 2011-06-09 18:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011
 
Some files in TEMP:
====================
C:\Users\pibert\AppData\Local\Temp\Abspdf.exe
C:\Users\pibert\AppData\Local\Temp\acfpdfu.dll
C:\Users\pibert\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\pibert\AppData\Local\Temp\acfpdfui.dll
C:\Users\pibert\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\pibert\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\pibert\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\pibert\AppData\Local\Temp\cdintf.dll
C:\Users\pibert\AppData\Local\Temp\dllnt_dump.dll
C:\Users\pibert\AppData\Local\Temp\PDFPRT400.exe
C:\Users\pibert\AppData\Local\Temp\sqlite3.dll
C:\Users\pibert\AppData\Local\Temp\xmllite.dll
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2015-10-01 17:47
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:59 PM

Posted 13 October 2015 - 02:05 PM

Hello DshnRob and welcome to BleepingComputer!                     :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 3 days, feel free to PM me.                      :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 3 days I will bump the topic, if you didn't reply in next 3 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

WildTangent Program Warning

Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including:

  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
  • Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
  • Location that the Web Driver was installed from

For that reason I would suggest you uninstalled it via add/remove. (HP Games)

Reboot after the uninstallation.<- Important.

 

------------------

 

I've submitted my reports to my instructor and will reply back as soon as possible.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:59 PM

Posted 14 October 2015 - 10:12 AM

Hi DshnRob.

 

Did your desktop problem happened before or after you updated to Windows 10?

 

How is your desktop looks like currently? Just blank with black wallpaper? Can you use taskbar/start menu normally? What happen if you navigate to C:\Users\pibert\desktop ? Are there any files in that folder?

 

Please move FRST64.exe to your desktop. If you can't do so please inform me.

 

Also, please copy and paste these logs into your next reply:

 

Malwarebytes: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

Rkill: C;\rkill.log

Emsisoft Emergency Kit: C:\EEK\bin\reports

RogueKiller: C:\ProgramData\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log

JRT: C:\Users\pibert\Downloads\JRT.txt

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#4 DshnRob

DshnRob
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 14 October 2015 - 12:32 PM

Hi Sirawit,
 
Thank you for your reply back.  I was able to bring back the icons when I went into the view and checked the Show desktop icons.  The wallpaper was the same as I had previously set, but something had turned off the desktop icons initially.  I am wondering if there is something that still resides on my PC.
 
Per your request, I am providing the additional log files.  Please let me know if you acquire any additional info.
 
Thanks again for all of your help in this matter.
 
Sincerely,
-DshnRob
 
 
Malwarebytes:
 
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/10/08 07:38:24 -0500</date>
<logfile>mbam-log-2015-10-08 (07-38-09).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.1.8.1057</version>
<malware-database>v2015.10.08.03</malware-database>
<rootkit-database>v2015.10.06.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 10</osversion>
<arch>x64</arch>
<username>pibert</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>425009</objects>
<time>1437</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>0</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
</items>
</mbam-log>
 
 
 

rkill log:
 
Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
 
 
 

Program started at: 10/14/2015 12:19:56 PM in x64 mode.
Windows Version: Windows 10 Home
 
 
 

Checking for Windows services to stop:
 
 
 

 * No malware services found to stop.
 
 
 

Checking for processes to terminate:
 
 
 

 * No malware processes found to kill.
 
 
 

Checking Registry for malware related settings:
 
 
 

 * No issues found in the Registry.
 
 
 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
 
 

Performing miscellaneous checks:
 
 
 

 * No issues found.
 
 
 

Checking Windows Service Integrity:
 
 
 

 * HdAudAddService [Missing Service]
 
 
 

Searching for Missing Digital Signatures:
 
 
 

 * No issues found.
 
 
 

Checking HOSTS File:
 
 
 

 * HOSTS file entries found:
 
 
 

  127.0.0.1 localhost
 
 
 

Program finished at: 10/14/2015 12:20:22 PM
Execution time: 0 hours(s), 0 minute(s), and 25 seconds(s)
 
 
 

Emsisoft Log:
 
 
 
 
 

Emsisoft Emergency Kit - Version 10.0
Last update: 10/4/2015 12:19:06 PM
User account: PIBERT-HP\pibert
 
 
 

Scan settings:
 
 
 

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\, D:\
 
 
 

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
 
 

Scan start: 10/8/2015 5:25:19 PM
 
 
 

Scanned 665937
Found 0
 
 
 

Scan end: 10/8/2015 8:45:01 PM
Scan time: 3:19:42
 
 
 
RogueKiller:
 
 
 
 
 
{
    "header": {
        "program": {
            "project": "RogueKiller",
            "version": "10.10.7.0",
            "x64": false,
            "date": "Sep 28 2015",
            "contact": "http://www.adlice.com/contact/",
            "feedback": "http://forum.adlice.com",
            "website": "http://www.adlice.com/software/roguekiller/",
            "blog": "http://www.adlice.com"
        },
        "environment": {
            "operating_system": "Windows 10 (10.0.10240) 64 bits version",
            "boot": 0,
            "winpe": false,
            "user": "pibert",
            "user_admin": true,
            "program_location": "C:\\Users\\pibert\\Downloads\\RogueKiller.exe",
            "x64": true
        },
        "report": {
            "type": 1,
            "aborted": false,
            "date": "10/04/2015 15:00:19",
            "switches": 0,
            "debug": false
        }
    },
    "information": {
        "processes": [
            {
                "name": "[System Process]",
                "name_parent": "",
                "pid": 0,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": ""
            },
            {
                "name": "System",
                "name_parent": "",
                "pid": 4,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": ""
            },
            {
                "name": "smss.exe",
                "name_parent": "",
                "pid": 392,
                "path": "C:\\Windows\\System32\\smss.exe",
                "command_line": "",
                "pid_parent": 4,
                "path_parent": ""
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 536,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "",
                "pid_parent": 524,
                "path_parent": ""
            },
            {
                "name": "wininit.exe",
                "name_parent": "",
                "pid": 604,
                "path": "C:\\Windows\\System32\\wininit.exe",
                "command_line": "",
                "pid_parent": 524,
                "path_parent": ""
            },
            {
                "name": "services.exe",
                "name_parent": "",
                "pid": 652,
                "path": "C:\\Windows\\System32\\services.exe",
                "command_line": "",
                "pid_parent": 604,
                "path_parent": ""
            },
            {
                "name": "lsass.exe",
                "name_parent": "",
                "pid": 660,
                "path": "C:\\Windows\\System32\\lsass.exe",
                "command_line": "",
                "pid_parent": 604,
                "path_parent": ""
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 712,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "",
                "pid_parent": 596,
                "path_parent": ""
            },
            {
                "name": "winlogon.exe",
                "name_parent": "",
                "pid": 776,
                "path": "C:\\Windows\\System32\\winlogon.exe",
                "command_line": "",
                "pid_parent": 596,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 844,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 900,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k RPCSS",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "dwm.exe",
                "name_parent": "winlogon.exe",
                "pid": 992,
                "path": "C:\\Windows\\System32\\dwm.exe",
                "command_line": "\"dwm.exe\"",
                "pid_parent": 776,
                "path_parent": "C:\\Windows\\System32\\winlogon.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 420,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 504,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 452,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalSystemNetworkRestricted",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1044,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceAndNoImpersonation",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "TrueSuiteService.exe",
                "name_parent": "",
                "pid": 1100,
                "path": "C:\\Program Files (x86)\\HP SimplePass 2011\\TrueSuiteService.exe",
                "command_line": "\"C:\\Program Files (x86)\\HP SimplePass 2011\\TrueSuiteService.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1220,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalService",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "stacsv64.exe",
                "name_parent": "",
                "pid": 1320,
                "path": "C:\\Program Files\\IDT\\WDM\\stacsv64.exe",
                "command_line": "\"C:\\Program Files\\IDT\\WDM\\STacSV64.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1364,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k NetworkService",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "spoolsv.exe",
                "name_parent": "",
                "pid": 1688,
                "path": "C:\\Windows\\System32\\spoolsv.exe",
                "command_line": "C:\\WINDOWS\\System32\\spoolsv.exe",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1956,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNoNetwork",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1272,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k apphost",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1276,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\System32\\svchost.exe -k utcsvc",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "armsvc.exe",
                "name_parent": "",
                "pid": 1480,
                "path": "C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe",
                "command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "dasHost.exe",
                "name_parent": "svchost.exe",
                "pid": 1176,
                "path": "C:\\Windows\\System32\\dasHost.exe",
                "command_line": "dashost.exe {78088220-bd7b-4ccf-86158340d9560842}",
                "pid_parent": 452,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "AESTSr64.exe",
                "name_parent": "",
                "pid": 2060,
                "path": "C:\\Program Files\\IDT\\WDM\\AESTSr64.exe",
                "command_line": "\"C:\\Program Files\\IDT\\WDM\\AESTSr64.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "HPClientServices.exe",
                "name_parent": "",
                "pid": 2104,
                "path": "C:\\Program Files\\Hewlett-Packard\\HP Client Services\\HPClientServices.exe",
                "command_line": "\"C:\\Program Files\\Hewlett-Packard\\HP Client Services\\HPClientServices.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2192,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k iissvcs",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "RIconMan.exe",
                "name_parent": "",
                "pid": 2204,
                "path": "C:\\Program Files (x86)\\Realtek\\Realtek PCIE Card Reader\\RIconMan.exe",
                "command_line": "\"C:\\Program Files (x86)\\Realtek\\Realtek PCIE Card Reader\\RIconMan.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "AppleMobileDeviceService.exe",
                "name_parent": "",
                "pid": 2224,
                "path": "C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe",
                "command_line": "\"C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "mqsvc.exe",
                "name_parent": "",
                "pid": 2244,
                "path": "C:\\Windows\\System32\\mqsvc.exe",
                "command_line": "C:\\WINDOWS\\system32\\mqsvc.exe",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "officeclicktorun.exe",
                "name_parent": "",
                "pid": 2264,
                "path": "C:\\Program Files\\Microsoft Office 15\\ClientX64\\officeclicktorun.exe",
                "command_line": "\"C:\\Program Files\\Microsoft Office 15\\ClientX64\\OfficeClickToRun.exe\" /service",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "mbamservice.exe",
                "name_parent": "",
                "pid": 2276,
                "path": "C:\\Program Files (x86)\\Malwarebytes Anti-Malware\\mbamservice.exe",
                "command_line": "\"C:\\Program Files (x86)\\Malwarebytes Anti-Malware\\mbamservice.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "mDNSResponder.exe",
                "name_parent": "",
                "pid": 2284,
                "path": "C:\\Program Files\\Bonjour\\mDNSResponder.exe",
                "command_line": "\"C:\\Program Files\\Bonjour\\mDNSResponder.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "mbamscheduler.exe",
                "name_parent": "",
                "pid": 2292,
                "path": "C:\\Program Files (x86)\\Malwarebytes Anti-Malware\\mbamscheduler.exe",
                "command_line": "\"C:\\Program Files (x86)\\Malwarebytes Anti-Malware\\mbamscheduler.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "jhi_service.exe",
                "name_parent": "",
                "pid": 2440,
                "path": "C:\\Program Files (x86)\\Intel\\Services\\IPT\\jhi_service.exe",
                "command_line": "\"C:\\Program Files (x86)\\Intel\\Services\\IPT\\jhi_service.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "HPDrvMntSvc.exe",
                "name_parent": "",
                "pid": 2448,
                "path": "C:\\Program Files (x86)\\Hewlett-Packard\\Shared\\HPDrvMntSvc.exe",
                "command_line": "\"C:\\Program Files (x86)\\Hewlett-Packard\\Shared\\HPDrvMntSvc.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "DTSRVC.exe",
                "name_parent": "",
                "pid": 2456,
                "path": "C:\\Program Files (x86)\\Common Files\\Portrait Displays\\Shared\\DTSRVC.exe",
                "command_line": "\"C:\\Program Files (x86)\\Common Files\\Portrait Displays\\Shared\\dtsrvc.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "pdfsvc.exe",
                "name_parent": "",
                "pid": 2636,
                "path": "C:\\Program Files (x86)\\PDF Complete\\pdfsvc.exe",
                "command_line": "\"C:\\Program Files (x86)\\PDF Complete\\pdfsvc.exe\" /startedbyscm:66B66708-40E2BE4D-pdfcService",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "HPAuto.exe",
                "name_parent": "",
                "pid": 2644,
                "path": "C:\\Program Files\\Hewlett-Packard\\HP Auto\\HPAuto.exe",
                "command_line": "\"C:\\Program Files\\Hewlett-Packard\\HP Auto\\HPAuto.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "pdisrvc.exe",
                "name_parent": "",
                "pid": 2732,
                "path": "C:\\Program Files (x86)\\Common Files\\Portrait Displays\\Drivers\\pdisrvc.exe",
                "command_line": "\"C:\\Program Files (x86)\\Common Files\\Portrait Displays\\Drivers\\pdisrvc.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "SMSvcHost.exe",
                "name_parent": "",
                "pid": 2792,
                "path": "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SMSvcHost.exe",
                "command_line": "C:\\WINDOWS\\Microsoft.NET\\Framework64\\v4.0.30319\\SMSvcHost.exe",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "QBCFMonitorService.exe",
                "name_parent": "",
                "pid": 2800,
                "path": "C:\\Program Files (x86)\\Common Files\\Intuit\\QuickBooks\\QBCFMonitorService.exe",
                "command_line": "\"C:\\Program Files (x86)\\Common Files\\Intuit\\QuickBooks\\QBCFMonitorService.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2820,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k imgsvc",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "QBIDPService.exe",
                "name_parent": "",
                "pid": 2868,
                "path": "C:\\Program Files (x86)\\Common Files\\Intuit\\DataProtect\\QBIDPService.exe",
                "command_line": "\"C:\\Program Files (x86)\\Common Files\\Intuit\\DataProtect\\QBIDPService.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "RNowSvc.exe",
                "name_parent": "",
                "pid": 2876,
                "path": "C:\\Program Files (x86)\\Roxio\\RoxioNow Player\\RNowSvc.exe",
                "command_line": "\"C:\\Program Files (x86)\\Roxio\\RoxioNow Player\\RNowSvc.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 1832,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k appmodel",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "MsMpEng.exe",
                "name_parent": "",
                "pid": 3176,
                "path": "C:\\Program Files\\Windows Defender\\MsMpEng.exe",
                "command_line": "",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "SMSvcHost.exe",
                "name_parent": "",
                "pid": 3192,
                "path": "C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SMSvcHost.exe",
                "command_line": "\"C:\\WINDOWS\\Microsoft.NET\\Framework64\\v4.0.30319\\SMSvcHost.exe\" -NetMsmqActivator",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "mbam.exe",
                "name_parent": "mbamservice.exe",
                "pid": 4412,
                "path": "C:\\Program Files (x86)\\Malwarebytes Anti-Malware\\mbam.exe",
                "command_line": "\"C:\\Program Files (x86)\\Malwarebytes Anti-Malware\\mbam.exe\" /starttray",
                "pid_parent": 2276,
                "path_parent": "C:\\Program Files (x86)\\Malwarebytes Anti-Malware\\mbamservice.exe"
            },
            {
                "name": "TouchControl.exe",
                "name_parent": "TrueSuiteService.exe",
                "pid": 4484,
                "path": "C:\\Program Files (x86)\\HP SimplePass 2011\\TouchControl.exe",
                "command_line": "\"C:\\Program Files (x86)\\HP SimplePass 2011\\TouchControl.exe\"",
                "pid_parent": 1100,
                "path_parent": "C:\\Program Files (x86)\\HP SimplePass 2011\\TrueSuiteService.exe"
            },
            {
                "name": "NisSrv.exe",
                "name_parent": "",
                "pid": 4640,
                "path": "C:\\Program Files\\Windows Defender\\NisSrv.exe",
                "command_line": "",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "sihost.exe",
                "name_parent": "svchost.exe",
                "pid": 4672,
                "path": "C:\\Windows\\System32\\sihost.exe",
                "command_line": "sihost.exe",
                "pid_parent": 420,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "taskhostw.exe",
                "name_parent": "svchost.exe",
                "pid": 4860,
                "path": "C:\\Windows\\System32\\taskhostw.exe",
                "command_line": "taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}",
                "pid_parent": 420,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "BioMonitor.exe",
                "name_parent": "svchost.exe",
                "pid": 752,
                "path": "C:\\Program Files (x86)\\HP SimplePass 2011\\BioMonitor.exe",
                "command_line": "\"C:\\Program Files (x86)\\HP SimplePass 2011\\BioMonitor.exe\" -Embedding",
                "pid_parent": 844,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "explorer.exe",
                "name_parent": "",
                "pid": 4880,
                "path": "C:\\Windows\\explorer.exe",
                "command_line": "C:\\WINDOWS\\Explorer.EXE",
                "pid_parent": 2068,
                "path_parent": ""
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 4352,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "WmiPrvSE.exe",
                "name_parent": "svchost.exe",
                "pid": 5444,
                "path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
                "command_line": "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe",
                "pid_parent": 844,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "unsecapp.exe",
                "name_parent": "svchost.exe",
                "pid": 5932,
                "path": "C:\\Windows\\System32\\wbem\\unsecapp.exe",
                "command_line": "C:\\WINDOWS\\system32\\wbem\\unsecapp.exe -Embedding",
                "pid_parent": 844,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "ShellExperienceHost.exe",
                "name_parent": "svchost.exe",
                "pid": 5732,
                "path": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe",
                "command_line": "\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca",
                "pid_parent": 844,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "SearchIndexer.exe",
                "name_parent": "",
                "pid": 4988,
                "path": "C:\\Windows\\System32\\SearchIndexer.exe",
                "command_line": "C:\\WINDOWS\\system32\\SearchIndexer.exe /Embedding",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "RuntimeBroker.exe",
                "name_parent": "svchost.exe",
                "pid": 5364,
                "path": "C:\\Windows\\System32\\RuntimeBroker.exe",
                "command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
                "pid_parent": 844,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "SearchUI.exe",
                "name_parent": "svchost.exe",
                "pid": 4144,
                "path": "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe",
                "command_line": "\"C:\\WINDOWS\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca",
                "pid_parent": 844,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "YCMMirage.exe",
                "name_parent": "svchost.exe",
                "pid": 5172,
                "path": "C:\\Program Files (x86)\\Hewlett-Packard\\Media\\Webcam\\YCMMirage.exe",
                "command_line": "\"C:\\Program Files (x86)\\Hewlett-Packard\\Media\\Webcam\\YCMMirage.exe\"",
                "pid_parent": 420,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "TabTip.exe",
                "name_parent": "svchost.exe",
                "pid": 5400,
                "path": "C:\\Program Files\\Common Files\\microsoft shared\\ink\\TabTip.exe",
                "command_line": "/QuitInfo:0000000000000734;0000000000000B9C;  ",
                "pid_parent": 452,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "TabTip32.exe",
                "name_parent": "TabTip.exe",
                "pid": 2600,
                "path": "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\Ink\\TabTip32.exe",
                "command_line": "/loadhooks /Parent:0000000000001518",
                "pid_parent": 5400,
                "path_parent": "C:\\Program Files\\Common Files\\microsoft shared\\ink\\TabTip.exe"
            },
            {
                "name": "SettingSyncHost.exe",
                "name_parent": "svchost.exe",
                "pid": 648,
                "path": "C:\\Windows\\System32\\SettingSyncHost.exe",
                "command_line": "C:\\WINDOWS\\system32\\SettingSyncHost.exe -Embedding",
                "pid_parent": 844,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "sttray64.exe",
                "name_parent": "explorer.exe",
                "pid": 2328,
                "path": "C:\\Program Files\\IDT\\WDM\\sttray64.exe",
                "command_line": "\"C:\\Program Files\\IDT\\WDM\\sttray64.exe\" ",
                "pid_parent": 4880,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "beats64.exe",
                "name_parent": "explorer.exe",
                "pid": 6524,
                "path": "C:\\Program Files\\IDT\\WDM\\beats64.exe",
                "command_line": "\"C:\\Program Files\\IDT\\WDM\\beats64.exe\" ",
                "pid_parent": 4880,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "hpsysdrv.exe",
                "name_parent": "explorer.exe",
                "pid": 6948,
                "path": "C:\\Program Files (x86)\\Hewlett-Packard\\HP Odometer\\hpsysdrv.exe",
                "command_line": "\"C:\\Program Files (x86)\\Hewlett-Packard\\HP Odometer\\hpsysdrv.exe\" ",
                "pid_parent": 4880,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "igfxtray.exe",
                "name_parent": "explorer.exe",
                "pid": 6200,
                "path": "C:\\Windows\\System32\\igfxtray.exe",
                "command_line": "\"C:\\Windows\\System32\\igfxtray.exe\" ",
                "pid_parent": 4880,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "hkcmd.exe",
                "name_parent": "explorer.exe",
                "pid": 6492,
                "path": "C:\\Windows\\System32\\hkcmd.exe",
                "command_line": "\"C:\\Windows\\System32\\hkcmd.exe\" ",
                "pid_parent": 4880,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "igfxpers.exe",
                "name_parent": "explorer.exe",
                "pid": 7068,
                "path": "C:\\Windows\\System32\\igfxpers.exe",
                "command_line": "\"C:\\Windows\\System32\\igfxpers.exe\" ",
                "pid_parent": 4880,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "iTunesHelper.exe",
                "name_parent": "explorer.exe",
                "pid": 6340,
                "path": "C:\\Program Files\\iTunes\\iTunesHelper.exe",
                "command_line": "\"C:\\Program Files\\iTunes\\iTunesHelper.exe\" ",
                "pid_parent": 4880,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "Greenshot.exe",
                "name_parent": "explorer.exe",
                "pid": 6768,
                "path": "C:\\Program Files\\Greenshot\\Greenshot.exe",
                "command_line": "\"C:\\Program Files\\Greenshot\\Greenshot.exe\" ",
                "pid_parent": 4880,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "OneDrive.exe",
                "name_parent": "explorer.exe",
                "pid": 3888,
                "path": "C:\\Users\\pibert\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe",
                "command_line": "\"C:\\Users\\pibert\\AppData\\Local\\Microsoft\\OneDrive\\OneDrive.exe\" /background",
                "pid_parent": 4880,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "MpCmdRun.exe",
                "name_parent": "",
                "pid": 6564,
                "path": "C:\\Program Files\\Windows Defender\\MpCmdRun.exe",
                "command_line": "\"C:\\Program Files\\Windows Defender\\MpCmdRun.exe\" SpyNetServiceDss -RestrictPrivileges -AccessKey 05D55CCC-08E0-58A3-62B6-5BC882E26885 -Reinvoke",
                "pid_parent": 6624,
                "path_parent": ""
            },
            {
                "name": "qbupdate.exe",
                "name_parent": "explorer.exe",
                "pid": 7128,
                "path": "C:\\Program Files (x86)\\Common Files\\Intuit\\QuickBooks\\QBUpdate\\qbupdate.exe",
                "command_line": "\"C:\\Program Files (x86)\\Common Files\\Intuit\\QuickBooks\\QBUpdate\\qbupdate.exe\" ",
                "pid_parent": 4880,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "iPodService.exe",
                "name_parent": "",
                "pid": 6716,
                "path": "C:\\Program Files\\iPod\\bin\\iPodService.exe",
                "command_line": "\"C:\\Program Files\\iPod\\bin\\iPodService.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "QBW32.EXE",
                "name_parent": "explorer.exe",
                "pid": 3580,
                "path": "C:\\Program Files (x86)\\Intuit\\QuickBooks 2015\\QBW32.EXE",
                "command_line": "\"C:\\Program Files (x86)\\Intuit\\QuickBooks 2015\\QBW32.EXE\" -silent",
                "pid_parent": 4880,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "csisyncclient.exe",
                "name_parent": "",
                "pid": 4736,
                "path": "C:\\Program Files\\Microsoft Office 15\\root\\vfs\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE15\\CSISYNCCLIENT.EXE",
                "command_line": "\"C:\\Program Files\\Microsoft Office 15\\Root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE15\\CSISYNCCLIENT.EXE\" \"C:\\Program Files\\Microsoft Office 15\\Root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE15\\CSISYNCCLIENT.EXE\" -Embedding",
                "pid_parent": 6936,
                "path_parent": ""
            },
            {
                "name": "hpwuschd2.exe",
                "name_parent": "",
                "pid": 6708,
                "path": "C:\\Program Files (x86)\\Hp\\HP Software Update\\hpwuschd2.exe",
                "command_line": "\"C:\\Program Files (x86)\\Hp\\HP Software Update\\hpwuschd2.exe\" ",
                "pid_parent": 908,
                "path_parent": ""
            },
            {
                "name": "OSDManager.exe",
                "name_parent": "dtsrvc.exe",
                "pid": 7280,
                "path": "C:\\Program Files (x86)\\Hewlett-Packard\\HP My Display TouchSmart Edition\\OSDManager.exe",
                "command_line": "-dumy",
                "pid_parent": 2456,
                "path_parent": "C:\\Program Files (x86)\\Common Files\\Portrait Displays\\Shared\\DTSRVC.exe"
            },
            {
                "name": "BrCtrlCntr.exe",
                "name_parent": "",
                "pid": 7432,
                "path": "C:\\Program Files (x86)\\ControlCenter4\\BrCtrlCntr.exe",
                "command_line": "-BootProc",
                "pid_parent": 7332,
                "path_parent": ""
            },
            {
                "name": "BrStMonW.exe",
                "name_parent": "",
                "pid": 7232,
                "path": "C:\\Program Files (x86)\\Browny02\\Brother\\BrStMonW.exe",
                "command_line": "\"C:\\Program Files (x86)\\Browny02\\Brother\\BrStMonW.exe\" /AUTORUN",
                "pid_parent": 908,
                "path_parent": ""
            },
            {
                "name": "BrYNSvc.exe",
                "name_parent": "",
                "pid": 2952,
                "path": "C:\\Program Files (x86)\\Browny02\\BrYNSvc.exe",
                "command_line": "\"C:\\Program Files (x86)\\Browny02\\BrYNSvc.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "BrotherHelp.exe",
                "name_parent": "",
                "pid": 7292,
                "path": "C:\\Program Files (x86)\\Brother\\Brother Help\\BrotherHelp.exe",
                "command_line": "\"C:\\Program Files (x86)\\Brother\\Brother Help\\BrotherHelp.exe\" /AUTORUN",
                "pid_parent": 908,
                "path_parent": ""
            },
            {
                "name": "BrCcUxSys.exe",
                "name_parent": "BrCtrlCntr.exe",
                "pid": 7796,
                "path": "C:\\Program Files (x86)\\ControlCenter4\\BrCcUxSys.exe",
                "command_line": "-BootProc",
                "pid_parent": 7432,
                "path_parent": "C:\\Program Files (x86)\\ControlCenter4\\BrCtrlCntr.exe"
            },
            {
                "name": "ApplicationFrameHost.exe",
                "name_parent": "svchost.exe",
                "pid": 7248,
                "path": "C:\\Windows\\System32\\ApplicationFrameHost.exe",
                "command_line": "C:\\WINDOWS\\system32\\ApplicationFrameHost.exe -Embedding",
                "pid_parent": 844,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "",
                "pid": 2468,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\WINDOWS\\system32\\svchost.exe -k UnistackSvcGroup",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "HPSA_Service.exe",
                "name_parent": "",
                "pid": 7156,
                "path": "C:\\Program Files (x86)\\Hewlett-Packard\\HP Support Framework\\HPSA_Service.exe",
                "command_line": "\"C:\\Program Files (x86)\\Hewlett-Packard\\HP Support Framework\\hpsa_service.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "InputPersonalization.exe",
                "name_parent": "svchost.exe",
                "pid": 7048,
                "path": "C:\\Program Files\\Common Files\\microsoft shared\\ink\\InputPersonalization.exe",
                "command_line": "\"C:\\Program Files\\Common Files\\Microsoft Shared\\Ink\\InputPersonalization.exe\"",
                "pid_parent": 420,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "LMS.exe",
                "name_parent": "",
                "pid": 3656,
                "path": "C:\\Program Files (x86)\\Intel\\Intel® Management Engine Components\\LMS\\LMS.exe",
                "command_line": "\"C:\\Program Files (x86)\\Intel\\Intel® Management Engine Components\\LMS\\LMS.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "MicrosoftEdge.exe",
                "name_parent": "svchost.exe",
                "pid": 7988,
                "path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdge.exe",
                "command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdge.exe\" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca",
                "pid_parent": 844,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "browser_broker.exe",
                "name_parent": "svchost.exe",
                "pid": 5332,
                "path": "C:\\Windows\\System32\\browser_broker.exe",
                "command_line": "C:\\WINDOWS\\system32\\browser_broker.exe -Embedding",
                "pid_parent": 844,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "MicrosoftEdgeCP.exe",
                "name_parent": "RuntimeBroker.exe",
                "pid": 3036,
                "path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe",
                "command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\microsoftedgecp.exe\" SCODEF:7988 CREDAT:140545 EDGEHOST  /prefetch:6",
                "pid_parent": 5364,
                "path_parent": "C:\\Windows\\System32\\RuntimeBroker.exe"
            },
            {
                "name": "UNS.exe",
                "name_parent": "",
                "pid": 3412,
                "path": "C:\\Program Files (x86)\\Intel\\Intel® Management Engine Components\\UNS\\UNS.exe",
                "command_line": "\"C:\\Program Files (x86)\\Intel\\Intel® Management Engine Components\\UNS\\UNS.exe\"",
                "pid_parent": 652,
                "path_parent": ""
            },
            {
                "name": "audiodg.exe",
                "name_parent": "svchost.exe",
                "pid": 5944,
                "path": "C:\\Windows\\System32\\audiodg.exe",
                "command_line": "",
                "pid_parent": 504,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "Microsoft.Photos.exe",
                "name_parent": "svchost.exe",
                "pid": 4580,
                "path": "C:\\Program Files\\WindowsApps\\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\\Microsoft.Photos.exe",
                "command_line": "\"C:\\Program Files\\WindowsApps\\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\\Microsoft.Photos.exe\" -ServerName:App.AppXzst44mncqdg84v7sv6p7yznqwssy6f7f.mca",
                "pid_parent": 844,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "SearchProtocolHost.exe",
                "name_parent": "SearchIndexer.exe",
                "pid": 416,
                "path": "C:\\Windows\\System32\\SearchProtocolHost.exe",
                "command_line": "\"C:\\WINDOWS\\system32\\SearchProtocolHost.exe\" Global\\UsGthrFltPipeMssGthrPipe6_ Global\\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 \"Software\\Microsoft\\Windows Search\" \"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)\" \"C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\usgthrsvc\" \"DownLevelDaemon\" ",
                "pid_parent": 4988,
                "path_parent": "C:\\Windows\\System32\\SearchIndexer.exe"
            },
            {
                "name": "SearchFilterHost.exe",
                "name_parent": "SearchIndexer.exe",
                "pid": 2428,
                "path": "C:\\Windows\\System32\\SearchFilterHost.exe",
                "command_line": "\"C:\\WINDOWS\\system32\\SearchFilterHost.exe\" 0 612 620 628 8192 624 ",
                "pid_parent": 4988,
                "path_parent": "C:\\Windows\\System32\\SearchIndexer.exe"
            },
            {
                "name": "RogueKiller.exe",
                "name_parent": "browser_broker.exe",
                "pid": 4196,
                "path": "C:\\Users\\pibert\\Downloads\\RogueKiller.exe",
                "command_line": "\"C:\\Users\\pibert\\Downloads\\RogueKiller.exe\" ",
                "pid_parent": 5332,
                "path_parent": "C:\\Windows\\System32\\browser_broker.exe"
            },
            {
                "name": "MusNotification.exe",
                "name_parent": "svchost.exe",
                "pid": 432,
                "path": "",
                "command_line": "",
                "pid_parent": 420,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "LaunchWinApp.exe",
                "name_parent": "RogueKiller.exe",
                "pid": 4800,
                "path": "",
                "command_line": "",
                "pid_parent": 4196,
                "path_parent": "C:\\Users\\pibert\\Downloads\\RogueKiller.exe"
            }
        ]
    },
    "results": {
        "processes": [],
        "modules": [],
        "services": [],
        "registry": [],
        "tasks": [],
        "filesystem": [],
        "hosts": {
            "is_too_big": false,
            "lines": []
        },
        "antirootkit": {
            "is_driver_loaded": false,
            "driver_error": 3221226347,
            "results": []
        },
        "web_browsers": [],
        "disk": {
            "results": [],
            "mbr": "+++++ PhysicalDrive0: ST31000524AS +++++\n--- User ---\n[MBR] 3d271ba4dc8a1389900ae27344e961e5\n[BSP] 7a5136529516b0c59cc9e119ebe73ec2 : Windows Vista/7/8|VT.Unknown MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 938135 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1921507328 | Size: 450 MB\n3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1922428928 | Size: 15182 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n"
        }
    }
}​
 
 
 

JRT:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 10 Home x64
Ran by pibert on Wed 10/14/2015 at 12:27:34.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 

~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome



#5 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:59 PM

Posted 16 October 2015 - 10:45 AM

Hi DshnRob.

 

Good to hear that.  :thumbsup: Now I will cleanup some potential problems.

 

 

We need to remove programs using "Programs and Features"

Open Computer and click on the "Computer" tab, then click on Uninstall or Change a Program.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking the below entries and selecting "Remove":

HP Games

Additional instructions can be found here if needed.

 

--------------------

 

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   2KB   2 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

After the fix has been completed, please create a new FRST log for me.

(Please select "addition.txt" additional scan option and post both FRST.txt and addition.txt.)

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#6 DshnRob

DshnRob
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 16 October 2015 - 10:23 PM

Hi Sirawit,

 

I ran the FRST Tool with the fixlist, but midway through the process the FRST tool locks up.  Specifically, it is the C:\Users\...\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\temp directory.  I get a Not Responding with the tool.  I tried rerunning in Safe mode but no go, same result.

 

Is there anything else I can try?

 

Please let me know.

 

Thanks,

-DshnRob



#7 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:59 PM

Posted 17 October 2015 - 11:41 AM

OK. I will look into it and reply to you as soon as possible.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#8 DshnRob

DshnRob
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 18 October 2015 - 07:08 AM

Sirawit,

 

I also noticed that now my Edge browser starts out fine upon boot up but then gets progressively slower to the point it becomes non-responsive  (Not Responding).  I am wondering if something still resides on my PC?

 

Please let me know if you need for me to try anything additional.

 

Thanks again for your assistance in this matter.

-DshnRob



#9 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:59 PM

Posted 18 October 2015 - 11:43 AM

Hi DshnRob.

 

Please try running the fix again with this script. It should complete successfully. Don't forget to post fixlog.txt.

 

Attached File  fixlist.txt   1.99KB   1 downloads

 

----------------------

 

After that, please download TFC and run it as administrator.

 

Then, close all other programs and press the Start button. The program will take sometime to finish. It will show you amount of Temp files it cleaned out when it finished. If it ask you to restart the computer, please do it. If restart is not required, press the Exit button.

 

-----------------------

 

Please create a new FRST log for me too.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#10 DshnRob

DshnRob
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 19 October 2015 - 05:27 AM

Hi Sirawit,

 

I was able to run the new fixlist script and then ran the TFC application.  Here's the fixlist log contents:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-10-2015
Ran by pibert (2015-10-19 05:03:08) Run:7
Running from C:\Users\pibert\Desktop
Loaded Profiles: pibert (Available Profiles: pibert & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [540672 2015-04-19] (Greenshot)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
Task: {097C2E7C-AC86-4070-AE7B-53F357EF9AEB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {30636FA5-EC30-4EC3-9FB0-DA5683DC0BFB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {755E73F2-3B07-446A-9A28-30FEEB0A5265} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {94505C92-4DBA-4CF1-97FE-0C6B8ED8B760} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B4FEA4B9-9A90-4B52-982F-82DED2FF7CBA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C4647CE4-27BA-4A95-A44B-0B7626F7FE71} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C498688D-6025-437E-A860-63FEFFD337ED} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E96A1122-DE29-4953-9E70-5982623A6765} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Greenshot => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PDF Complete => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ControlCenter4 => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BrStsMon00 => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BrHelp => value not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{097C2E7C-AC86-4070-AE7B-53F357EF9AEB} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30636FA5-EC30-4EC3-9FB0-DA5683DC0BFB} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{755E73F2-3B07-446A-9A28-30FEEB0A5265} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94505C92-4DBA-4CF1-97FE-0C6B8ED8B760} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4FEA4B9-9A90-4B52-982F-82DED2FF7CBA} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4647CE4-27BA-4A95-A44B-0B7626F7FE71} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C498688D-6025-437E-A860-63FEFFD337ED} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E96A1122-DE29-4953-9E70-5982623A6765} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found.
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => not found.
 

The system needed a reboot.
 
==== End of Fixlog 05:03:48 ====
 
I also ran another FRST log and additions log which I post at the end of this email.  I still sense some sluggishness while bringing up the Microsoft edge browser.  Please let me know what else you require of me.
 
Thank you again for your efforts in this matter.
-DshnRob
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015
Ran by pibert (administrator) on PIBERT-HP (19-10-2015 05:20:32)
Running from C:\Users\pibert\Desktop
Loaded Profiles: pibert (Available Profiles: pibert & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-06-17] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-09-29] (Intuit Inc. All rights reserved.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-07-30]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-07-30]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-07-30]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{44aeddc4-12ee-4a98-b559-b24c65562f66}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{9c881b6e-e56c-454c-a496-1321a1dd7400}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-1429684805-3901036955-522432100-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-1429684805-3901036955-522432100-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {856085A5-39A2-4ACD-A416-CE9C2BE54E56} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1429684805-3901036955-522432100-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1429684805-3901036955-522432100-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll [2011-06-09] (HP)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll [2011-06-09] (HP)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2014-09-29] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-07-30] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2015-07-10] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
 
Chrome:
=======
CHR Profile: C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-30]
CHR Extension: (Google Docs) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-30]
CHR Extension: (Google Drive) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-30]
CHR Extension: (YouTube) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-30]
CHR Extension: (Google Search) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-30]
CHR Extension: (Google Docs Offline) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-17]
CHR Extension: (Website Logon) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe [2015-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05]
CHR Extension: (Gmail) - C:\Users\pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-30]
CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-06-17] (Portrait Displays, Inc.)
R2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-07-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-09-29] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-09-29] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-09-29] (Intuit Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-07-30] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-07-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-10-04] (Emsisoft GmbH)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-07-30] (Microsoft Corporation)
R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2512016 2015-07-10] (MediaTek Inc.)
R3 NWVoltron; C:\Windows\System32\drivers\NWVoltron.sys [28920 2015-07-30] ()
S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-23] (n/a)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-05-28] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-04] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-19 05:20 - 2015-10-19 05:21 - 00016584 _____ C:\Users\pibert\Desktop\FRST.txt
2015-10-19 05:06 - 2015-10-19 05:06 - 00016148 _____ C:\WINDOWS\system32\PIBERT-HP_pibert_HistoryPrediction.bin
2015-10-19 05:02 - 2015-10-19 05:02 - 00448512 _____ (OldTimer Tools) C:\Users\pibert\Downloads\TFC (1).exe
2015-10-19 05:02 - 2015-10-19 05:02 - 00448512 _____ (OldTimer Tools) C:\Users\pibert\Desktop\TFC (1).exe
2015-10-19 05:01 - 2015-10-19 05:01 - 00002033 _____ C:\Users\pibert\Downloads\fixlist (1).txt
2015-10-19 04:44 - 2015-10-19 04:44 - 00000000 ___HD C:\OneDriveTemp
2015-10-16 22:12 - 2015-10-16 20:42 - 00002045 _____ C:\Users\pibert\Downloads\fixlist.txt
2015-10-16 22:11 - 2015-10-16 22:11 - 02196480 _____ (Farbar) C:\Users\pibert\Downloads\FRST64 (1).exe
2015-10-16 22:07 - 2015-10-16 22:08 - 01699840 _____ (Farbar) C:\Users\pibert\Downloads\FRST_exe (2)
2015-10-16 22:07 - 2015-10-16 22:07 - 00000000 _____ C:\Users\pibert\Downloads\FRST_exe.wc4joau.partial
2015-10-16 22:07 - 2015-10-16 22:07 - 00000000 _____ C:\Users\pibert\Downloads\FRST_exe (1).p0mdllz.partial
2015-10-16 21:52 - 2015-10-16 21:52 - 00448512 _____ (OldTimer Tools) C:\Users\pibert\Downloads\TFC.exe
2015-10-16 20:44 - 2015-10-19 05:03 - 00000000 ____D C:\Users\pibert\Desktop\FRST-OlderVersion
2015-10-14 12:30 - 2015-10-14 12:30 - 00001069 _____ C:\Users\pibert\Desktop\JRT.txt
2015-10-14 12:23 - 2015-10-04 15:00 - 00044762 _____ C:\Users\pibert\Documents\RKreport_SCN_10042015_150019.json
2015-10-14 12:19 - 2015-10-16 21:35 - 00002196 _____ C:\Users\pibert\Desktop\Rkill.txt
2015-10-14 12:17 - 2015-10-14 12:26 - 00096648 _____ C:\Users\pibert\Desktop\responsevirus.txt
2015-10-13 18:01 - 2015-10-10 01:40 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-13 18:01 - 2015-10-10 01:07 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-13 18:01 - 2015-10-05 22:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-13 18:01 - 2015-10-05 21:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-13 18:01 - 2015-09-30 23:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-13 18:01 - 2015-09-30 23:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-13 18:01 - 2015-09-30 23:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-13 18:01 - 2015-09-30 23:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-13 18:01 - 2015-09-24 23:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-13 18:01 - 2015-09-24 23:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-13 18:01 - 2015-09-24 22:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-13 18:01 - 2015-09-24 22:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-13 18:01 - 2015-09-24 22:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-13 18:01 - 2015-09-24 22:17 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-13 18:01 - 2015-09-24 22:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-13 18:01 - 2015-09-24 22:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-13 18:01 - 2015-09-24 22:04 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-13 18:01 - 2015-09-24 22:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-13 18:01 - 2015-09-24 22:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-13 18:01 - 2015-09-24 22:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-13 18:01 - 2015-09-24 22:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-13 18:01 - 2015-09-24 22:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-13 18:01 - 2015-09-24 22:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-13 18:01 - 2015-09-24 22:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-13 18:01 - 2015-09-24 22:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-13 18:01 - 2015-09-24 22:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-13 18:01 - 2015-09-24 22:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-13 18:01 - 2015-09-24 22:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-13 18:01 - 2015-09-24 21:59 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-13 18:01 - 2015-09-24 21:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-13 18:01 - 2015-09-24 21:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-13 18:01 - 2015-09-24 21:48 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-13 18:01 - 2015-09-24 21:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-13 18:01 - 2015-09-24 21:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-13 18:01 - 2015-09-24 21:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-13 18:01 - 2015-09-24 21:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-13 18:01 - 2015-09-24 21:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-13 18:01 - 2015-09-24 21:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-13 18:01 - 2015-09-24 21:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-13 18:01 - 2015-09-24 21:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-13 18:01 - 2015-09-24 21:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-13 18:01 - 2015-09-24 21:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-13 18:01 - 2015-09-24 21:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-13 18:01 - 2015-09-24 21:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-13 18:01 - 2015-09-24 21:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-13 18:00 - 2015-10-10 02:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-13 18:00 - 2015-09-30 23:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-13 18:00 - 2015-09-30 22:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-13 18:00 - 2015-09-24 22:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-13 18:00 - 2015-09-24 22:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-13 18:00 - 2015-09-24 22:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-13 18:00 - 2015-09-24 22:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-13 18:00 - 2015-09-24 22:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-13 18:00 - 2015-09-24 22:02 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-13 18:00 - 2015-09-24 21:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-13 18:00 - 2015-09-24 21:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-13 18:00 - 2015-09-24 21:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-13 18:00 - 2015-09-24 21:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-13 18:00 - 2015-09-24 21:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-13 18:00 - 2015-09-24 21:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-13 18:00 - 2015-09-24 21:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-13 18:00 - 2015-09-24 21:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-13 18:00 - 2015-09-24 21:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-13 18:00 - 2015-09-24 21:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-13 18:00 - 2015-09-24 21:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-13 04:40 - 2015-10-16 21:51 - 00000000 ____D C:\Users\pibert\AppData\Local\CrashDumps
2015-10-09 16:24 - 2015-10-09 16:25 - 00000133 _____ C:\Users\pibert\Desktop\Rainbow_Joseph_Website.url
2015-10-08 20:53 - 2015-10-19 05:03 - 02196992 _____ (Farbar) C:\Users\pibert\Desktop\FRST64.exe
2015-10-04 15:27 - 2015-10-04 15:27 - 00014036 _____ C:\Users\pibert\Downloads\hijackthis.log
2015-10-04 15:26 - 2015-10-04 15:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\pibert\Downloads\HijackThis.exe
2015-10-04 15:06 - 2015-10-08 20:59 - 00041976 _____ C:\Users\pibert\Downloads\Addition.txt
2015-10-04 15:05 - 2015-10-19 05:20 - 00000000 ____D C:\FRST
2015-10-04 15:05 - 2015-10-08 20:59 - 00062117 _____ C:\Users\pibert\Downloads\FRST.txt
2015-10-04 15:04 - 2015-10-04 15:05 - 02193920 _____ (Farbar) C:\Users\pibert\Downloads\FRST64.exe
2015-10-04 15:03 - 2015-10-04 15:03 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\pibert\Downloads\FixExec.exe
2015-10-04 14:48 - 2015-10-04 15:00 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-04 14:48 - 2015-10-04 14:48 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-04 14:44 - 2015-10-04 14:48 - 18801736 _____ C:\Users\pibert\Downloads\RogueKiller.exe
2015-10-04 14:20 - 2015-10-04 14:20 - 00000000 ____D C:\Users\pibert\Desktop\rkill
2015-10-04 14:19 - 2015-10-04 14:19 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\pibert\Desktop\rkill.exe
2015-10-04 12:16 - 2015-10-08 17:22 - 00000786 _____ C:\Users\pibert\Desktop\Start Emsisoft Emergency Kit.lnk
2015-10-04 12:16 - 2015-10-08 17:22 - 00000000 ____D C:\EEK
2015-10-04 12:04 - 2015-10-04 12:16 - 167856392 _____ C:\Users\pibert\Downloads\EmsisoftEmergencyKit.exe
2015-10-04 09:01 - 2015-10-04 09:01 - 02870984 _____ (ESET) C:\Users\pibert\Downloads\esetsmartinstaller_enu.exe
2015-10-04 09:01 - 2015-10-04 09:01 - 00000000 ____D C:\Program Files (x86)\ESET
2015-10-04 08:13 - 2015-10-04 08:13 - 00000000 ____D C:\WINDOWS\pss
2015-10-04 07:21 - 2015-10-04 07:23 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\pibert\Desktop\unhide.exe
2015-10-04 07:20 - 2015-10-04 07:20 - 01801288 _____ (Malwarebytes) C:\Users\pibert\Desktop\JRT.exe
2015-10-02 20:55 - 2015-10-02 20:55 - 04945408 _____ C:\Users\pibert\Desktop\Krewe of Olympus - Texas, Inc. 20112012i (Portable).QBM
2015-10-01 17:30 - 2015-10-04 17:48 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-01 17:16 - 2015-09-17 01:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-01 17:16 - 2015-09-17 01:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-01 17:16 - 2015-09-17 01:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-01 17:16 - 2015-09-17 01:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-01 17:16 - 2015-09-17 01:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-01 17:16 - 2015-09-17 01:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-01 17:16 - 2015-09-17 01:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-01 17:16 - 2015-09-17 01:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-01 17:16 - 2015-09-17 01:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-01 17:16 - 2015-09-17 01:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-01 17:16 - 2015-09-17 01:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-01 17:16 - 2015-09-17 01:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-01 17:16 - 2015-09-17 01:47 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-01 17:16 - 2015-09-17 01:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-01 17:16 - 2015-09-17 01:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-01 17:16 - 2015-09-17 01:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-01 17:16 - 2015-09-17 01:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-01 17:16 - 2015-09-17 01:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-01 17:16 - 2015-09-17 01:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-01 17:16 - 2015-09-17 01:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-01 17:16 - 2015-09-17 01:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-01 17:16 - 2015-09-17 01:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-01 17:16 - 2015-09-17 01:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-01 17:16 - 2015-09-17 01:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-01 17:16 - 2015-09-17 01:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-01 17:16 - 2015-09-17 01:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-01 17:16 - 2015-09-17 01:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-01 17:16 - 2015-09-17 01:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-01 17:16 - 2015-09-17 01:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-01 17:16 - 2015-09-17 01:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-01 17:16 - 2015-09-17 01:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-01 17:16 - 2015-09-17 01:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-01 17:16 - 2015-09-17 01:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-01 17:16 - 2015-09-17 01:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-01 17:16 - 2015-09-17 01:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-01 17:16 - 2015-09-17 01:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-01 17:16 - 2015-09-17 01:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-01 17:16 - 2015-09-17 01:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-01 17:16 - 2015-09-17 01:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-01 17:16 - 2015-09-17 01:00 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-01 17:16 - 2015-09-17 01:00 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-01 17:16 - 2015-09-17 00:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-01 17:16 - 2015-09-17 00:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-01 17:16 - 2015-09-17 00:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-01 17:16 - 2015-09-17 00:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-01 17:16 - 2015-09-17 00:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-01 17:16 - 2015-09-17 00:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-01 17:16 - 2015-09-17 00:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-01 17:16 - 2015-09-17 00:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-01 17:16 - 2015-09-17 00:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-01 17:16 - 2015-09-17 00:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-01 17:16 - 2015-09-17 00:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-01 17:16 - 2015-09-17 00:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-01 17:16 - 2015-09-17 00:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-01 17:16 - 2015-09-17 00:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-01 17:16 - 2015-09-17 00:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-01 17:16 - 2015-09-17 00:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-01 17:16 - 2015-09-17 00:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-01 17:16 - 2015-09-17 00:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-01 17:16 - 2015-09-17 00:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-01 17:16 - 2015-09-17 00:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-01 17:16 - 2015-09-17 00:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-01 17:16 - 2015-09-17 00:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-01 17:16 - 2015-09-17 00:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-01 17:16 - 2015-09-17 00:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-01 17:16 - 2015-09-17 00:51 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-01 17:16 - 2015-09-17 00:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-01 17:16 - 2015-09-17 00:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-01 17:16 - 2015-09-17 00:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-01 17:16 - 2015-09-17 00:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-01 17:16 - 2015-09-17 00:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-01 17:16 - 2015-09-17 00:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-01 17:16 - 2015-09-17 00:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-01 17:16 - 2015-09-17 00:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-01 17:16 - 2015-09-17 00:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-01 17:16 - 2015-09-17 00:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-01 17:16 - 2015-09-17 00:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-01 17:16 - 2015-09-17 00:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-01 17:16 - 2015-09-17 00:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-01 17:16 - 2015-09-17 00:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-01 17:16 - 2015-09-17 00:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-01 17:16 - 2015-09-17 00:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-01 17:16 - 2015-09-17 00:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-01 17:16 - 2015-09-17 00:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-01 17:16 - 2015-09-17 00:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-01 17:16 - 2015-09-17 00:45 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-01 17:16 - 2015-09-17 00:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-01 17:16 - 2015-09-17 00:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-01 17:16 - 2015-09-17 00:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-01 17:16 - 2015-09-17 00:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-01 17:16 - 2015-09-17 00:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-01 17:16 - 2015-09-17 00:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-01 17:16 - 2015-09-17 00:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-01 17:16 - 2015-09-17 00:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-01 17:16 - 2015-09-17 00:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-01 17:16 - 2015-09-17 00:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-01 17:16 - 2015-09-17 00:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-01 17:16 - 2015-09-17 00:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-01 17:16 - 2015-09-17 00:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-01 17:16 - 2015-09-17 00:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-01 17:16 - 2015-09-17 00:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-01 17:16 - 2015-09-17 00:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-01 17:16 - 2015-09-17 00:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-01 17:16 - 2015-09-17 00:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-01 17:16 - 2015-09-17 00:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-01 17:16 - 2015-09-17 00:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-01 17:16 - 2015-09-17 00:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-01 17:16 - 2015-09-17 00:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-01 17:16 - 2015-09-17 00:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-01 17:16 - 2015-09-17 00:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-01 17:16 - 2015-09-17 00:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-01 17:16 - 2015-09-17 00:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-01 17:16 - 2015-09-17 00:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-01 17:16 - 2015-09-17 00:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-01 17:16 - 2015-09-12 21:05 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-01 17:16 - 2015-09-12 20:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-01 17:15 - 2015-09-19 00:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-01 17:15 - 2015-09-17 01:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-01 17:15 - 2015-09-17 01:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-01 17:15 - 2015-09-17 01:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-01 17:15 - 2015-09-17 01:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-01 17:15 - 2015-09-17 01:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-01 17:15 - 2015-09-17 01:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-01 17:15 - 2015-09-17 01:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-01 17:15 - 2015-09-17 01:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-01 17:15 - 2015-09-17 01:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-01 17:15 - 2015-09-17 01:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-01 17:15 - 2015-09-17 01:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-01 17:15 - 2015-09-17 01:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-01 17:15 - 2015-09-17 01:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-01 17:15 - 2015-09-17 01:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-01 17:15 - 2015-09-17 01:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-01 17:15 - 2015-09-17 01:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-01 17:15 - 2015-09-17 01:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-01 17:15 - 2015-09-17 01:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-01 17:15 - 2015-09-17 01:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-01 17:15 - 2015-09-17 01:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-01 17:15 - 2015-09-17 01:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-01 17:15 - 2015-09-17 01:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-01 17:15 - 2015-09-17 01:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-01 17:15 - 2015-09-17 01:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-01 17:15 - 2015-09-17 01:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-01 17:15 - 2015-09-17 00:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-01 17:15 - 2015-09-17 00:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-01 17:15 - 2015-09-17 00:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-01 17:15 - 2015-09-17 00:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-01 17:15 - 2015-09-17 00:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-01 17:15 - 2015-09-17 00:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 17:15 - 2015-09-17 00:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-01 17:15 - 2015-09-17 00:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-01 17:15 - 2015-09-17 00:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-01 17:15 - 2015-09-17 00:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-01 17:15 - 2015-09-17 00:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-01 17:15 - 2015-09-17 00:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-01 17:15 - 2015-09-17 00:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-01 17:15 - 2015-09-17 00:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-01 17:15 - 2015-09-17 00:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-01 17:15 - 2015-09-17 00:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-01 17:15 - 2015-09-17 00:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-01 17:15 - 2015-09-17 00:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-01 17:15 - 2015-09-17 00:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-01 17:15 - 2015-09-17 00:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-01 17:15 - 2015-09-17 00:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-01 17:15 - 2015-09-17 00:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-01 17:15 - 2015-09-17 00:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-01 17:15 - 2015-09-17 00:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-01 17:15 - 2015-09-17 00:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-01 17:15 - 2015-09-17 00:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-01 17:15 - 2015-09-17 00:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-01 17:15 - 2015-09-17 00:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-01 17:15 - 2015-09-17 00:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-01 17:15 - 2015-09-17 00:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-01 17:15 - 2015-09-17 00:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-01 17:15 - 2015-09-17 00:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-01 17:15 - 2015-09-17 00:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-01 17:15 - 2015-09-17 00:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 17:15 - 2015-09-17 00:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-01 17:15 - 2015-09-17 00:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-01 17:15 - 2015-09-17 00:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-09-25 06:33 - 2015-10-17 07:42 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-25 06:33 - 2015-09-25 06:33 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-25 06:33 - 2015-09-25 06:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-25 06:33 - 2015-09-25 06:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-25 06:33 - 2015-09-25 06:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-25 06:33 - 2015-06-18 08:52 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-25 06:33 - 2015-06-18 08:52 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-25 06:33 - 2015-06-18 08:52 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-25 06:32 - 2015-09-25 06:33 - 24345376 _____ (Malwarebytes Corporation ) C:\Users\pibert\Downloads\mbam-setup (1).exe
2015-09-25 06:32 - 2015-09-25 06:32 - 24345376 _____ (Malwarebytes Corporation ) C:\Users\pibert\Downloads\mbam-setup.exe
2015-09-25 06:25 - 2015-09-25 06:25 - 01662976 _____ C:\Users\pibert\Downloads\AdwCleaner (4).exe
2015-09-19 17:27 - 2015-09-19 17:27 - 01662976 _____ C:\Users\pibert\Downloads\AdwCleaner (3).exe
2015-09-19 17:26 - 2015-09-25 06:27 - 00000000 ____D C:\AdwCleaner
2015-09-19 17:23 - 2015-09-19 17:25 - 01662976 _____ C:\Users\pibert\Downloads\AdwCleaner (2).exe
2015-09-19 17:20 - 2015-09-19 17:20 - 01662976 _____ C:\Users\pibert\Downloads\AdwCleaner (1).exe
2015-09-19 17:18 - 2015-09-19 17:19 - 01798976 _____ (Malwarebytes) C:\Users\pibert\Downloads\JRT (5).exe
2015-09-19 17:17 - 2015-09-19 17:17 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\pibert\Downloads\iExplore.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-19 05:15 - 2015-07-30 19:59 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-19 05:10 - 2015-07-30 17:20 - 01005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-19 05:08 - 2015-07-30 17:38 - 00000000 ____D C:\Users\pibert\OneDrive
2015-10-19 05:07 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-19 05:06 - 2015-07-30 19:59 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-19 05:06 - 2015-07-29 19:53 - 00000000 ____D C:\Users\pibert\AppData\LocalLow\AuthenTec
2015-10-19 05:06 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-19 05:05 - 2012-05-28 14:25 - 00000000 ____D C:\ProgramData\PDFC
2015-10-19 05:04 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-19 05:04 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-19 04:52 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-19 04:47 - 2015-07-29 19:56 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{10049D5C-5DFF-430F-B0AE-B123CF71F972}
2015-10-18 06:30 - 2015-07-30 17:17 - 00009142 _____ C:\WINDOWS\PFRO.log
2015-10-18 06:30 - 2012-05-28 14:29 - 00000000 ____D C:\ProgramData\truesuite
2015-10-16 20:46 - 2015-09-11 22:17 - 00000000 ____D C:\Users\pibert\AppData\LocalLow\Temp
2015-10-16 09:16 - 2015-07-30 19:59 - 00002222 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-16 05:49 - 2015-07-30 20:02 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-16 05:48 - 2015-07-30 20:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-16 03:36 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-16 03:31 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-14 13:48 - 2015-07-30 19:02 - 00000000 ____D C:\Users\pibert\Desktop\KreweBiz
2015-10-14 11:58 - 2012-05-28 14:20 - 00000000 ____D C:\Program Files (x86)\HP Games
2015-10-14 11:58 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-14 11:56 - 2012-05-28 14:20 - 00000000 ____D C:\ProgramData\WildTangent
2015-10-11 09:35 - 2015-07-30 17:21 - 00000000 ____D C:\Users\pibert
2015-10-10 19:26 - 2015-08-01 18:05 - 00000000 ____D C:\Users\pibert\AppData\Roaming\Skype
2015-10-10 19:01 - 2015-07-10 07:20 - 00020770 _____ C:\WINDOWS\setupact.log
2015-10-08 17:08 - 2015-08-05 18:15 - 00000166 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-10-08 16:04 - 2015-07-30 18:48 - 00007909 _____ C:\WINDOWS\BRRBCOM.INI
2015-10-06 12:01 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-04 17:48 - 2015-07-29 21:45 - 00243246 ____N C:\WINDOWS\Minidump\100415-20500-01.dmp
2015-10-04 15:19 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-04 15:19 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-04 15:19 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-04 15:19 - 2015-07-10 06:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-04 15:19 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-04 15:19 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-04 15:19 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-04 15:19 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-04 08:57 - 2015-07-30 19:58 - 00000000 ____D C:\Users\pibert\AppData\Local\Google
2015-10-03 13:35 - 2015-07-30 17:36 - 00000000 ____D C:\Users\pibert\AppData\Local\Packages
2015-10-02 12:36 - 2015-07-10 06:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-02 12:36 - 2015-07-10 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-01 17:30 - 2015-07-29 21:45 - 00244654 ____N C:\WINDOWS\Minidump\100115-33390-01.dmp
2015-10-01 17:20 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-30 21:05 - 2015-07-30 19:48 - 00000000 ____D C:\Users\pibert\AppData\Roaming\ControlCenter4
2015-09-30 21:03 - 2015-07-30 18:47 - 00000000 ____D C:\ProgramData\ControlCenter4
2015-09-30 21:02 - 2015-07-30 18:47 - 00000000 ____D C:\Program Files (x86)\ControlCenter4
2015-09-29 16:54 - 2015-07-29 19:56 - 00003814 _____ C:\WINDOWS\System32\Tasks\Registration
2015-09-24 20:35 - 2015-07-30 17:46 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-20 13:16 - 2015-08-15 09:16 - 00000000 ____D C:\Users\pibert\AppData\Local\Greenshot
2015-09-19 17:30 - 2015-07-10 07:20 - 00349432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-19 17:28 - 2015-07-10 08:14 - 00000000 ____D C:\Program Files\Windows Journal
 
==================== Files in the root of some directories =======
 
2012-05-28 14:29 - 2011-06-09 18:44 - 0002792 _____ () C:\Program Files\HP SimplePass 2011
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2015-10-11 07:11
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-10-2015
Ran by pibert (2015-10-19 05:22:09)
Running from C:\Users\pibert\Desktop
Windows 10 Home (X64) (2015-07-30 22:36:06)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-1429684805-3901036955-522432100-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1429684805-3901036955-522432100-503 - Limited - Disabled)
Guest (S-1-5-21-1429684805-3901036955-522432100-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1429684805-3901036955-522432100-1002 - Limited - Enabled)
pibert (S-1-5-21-1429684805-3901036955-522432100-1001 - Administrator - Enabled) => C:\Users\pibert
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{DCC90D9D-4F8D-4A06-9050-ADDB284FF9FA}) (Version: 10.3.181.14 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI (Version: 1.3.0.116 - AuthenTec, Inc.) Hidden
Blio (HKLM-x32\...\{7BCD1A5E-F903-48C9-9CB2-37E5A6FB2111}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J475DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dual Stream 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink)
DVD Menu Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4412 - Hewlett-Packard)
DVD Menu Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook for HP TouchSmart (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
Hewlett-Packard ACLM.NET v1.1.1.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP My Display TouchSmart Edition (HKLM-x32\...\{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}) (Version: 1.04.022 - Portrait Displays, Inc.)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP SimplePass PE 2011 (HKLM-x32\...\{00FF4EB6-6AAC-4E9D-A60A-8F388691BB27}) (Version: 5.3.0.194 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}) (Version: 6.0.5.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP TouchSmart (HKLM-x32\...\{C8EC351F-7A2A-4853-B24B-99EB6F77D8A4}) (Version: 5.0.15.0 - Hewlett-Packard)
HP TouchSmart Ben10 Comic Book Reader (HKLM-x32\...\{9EFD323B-6ADB-4B3A-9253-EA1A75E00F25}_is1) (Version: 4.0.0.0 - Turner Entertainment Networks Asia, Inc.)
HP TouchSmart Browser (HKLM-x32\...\{7561C05C-FE30-4D0E-9B8D-5218734E3986}) (Version: 5.1.4167.12664 - Hewlett-Packard)
HP TouchSmart Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4171.15168 - Hewlett-Packard)
HP TouchSmart Canvas (HKLM-x32\...\{00F15573-18BB-4FAD-A763-F29401609C2F}) (Version: 5.1.4160.26759 - Hewlett-Packard)
HP TouchSmart Clock (HKLM-x32\...\{692D3BE1-0BD9-4B4C-A974-CB2EAEA99304}) (Version: 5.1.3882.1 - Hewlett-Packard)
HP TouchSmart eBay (HKLM-x32\...\{F12C6162-10D4-444A-9182-05CC3DB2456E}) (Version: 1.0.4098.28440 - Hewlett-Packard)
HP TouchSmart Get Updated! (HKLM-x32\...\{2B720998-2E26-4DD6-8AC8-A1FCA4B58384}_is1) (Version: 4.0.0.0 - Turner Entertainment Networks Asia, Inc.)
HP TouchSmart Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4183.22239 - Hewlett-Packard)
HP TouchSmart Paint Blast (HKLM-x32\...\{FBB0C095-4FF0-4AF6-8CD5-A80A390FB101}_is1) (Version: 4.0.0.0 - Turner Entertainment Networks Asia, Inc.)
HP TouchSmart Photo (HKLM-x32\...\InstallShield_{C9DCE03F-8CB7-4146-A99C-0612D75177EA}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP TouchSmart Rss (HKLM-x32\...\{2F1EB600-5E67-4AAA-9D5F-84430CDA4E47}) (Version: 5.1.4170.22458 - Hewlett-Packard)
HP TouchSmart Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - Hewlett-Packard)
HP TouchSmart Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 4.0.0.4 - Hewlett-Packard)
HP TouchSmart Twitter (HKLM-x32\...\{75781594-73D9-4D7B-997F-14D41BF1514D}) (Version: 3.0.4162.32190 - Hewlett-Packard)
HP TouchSmart Video (HKLM-x32\...\InstallShield_{F04BFADD-C8CA-4C86-8F20-B1D7F4F8C66C}) (Version: 4.2.5414 - Hewlett-Packard)
HP TouchSmart Weather (HKLM-x32\...\{52727E8B-5F72-4795-8BEA-4E1FF4BFA0D9}) (Version: 5.1.4184.10337 - Hewlett-Packard)
HP TouchSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.4214 - Hewlett-Packard)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6349.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Movie Theme Pack for HP TouchSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4412 - Hewlett-Packard)
Movie Theme Pack for HP TouchSmart Video (x32 Version: 4.1.4412 - Hewlett-Packard) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 -  NewspaperDirect Inc.)
QuickBooks (x32 Version: 25.0.4003.2506 - Intuit Inc.) Hidden
QuickBooks Pro 2015 (HKLM-x32\...\{8F02EFA1-8F5E-4E47-A6B5-D99E4FE90271}) (Version: 25.0.4003.2506 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.82 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
SDK (x32 Version: 2.26.005 - Portrait Displays, Inc.) Hidden
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== Restore Points =========================
 
09-10-2015 10:45:18 Windows Update
13-10-2015 10:00:59 Windows Update
14-10-2015 12:27:35 JRT Pre-Junkware Removal
16-10-2015 20:46:14 Restore Point Created by FRST
16-10-2015 21:19:54 Restore Point Created by FRST
16-10-2015 21:36:15 Restore Point Created by FRST
16-10-2015 21:58:26 Restore Point Created by FRST
16-10-2015 22:12:18 Restore Point Created by FRST
19-10-2015 05:03:17 Restore Point Created by FRST
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-10-04 15:00 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {200E1F50-7467-4B70-91B7-FFC91158F1AC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2011-05-30] (CyberLink)
Task: {340E7EF2-111D-467E-9072-C7F9554A6EDE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {36190C16-D793-42CB-8452-CF82A990C191} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3BE786D7-54E4-425B-A914-1FE95B730C6C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {3D3F5E47-EDA6-41BF-AA74-15070592DBBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {3DD1646E-E1EE-4C45-BA46-72B6A5CCA87C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {4E67C9B4-7F08-4F71-A845-065360410BC9} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-15] ()
Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {87EBC452-5288-4F98-92EC-A70B79666607} - System32\Tasks\{F89D150F-849C-4B0B-833F-489F14F2B97B} => pcalua.exe -a C:\Users\pibert\Downloads\MFC-J475DW-inst-A1-OCE.EXE -d C:\WINDOWS\system32
Task: {88BEB596-2895-4593-81C3-986F31A9A2AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-06-21] (Hewlett-Packard Company)
Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {93DC042A-3938-45D7-90CE-788D8BC7C5B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-06-21] (Hewlett-Packard Company)
Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {A6A8F7FC-6161-4D74-9CEC-B741C83A5798} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AC6E18A2-447A-4546-9FB4-5BFD7AC44DAA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-30] (Google Inc.)
Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {BE83C688-AD35-4BBD-9BAA-C0E1FC7CA85E} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2015-07-10] (Microsoft Corporation)
Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {D0F09C25-AD6F-43F4-9FE6-1D75AA71F4C6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-11] (Microsoft Corporation)
Task: {D8759F5B-451C-47E6-827E-B7D5C929C55C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {E7CE1BBE-1C80-4239-A192-CD6BF303E98C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {FAD91A9E-DFE0-484B-8972-97B53A2B46FA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-11] (Microsoft Corporation)
Task: {FBB43BB3-9386-40C3-8618-71BF7B67EDA7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-30] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-30 17:45 - 2015-07-14 21:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-19 18:07 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-30 17:46 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-07-30 18:46 - 2005-04-21 23:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 17:16 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-15 20:56 - 2015-08-11 22:15 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-01 17:16 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-01 17:16 - 2015-09-17 00:44 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 17:15 - 2015-09-17 00:42 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 17:15 - 2015-09-17 00:42 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 17:16 - 2015-09-17 00:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-30 17:40 - 2015-07-30 17:40 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 

==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1429684805-3901036955-522432100-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pibert\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 

==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [TCP Query User{45A0B40C-D8E2-4C9F-B0CD-39A9C7ADA3B9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A1194DE8-1586-41B6-924B-C8E06AD6CF18}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{87D5DBA1-D996-4066-A4C8-7EE2F21DDFDB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/19/2015 05:03:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/19/2015 05:03:16 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 

Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {77e500bd-61ed-4104-abe8-d3794d1e2950}
 
Error: (10/18/2015 06:43:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PIBERT-HP)
Description: Activation of app Microsoft.WindowsFeedback_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/17/2015 09:25:25 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 15.1001.16470.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 18c8
 
Start Time: 01d108e6387f1f2c
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
 
Report Id: e5dc74bf-74da-11e5-9bd8-4c72b92ee727
 
Faulting package full name: Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Error: (10/17/2015 09:25:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: PIBERT-HP)
Description: Package Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Error: (10/16/2015 10:24:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64 (1).exe version 16.10.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1424
 
Start Time: 01d10889a0869981
 
Termination Time: 12
 
Application Path: C:\Users\pibert\Downloads\FRST64 (1).exe
 
Report Id: 7f13cc96-747e-11e5-9bd8-4c72b92ee727
 
Faulting package full name:
 
Faulting package-relative application ID:
 
Error: (10/16/2015 10:12:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/16/2015 10:00:39 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.
 
Error: (10/16/2015 09:58:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/16/2015 09:58:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 

Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2f911f06-a6f5-45d8-bd6a-3de13331f5d3}
 

System errors:
=============
Error: (10/19/2015 05:08:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TrueSuiteService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/19/2015 05:05:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058
 
Error: (10/19/2015 05:04:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069
 
Error: (10/19/2015 05:04:17 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (10/19/2015 05:04:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/19/2015 05:04:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/19/2015 05:04:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/19/2015 05:04:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/19/2015 05:03:47 AM) (Source: DCOM) (EventID: 10010) (User: PIBERT-HP)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/19/2015 05:03:47 AM) (Source: DCOM) (EventID: 10010) (User: PIBERT-HP)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 

CodeIntegrity:
===================================
  Date: 2015-10-19 05:22:01.166
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-19 05:22:01.150
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-19 05:03:38.826
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-19 05:03:38.792
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-16 22:11:52.608
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-16 22:11:52.593
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-16 22:11:05.243
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-16 22:11:05.203
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-16 22:08:37.052
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-16 22:08:37.040
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 

==================== Memory info ===========================
 
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 49%
Total physical RAM: 4000.3 MB
Available physical RAM: 2022.36 MB
Total Virtual: 4448.3 MB
Available Virtual: 2323.13 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:916.15 GB) (Free:732.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:14.83 GB) (Free:1.78 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 47133AF5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=916.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 



#11 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:59 PM

Posted 19 October 2015 - 08:27 PM

Hi DshnRob.
 
Let's try clearing cache and cookies in Edge and also checking and optimizing disk fragmentation.
 
Please report back after you've tried those steps. Is anything better?
 
Thank you.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#12 DshnRob

DshnRob
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 20 October 2015 - 04:41 AM

Hello Sirawit,

 

As you requested, I have cleared the Edge Browser cache and cookies, optimized my drive  (which was at 0% defrag) and rebooted.  As I brought up the Edge browser, I put in the url for Yahoo and got a Not Responding.  I also hear my drive in the background really active after the initial boot-up. Finally, I just tried to edit this post in my Edge browser and got no response.  I had to finish up n my Chrome browser.

 

Is there something additional I can try?  Please let me know.

 

Thank you again for all your assistance.

 

-DshnRob


Edited by DshnRob, 20 October 2015 - 04:43 AM.


#13 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:59 PM

Posted 23 October 2015 - 11:53 AM

Hi DshnRob.

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

-------------

 

 

 

Zoek by Smeenk

 

--------------------

  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 3 in the lower box to Perform only a Deep Scan then click OK
  • Wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply

===================================================

 

 

 

 

MBR Dump Using Farbar's Recvovery Scan Tool in the Recovery Environment

 

For this step you will need a USB flash drive.

  • Please download this file to your USB flash drive. >>>>> Attached File  fixlist.txt   16bytes   3 downloads

 

  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool

--------------

 

Entering into the System Recovery Options
Follow the instructions here to boot into the Recovery Environment

----------

Running Farbar's Recovery Scan Tool in System Recovery

  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (mbrdump.txt) on the flash drive. Please attach it to your reply. If you open the file you will not be able to read it.
  • A Fixlog document will also be saved on your USB device. Please copy and paste the contents in your reply

===================================================

 

Please provide these logs for me in your next reply:

 

  • adwcleaner log
  • zoek log
  • ATTACH mbrdump.txt (Use "More reply options" button to add attachment.)

Thank you.


Edited by thcbytes, 23 October 2015 - 12:29 PM.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#14 DshnRob

DshnRob
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 23 October 2015 - 01:27 PM

Hi Sirawit,

 

Per your request I have pasted the three log files and attached the MBR dump file.  Please let me know if you require anything else.

 

Thanks,

DshnRob

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-10-2015

Ran by SYSTEM (2015-10-23 13:12:30) Run:8

Running from d:\

Boot Mode: Recovery

==============================================

 

fixlist content:

*****************

SaveMbr: Drive=0

*****************

 

MBRDUMP.txt is made successfully.

 

==== End of Fixlog 13:12:30 =

 
 
 
# AdwCleaner v5.014 - Logfile created 23/10/2015 at 12:17:16
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : pibert - PIBERT-HP
# Running from : C:\Users\pibert\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 

***** [ Folders ] *****
 

***** [ Files ] *****
 

***** [ DLLs ] *****
 

***** [ Shortcuts ] *****
 

***** [ Scheduled tasks ] *****
 

***** [ Registry ] *****
 

***** [ Web browsers ] *****
 

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [565 bytes] ##########
 
Zoek results:
 

Zoek.exe v5.0.0.1 Updated 23-October-2015
Tool run by pibert on Fri 10/23/2015 at 12:19:28.05.
Microsoft Windows 10 Home 10.0.10240  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\pibert\Desktop\zoek.exe [Scan all users]   [Deep Scan]
 
==== System Restore Info ======================
 
10/23/2015 12:28:09 PM Zoek.exe System Restore Point Created Successfully.
 
==== Running Processes ======================
 
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Users\pibert\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe
C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\pibert\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
 
==== System Specs ======================
 
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 4001 MB
CPU Info: Intel® Core™ i3-2120 CPU @ 3.30GHz
CPU Speed: 3298.8 MHz
Sound Card: Speakers / Headphones (IDT High |
Communications Headphones (IDT  |
Display Adapters: Intel® HD Graphics | Intel® HD Graphics
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Dual Stream 802.11n Wireless LAN Card | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp      DVD A  DL8A4SH
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 3 Button Wheel Mouse Present
Hard Disks: C:  916.1GB | D:  14.8GB
Hard Disks - Free: C:  730.7GB | D:  1.8GB
Manufacturer *: AMI
BIOS Info: AT/AT COMPATIBLE | 06/23/11 | Ver: LAV_712.ROM vLAV7.12
Time Zone: Central Standard Time
Motherboard *: PEGATRON CORPORATION 2AC3
Country: United States
Language: ENU
 
==== System Specs (Software) ======================
 
Internet Explorer Version: 11.0.10240.16431
Google Chrome version: 46.0.2490.71
Adobe Reader version: 15.9.20069.159242
 
==== Files Recently Created / Modified ======================
 
====== C:\WINDOWS ====
====== C:\Users\pibert\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2015-10-13 23:01:21 0AD1F816A97BB9ECB807BB86CD44B36B 19325952 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-13 23:01:17 F053D53DA5B1E51AFCCF129D8F27585C 11262976 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-13 23:01:16 D6BF254925FD35955C99F402F8DF4773 20858360 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll
2015-10-13 23:01:12 77BFF88DF139AEB20BE0F5AB7737A981 13027840 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-13 23:01:11 81A585A9D537956C00CA173C3C82C292 18806272 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-13 23:01:10 441947103FF76ED33BC46E50AFC55D57 5454848 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-13 23:01:09 48CCDE23CA8D3380D1491EAD0E7A3ECE 3580416 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-13 23:01:07 A1B94C8C5C9DD2780B83C7435EE18BED 1997336 ----a-w- C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-13 23:01:06 E2EFED5C9E4BF8EC6F35CF63CA5B589F 1594368 ----a-w- C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-13 23:01:05 9157489ABA83D6FEAAAEC8E3F79714E8 928256 ----a-w- C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-13 23:01:04 471921FC25E6EC0AA5755C78DD9F7C4E 613376 ----a-w- C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-13 23:01:03 685105400BCA64E0D19534A516F36454 625152 ----a-w- C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-13 23:01:02 B81FC272B92CE1A7542EECF1416D17B9 579584 ----a-w- C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-13 23:01:02 73BE590D1D4B42A202FB0CDDB2784E78 650240 ----a-w- C:\WINDOWS\SysWOW64\jscript.dll
2015-10-13 23:01:01 5F7ADEE18B15B9D629F9875C9604A696 557568 ----a-w- C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-13 23:01:00 966EDAEB4B78FA7547D484B21491156E 766976 ----a-w- C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-13 23:01:00 860E5BC4CA5AB3FD20051D09270D1A26 504320 ----a-w- C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-13 23:00:59 0C6AA21007BE1389A4D5C3772D7E262D 525312 ----a-w- C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-13 23:00:58 E4A4BC49568745BDA44F293E3D29A910 466432 ----a-w- C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-13 23:00:56 D055C7AC2514A999D8C636B39457B98B 172032 ----a-w- C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-13 23:00:56 CA4303787A36890CE6EE34DC1C993F3E 195584 ----a-w- C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-13 23:00:55 9E590FA5A1BF50F2E7B7005244F8D31D 574464 ----a-w- C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-13 23:00:55 39518661140BE931D676EF657E877048 131072 ----a-w- C:\WINDOWS\SysWOW64\CallHistoryClient.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2015-10-23 17:07:06 4168787806A0BC38EB0206EAD1A44758 16148 ----a-w- C:\WINDOWS\Sysnative\PIBERT-HP_pibert_HistoryPrediction.bin
2015-10-13 23:01:23 5B783C412EA0A2344AA3E83477356C82 24595456 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2015-10-13 23:01:22 02B94E33E800F71C8417AC3A03D340B7 21875712 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll
2015-10-13 23:01:20 547D2BC05916E97FC8F48CB22DD1CFA1 22322624 ----a-w- C:\WINDOWS\Sysnative\shell32.dll
2015-10-13 23:01:19 212E5C2C279835CBFEBF935EB0E7EC5D 16708608 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Xaml.dll
2015-10-13 23:01:18 72DBFBA1F53B9BF41E71EAA8414BBB86 12504064 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll
2015-10-13 23:01:15 A1243182E21EAC015267DBE2728D4BBE 8020320 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe
2015-10-13 23:01:14 BEE5FBF5ECAEE9281023092F07F8E552 4792320 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll
2015-10-13 23:01:14 872A77BDA3B9967118659E2B195EF23F 7523840 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll
2015-10-13 23:01:09 73AF2D8038FCEF4C4EB4B3106B41967A 2573768 ----a-w- C:\WINDOWS\Sysnative\msxml6.dll
2015-10-13 23:01:08 879E8BFAEA2393B9E057B909A558174F 3586560 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys
2015-10-13 23:01:07 32212C0FE0556915E763C29DEB6D267E 1423872 ----a-w- C:\WINDOWS\Sysnative\UserDataService.dll
2015-10-13 23:01:07 0D5C9E27E93AAEA3E30A1E59A7AC3DFF 1205248 ----a-w- C:\WINDOWS\Sysnative\Unistore.dll
2015-10-13 23:01:06 F9042F366B9695FD564E9485112453E2 1871360 ----a-w- C:\WINDOWS\Sysnative\msxml3.dll
2015-10-13 23:01:06 59BD4C7EC035B59B77A7D9CE71F1B9AE 1276416 ----a-w- C:\WINDOWS\Sysnative\wifinetworkmanager.dll
2015-10-13 23:01:06 17159DF4093B2F33B95AB9F703EA8391 796160 ----a-w- C:\WINDOWS\Sysnative\TokenBroker.dll
2015-10-13 23:01:05 CD66CB4E39913D3B0784A2C984BAD234 1795072 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.dll
2015-10-13 23:01:05 C0BC21B9D557E46E5C331209950AF90D 2178560 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll
2015-10-13 23:01:05 7E8811597D2752736B776F15A1C8FAA6 856576 ----a-w- C:\WINDOWS\Sysnative\ContactApis.dll
2015-10-13 23:01:04 D107C46DBC705FC63761968965AC4463 826880 ----a-w- C:\WINDOWS\Sysnative\jscript.dll
2015-10-13 23:01:04 3A582ABD42FC7C40B944667EDCF5235F 949248 ----a-w- C:\WINDOWS\Sysnative\kerberos.dll
2015-10-13 23:01:03 A92AFC8FB13ADC1CB59719B3E519C843 1294352 ----a-w- C:\WINDOWS\Sysnative\winload.efi
2015-10-13 23:01:03 11648E08564ECFC6CB435990261F1A34 1123400 ----a-w- C:\WINDOWS\Sysnative\winload.exe
2015-10-13 23:01:01 ED8EAAD25E68C88EE68869805EDD4F29 1382400 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys
2015-10-13 23:01:01 863E39BB1F8779B8A6CEEC4BA93401C2 1018568 ----a-w- C:\WINDOWS\Sysnative\winresume.efi
2015-10-13 23:01:01 3DB512EC071AB5656EECA3611E24C797 752640 ----a-w- C:\WINDOWS\Sysnative\ChatApis.dll
2015-10-13 23:01:00 AB3B184665305AD0149150DD72DB0238 576000 ----a-w- C:\WINDOWS\Sysnative\vbscript.dll
2015-10-13 23:00:59 C5890CAD6482B12ECA19E680B779560F 858408 ----a-w- C:\WINDOWS\Sysnative\winresume.exe
2015-10-13 23:00:59 64D7B91B7D667A70782D9C76D6292C3C 980832 ----a-w- C:\WINDOWS\Sysnative\SecConfig.efi
2015-10-13 23:00:58 839BD56425530973FF3F6F7C0057CD22 288256 ----a-w- C:\WINDOWS\Sysnative\PimIndexMaintenance.dll
2015-10-13 23:00:58 6688FE37E767BA15F022B7E59E5E7EA6 579072 ----a-w- C:\WINDOWS\Sysnative\winlogon.exe
2015-10-13 23:00:57 F548C34A6FF655F0A716316133B4DD5D 590336 ----a-w- C:\WINDOWS\Sysnative\MessagingDataModel2.dll
2015-10-13 23:00:57 9C71FA3F776218AD2394833B8DE79031 685568 ----a-w- C:\WINDOWS\Sysnative\AppointmentApis.dll
2015-10-13 23:00:57 9045120B390CDA9C0C7DB93745B92554 720896 ----a-w- C:\WINDOWS\Sysnative\EmailApis.dll
2015-10-13 23:00:56 5A863500AB522EFA6270019D613F15F9 757760 ----a-w- C:\WINDOWS\Sysnative\fveapi.dll
2015-10-13 23:00:56 184EA31BE714F3B33A5E96CBE103561C 78528 ----a-w- C:\WINDOWS\Sysnative\acmigration.dll
2015-10-13 23:00:55 BF77FC08A7D4DC37A659561B29FA23EC 163840 ----a-w- C:\WINDOWS\Sysnative\CallHistoryClient.dll
2015-10-13 23:00:55 75051FAAA293FA5414105A2BDA6BAC05 223232 ----a-w- C:\WINDOWS\Sysnative\PhoneCallHistoryApis.dll
2015-10-13 23:00:55 4A805F2C7EF79017D6F67441439A6B18 771072 ----a-w- C:\WINDOWS\Sysnative\Chakradiag.dll
2015-10-13 23:00:55 230C8AEE3C7F4723ABEA09C93DF47AF3 257024 ----a-w- C:\WINDOWS\Sysnative\UserDataAccountApis.dll
====== C:\WINDOWS\Sysnative\drivers =====
2015-10-13 23:01:00 0A368247A900656CC0678117DFC3A87C 498016 ----a-w- C:\WINDOWS\Sysnative\drivers\usbhub.sys
2015-10-04 19:48:09 FD44FA80DA03EA144153A76DEBBB61B4 35064 ----a-w- C:\WINDOWS\Sysnative\drivers\TrueSight.sys
2015-10-01 22:16:33 89C9C3745F270EF93988DA57BC6AA62B 1983824 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2015-10-01 22:16:31 7EBD20284AC9BF9F0A020B86769BB074 2432336 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys
2015-10-01 22:16:19 927AD29D7F91B9A0C5294932374DA15E 894256 ----a-w- C:\WINDOWS\Sysnative\drivers\Wdf01000.sys
2015-10-01 22:16:08 FDB239DBE2A14B572D21ABCEDC7BB5D0 505696 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys
2015-10-01 22:16:08 C08449092043601887A1743350888635 516448 ----a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS
2015-10-01 22:16:08 5A1C6AFFF6946C5C21A27AE05084C0D1 332624 ----a-w- C:\WINDOWS\Sysnative\drivers\fastfat.sys
2015-10-01 22:16:03 B6A33DCEBE437F909615E89BA5FB1385 395088 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2015-10-01 22:15:57 70469C8AC4AD367295E70CFDD81B754C 99664 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys
2015-10-01 22:15:56 854AF190F55E6D70EC65A85798F896E2 36352 ----a-w- C:\WINDOWS\Sysnative\drivers\buttonconverter.sys
2015-10-01 22:15:55 FA5C94FB36625787063D04CF2F24E890 320000 ----a-w- C:\WINDOWS\Sysnative\drivers\portcls.sys
2015-10-01 22:15:51 616F40B897DA651221F86A1741E9609B 1168736 ----a-w- C:\WINDOWS\Sysnative\drivers\ndis.sys
2015-10-01 22:15:48 1434CA8A224655AD096D57DB24D3AA85 406864 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS
2015-10-01 22:15:47 004C66464D8FE76D5DA78BE6777D61AF 278352 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys
2015-09-25 11:33:37 8F22037D3F5A6BB676525D825A1388B9 113880 ----a-w- C:\WINDOWS\Sysnative\drivers\MBAMSwissArmy.sys
2015-09-25 11:33:24 DD07C30083AE39B1E471C1F9B981BA3E 109272 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2015-09-25 11:33:24 A8E193B92BFE2ADA766CCCE52FFD04D0 25816 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys
2015-09-25 11:33:24 0D26EA3022BB9D84B942FB70F505A76D 64216 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2015-10-04 14:01:21 -------- d-----w- C:\PROGRA~2\ESET
======= C: =====
====== C:\Users\pibert\AppData\Roaming ======
2015-10-19 16:40:47 -------- d-----w- C:\Users\pibert\AppData\Local\Microsoft Help
2015-10-13 09:40:18 -------- d-----w- C:\Users\pibert\AppData\Local\CrashDumps
2015-10-11 12:17:38 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\CrashDumps
2015-10-04 13:56:57 -------- d-----w- C:\Users\pibert\AppData\Local\ElevatedDiagnostics
2015-10-01 22:20:50 -------- d-----w- C:\Users\pibert\AppData\Local\Diagnostics
====== C:\Users\pibert ======
2015-10-23 17:12:59 DABAEBB669064B0DAE5A4AFA0DB1755F 1691648 ----a-w- C:\Users\pibert\Desktop\AdwCleaner.exe
2015-10-23 17:11:10 DABAEBB669064B0DAE5A4AFA0DB1755F 1691648 ----a-w- C:\Users\pibert\Downloads\AdwCleaner (5).exe
2015-10-20 20:12:33 -------- d-----w- C:\Users\pibert\hpremote
2015-10-20 02:48:28 -------- d-----w- C:\WINDOWS\serviceprofiles\Localservice\winhttp
2015-10-19 10:02:40 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\pibert\Desktop\TFC.exe
2015-10-19 10:02:12 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\pibert\Downloads\TFC (1).exe
2015-10-17 03:11:23 7B32A56EE59155D93DDFD7419A5386FB 2196480 ----a-w- C:\Users\pibert\Downloads\FRST64 (1).exe
2015-10-17 02:52:56 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\pibert\Downloads\TFC.exe
2015-10-04 19:48:06 -------- d-----w- C:\ProgramData\RogueKiller
 
====== C: exe-files ==
2015-10-17 12:50:04 635DBF6CD989626ABEE812AF15948A8A 1369416 ----a-w- C:\Users\pibert\AppData\Local\Google\Chrome\User Data\SwReporter\4.32.1\software_reporter_tool.exe
=== C: other files ==
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"
 
[HKEY_USERS\S-1-5-21-1429684805-3901036955-522432100-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\pibert\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DT HPO"="C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO"
"Intuit SyncManager"="C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\pibert\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe"
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe"
"Persistence"="C:\WINDOWS\system32\igfxpers.exe"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
"BeatsOSDApp"="C:\Program Files\IDT\WDM\beats64.exe"
 
==== Task Scheduler Jobs ======================
 
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/30/2015 07:58 PM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/30/2015 07:58 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe]
"C:\WINDOWS\SysNative\tasks\Registration" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe"]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{10049D5C-5DFF-430F-B0AE-B123CF71F972}" [C:\Windows\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe]
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.71
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jpgfhihjicjofdejkbjgnjlaglaciobe - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx[06/03/2011 06:55 AM]
 
Google Slides - pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Docs Offline - pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Website Logon - pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe
Chrome Web Store Payments - pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - pibert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
 
==== HijackThis Entries ======================
 
F2 - REG:system.ini: UserInit=
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
O4 - HKCU\..\Run: [OneDrive] "C:\Users\pibert\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Fri 10/23/2015 at 12:34:57.17 ======================
 
 
 
 
 
 

 

 

Attached File  MBRDUMP.txt   512bytes   2 downloads



#15 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:59 PM

Posted 25 October 2015 - 10:19 PM

Hi DshnRob.
 
Your log looks clean, I think the problem is Edge itself, not malware. Let's try these:

 

NOTE: xxxx in steps below maybe be vary, if text before it matches then that's the correct folder. If you have any question please ask me before proceeding.
 
:step1: Clean Active directory.

 

  1. Close all Edge windows.
  2. Go to C:\Users\[User Name]\AppData\Local\Packages\Microsoft.MicrosoftEdge_xxxx\AC\MicrosoftEdge\User\Default\Recovery\Active\
  3. Delete all files/folders inside that folder.
  4. Open Edge again. Does it work this time?

 

If it still doesn't work:

 

:step2: Reinstall Edge.

 

  1. Close all Edge windows.
  2. Enable hidden items by click on View tab in File Explorer and put a check mark on Hidden Items.
  3. Delete folder C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_xxxx. (Deletion may takes some time, if it ask you for admin permission please grant it. If some files can't be deleted please skip.)
  4. Restart your computer.
  5. Go to Start, type powershell in search box. Then right click on Windows Powershell and select Run as administrator.
  6. When you see a cursor blinking, copy text in the code box below, right click on the Windows Powershell window to paste the content, and then press Enter.
    cd c:\users\pibert
  7. When you see a cursor blinking, copy text in the code box below, right click on the Windows Powershell window to paste the content, and then press Enter.
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml” -Verbose}
  8. When you see a cursor blinking, type exit  and press Enter.
  9. Restart your computer. Then try using Edge. Does it work this time?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users