Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirects to malware downloads & "call this number"


  • This topic is locked This topic is locked
11 replies to this topic

#1 Rules

Rules

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 30 June 2016 - 10:28 AM

When browsing any page, I can be redirected on link clicks or page clicks to a new tab which opens to PCKeeper or ReImage software sites. Sometimes to "Call This Number Now" sites.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2016
Ran by Carter (administrator) on CLPC (30-06-2016 11:05:37)
Running from C:\Users\Carter\Downloads
Loaded Profiles: Carter (Available Profiles: Carter)
Platform: Windows 10 Enterprise (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
() C:\Users\Carter\McMyAdmin\MCMA_Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hammer & Chisel, Inc.) C:\Users\Carter\AppData\Local\Discord\app-0.0.291\Discord.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Hammer & Chisel, Inc.) C:\Users\Carter\AppData\Local\Discord\app-0.0.291\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Hammer & Chisel, Inc.) C:\Users\Carter\AppData\Local\Discord\app-0.0.291\Discord.exe
() C:\Program Files (x86)\qBittorrent\qbittorrent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ShareX Team) C:\Program Files\ShareX\ShareX.exe
(Jeroen Pelgrims) C:\Users\Carter\AppData\Local\Apps\2.0\8DB7D5XQ.WCR\2EDQCOGJ.X02\soun..tion_0000000000000000_0002.0004_f839aedc2aa2d7a7\SoundSwitch.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_91\bin\java.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-18] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-20] (Logitech Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\RunOnce: [CleanUp RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzInstallerDeletion.vbs [1446 2015-11-26] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3865103102-2897012257-3594236102-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-14] (Valve Corporation)
HKU\S-1-5-21-3865103102-2897012257-3594236102-1001\...\Run: [Discord] => C:\Users\Carter\AppData\Local\Discord\app-0.0.291\Discord.exe [57929912 2016-06-03] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3865103102-2897012257-3594236102-1001\...\Run: [f.lux] => C:\Users\Carter\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3865103102-2897012257-3594236102-1001\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [15881216 2016-06-19] ()
Startup: C:\Users\Carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2016-06-13]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
Startup: C:\Users\Carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SoundSwitch.appref-ms [2015-12-28] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{8962066b-cd62-416e-85e4-922373d26da5}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{f8517f6b-5146-4106-96c5-ebd866337981}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-06] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-06] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-06] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-06] (Oracle Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-06] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-06] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-01-08] [not signed]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-26]
CHR Extension: (Google Docs) - C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-26]
CHR Extension: (Google Drive) - C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-26]
CHR Extension: (YouTube) - C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-26]
CHR Extension: (uBlock Origin) - C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-06-25]
CHR Extension: (Google Search) - C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-26]
CHR Extension: (Google Sheets) - C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-26]
CHR Extension: (Google Docs Offline) - C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2015-12-26]
CHR Extension: (Imgur Uploader) - C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmpmjpekinnebjgnakcahjikbomnmlb [2016-05-24]
CHR Extension: (VNC® Viewer for Google Chrome™) - C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2015-12-26]
CHR Extension: (middle button new tab) - C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikbkhpkapkmhaoiabhlkmicpeakhhpip [2015-12-26]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-03]
CHR Extension: (Hover Zoom) - C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2016-06-25]
CHR Extension: (Gmail) - C:\Users\Carter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-26]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-05-02] (NVIDIA Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McMyAdmin; C:\Users\Carter\McMyAdmin\MCMA_Service.exe [542208 2013-04-07] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-05-02] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-05-02] (NVIDIA Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [985280 2015-07-21] (@ByELDI) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [3778592 2016-05-22] (C-MEDIA)
S3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2015-12-26] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-12-26] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-30 11:05 - 2016-06-30 11:05 - 00016297 _____ C:\Users\Carter\Downloads\FRST.txt
2016-06-30 11:05 - 2016-06-30 11:05 - 00000000 ____D C:\FRST
2016-06-30 11:04 - 2016-06-30 11:05 - 02390016 _____ (Farbar) C:\Users\Carter\Downloads\FRST64.exe
2016-06-30 10:50 - 2016-06-30 10:50 - 00016148 _____ C:\Windows\system32\CLPC_Carter_HistoryPrediction.bin
2016-06-29 14:55 - 2016-06-29 14:55 - 00000000 ____D C:\Users\Carter\AppData\Roaming\Adobe
2016-06-29 14:19 - 2016-06-29 14:19 - 00000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-06-24 07:19 - 2016-06-24 07:30 - 00000000 ____D C:\Users\Carter\Documents\Archer Season 7
2016-06-24 07:19 - 2016-06-24 07:19 - 13305645 _____ C:\Users\Carter\Documents\Archer Season 7.ncor
2016-06-24 00:16 - 2016-06-24 01:13 - 00000000 ____D C:\Users\Carter\Downloads\DownblouseJerk.com Megapack 4K 2015
2016-06-23 23:33 - 2016-06-23 23:59 - 00000000 ____D C:\AdwCleaner
2016-06-23 23:33 - 2016-06-23 23:33 - 03703360 _____ C:\Users\Carter\Downloads\AdwCleaner.exe
2016-06-23 23:30 - 2016-06-23 23:30 - 05659224 _____ (Swearware) C:\Users\Carter\Downloads\ComboFix.exe
2016-06-23 12:24 - 2016-06-24 00:00 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-23 12:23 - 2016-06-23 12:23 - 22851472 _____ (Malwarebytes ) C:\Users\Carter\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-23 12:23 - 2016-06-23 12:23 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-23 12:23 - 2016-06-23 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-23 12:23 - 2016-06-23 12:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-23 12:23 - 2016-06-23 12:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-23 12:23 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-23 12:23 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-23 12:23 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-22 14:31 - 2016-06-30 04:00 - 00000000 ____D C:\Users\Carter\McMyAdmin
2016-06-22 14:25 - 2016-06-22 14:25 - 00000000 _____ C:\Users\Carter\.node_repl_history
2016-06-22 14:15 - 2016-06-22 14:15 - 00001024 _____ C:\.rnd
2016-06-22 14:13 - 2016-06-22 14:16 - 00000000 ____D C:\Users\Carter\AppData\Roaming\npm-cache
2016-06-22 14:11 - 2016-06-22 14:13 - 00000000 ____D C:\Users\Carter\AppData\Roaming\npm
2016-06-22 14:11 - 2016-06-22 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2016-06-22 14:11 - 2016-06-22 14:11 - 00000000 ____D C:\Program Files\nodejs
2016-06-22 14:01 - 2016-06-22 14:01 - 00000000 ____D C:\Python27
2016-06-22 14:01 - 2016-06-22 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2016-06-21 08:56 - 2016-06-21 08:56 - 00000000 ____D C:\Users\Carter\Downloads\WINDOWS 10 ENTERPRISE [32_64] + OFFICE 2013 PRO PLUS + ACTIVATOR
2016-06-21 07:10 - 2016-06-21 07:10 - 00000036 _____ C:\Users\Carter\Desktop\New Text Document.txt
2016-06-21 06:00 - 2016-04-14 01:38 - 00113216 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-06-21 06:00 - 2016-04-14 01:38 - 00102976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-06-21 05:59 - 2016-06-21 05:59 - 00000000 ____D C:\Users\Carter\AppData\Roaming\java
2016-06-21 05:52 - 2016-06-21 06:03 - 00000000 ____D C:\Users\Carter\AppData\Roaming\Curse Client
2016-06-21 05:51 - 2016-06-21 05:51 - 00000000 ____D C:\Users\Carter\AppData\Roaming\Curse
2016-06-21 04:55 - 2016-06-21 04:55 - 00001104 _____ C:\Users\Carter\Desktop\FTB - Shortcut.lnk
2016-06-21 04:51 - 2016-06-21 04:51 - 00000000 ____D C:\Users\Carter\Desktop\Minecraft
2016-06-21 04:40 - 2016-06-21 04:45 - 00000000 ____D C:\Users\Carter\Downloads\Archer.2009.S07E04.720p.HDTV.x264-AVS
2016-06-21 04:40 - 2016-06-21 04:45 - 00000000 ____D C:\Users\Carter\Downloads\Archer.2009.S07E03.720p.HDTV.x264-AVS
2016-06-21 04:40 - 2016-06-21 04:45 - 00000000 ____D C:\Users\Carter\Downloads\Archer.2009.S07E02.720p.HDTV.x264-AVS
2016-06-21 04:40 - 2016-06-21 04:44 - 00000000 ____D C:\Users\Carter\Downloads\Archer.2009.S07E05.720p.HDTV.x264-AVS
2016-06-21 04:40 - 2016-06-21 04:43 - 00000000 ____D C:\Users\Carter\Downloads\Archer.2009.S07E01.720p.HDTV.x264-AVS
2016-06-21 04:40 - 2016-06-21 04:41 - 00000000 ____D C:\Users\Carter\Downloads\Archer.2009.S07E08.720p.HDTV.x264-AVS
2016-06-21 04:40 - 2016-06-21 04:41 - 00000000 ____D C:\Users\Carter\Downloads\Archer.2009.S07E07.720p.HDTV.x264-AVS
2016-06-21 04:40 - 2016-06-21 04:40 - 00000000 ____D C:\Users\Carter\Downloads\Archer.2009.S07E06.720p.HDTV.x264-AVS
2016-06-21 04:32 - 2016-06-21 04:39 - 00000000 ____D C:\Users\Carter\Downloads\Porco.Rosso.1992.1080p.BluRay.X264-AMIABLE
2016-06-21 04:30 - 2016-06-21 04:31 - 00000000 ____D C:\Users\Carter\Downloads\Only.Yesterday.1991.720p.BluRay.x264-mSD
2016-06-21 04:28 - 2016-06-21 04:30 - 00000000 ____D C:\Users\Carter\Downloads\Grave.of.the.Fireflies.1988.720p.BluRay.x264-x0r
2016-06-21 04:19 - 2016-06-21 04:19 - 13305641 _____ C:\Users\Carter\Documents\Josh's bleep.ncor
2016-06-21 04:19 - 2016-06-21 04:19 - 00000000 ____D C:\Users\Carter\Documents\Josh's bleep
2016-06-21 04:16 - 2016-06-21 04:16 - 00000000 ____D C:\Users\Carter\Downloads\Adobe Encore CS4 Portable
2016-06-21 04:15 - 2016-06-21 04:16 - 97494862 _____ C:\Users\Carter\Downloads\Adobe Encore CS4 Portable.zip
2016-06-21 04:04 - 2016-06-21 04:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-06-17 05:40 - 2016-06-17 05:40 - 00000000 ____D C:\Users\Carter\workspace
2016-06-17 05:40 - 2016-06-17 05:40 - 00000000 ____D C:\Users\Carter\AppData\Local\Eclipse
2016-06-17 05:39 - 2016-06-17 05:39 - 00001114 _____ C:\Users\Carter\Desktop\Eclipse Java Mars.lnk
2016-06-17 05:39 - 2016-06-17 05:39 - 00000000 ____D C:\Users\Carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eclipse
2016-06-17 05:38 - 2016-06-17 05:38 - 00000000 ____D C:\Users\Carter\eclipse
2016-06-17 05:37 - 2016-06-17 05:40 - 00000000 ____D C:\Users\Carter\.p2
2016-06-17 05:37 - 2016-06-17 05:40 - 00000000 ____D C:\Users\Carter\.eclipse
2016-06-16 14:48 - 2016-06-16 14:48 - 00617686 _____ C:\Users\Carter\Downloads\05-31-16-Checking_Account_Statements.2016.pdf
2016-06-16 12:57 - 2016-06-16 13:09 - 00000000 ____D C:\Users\Carter\AppData\Local\Nightbot
2016-06-16 12:57 - 2016-06-16 12:59 - 00000000 ____D C:\Users\Carter\Documents\Nightbot
2016-06-16 12:57 - 2016-06-16 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightbot
2016-06-16 12:57 - 2016-06-16 12:57 - 00000000 ____D C:\Program Files (x86)\Nightbot
2016-06-15 05:41 - 2016-06-15 05:41 - 00000000 ____D C:\Users\Carter\AppData\Local\Downloaded Installations
2016-06-15 05:18 - 2016-06-15 05:18 - 240413701 _____ C:\Users\Carter\Downloads\FTBInfinityServer.zip
2016-06-15 04:50 - 2016-06-15 04:51 - 72428463 _____ C:\Users\Carter\Desktop\Nick61416.rar
2016-06-14 14:56 - 2016-05-28 01:00 - 02543784 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-06-14 14:56 - 2016-05-28 00:52 - 22326760 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-14 14:56 - 2016-05-28 00:35 - 02188472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-06-14 14:56 - 2016-05-28 00:08 - 21860352 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-06-14 14:56 - 2016-05-28 00:07 - 24597504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-14 14:56 - 2016-05-27 23:57 - 06788096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-14 14:56 - 2016-05-27 23:56 - 12511232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-14 14:56 - 2016-05-27 23:53 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-14 14:56 - 2016-05-27 23:51 - 02119680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-14 14:56 - 2016-05-27 23:49 - 19330560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-14 14:56 - 2016-05-27 23:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-06-14 14:56 - 2016-05-27 23:45 - 07523840 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-06-14 14:56 - 2016-05-27 23:45 - 03584000 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-06-14 14:56 - 2016-05-27 23:44 - 04793344 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-14 14:56 - 2016-05-27 23:44 - 00737792 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-14 14:56 - 2016-05-27 23:41 - 05160960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-14 14:56 - 2016-05-27 23:40 - 18797568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-06-14 14:56 - 2016-05-27 23:38 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-14 14:56 - 2016-05-27 23:36 - 01383424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-14 14:56 - 2016-05-27 23:35 - 02042368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-14 14:56 - 2016-05-27 23:32 - 03580928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-14 14:56 - 2016-05-27 23:31 - 11268096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-14 14:56 - 2016-05-27 23:30 - 05454848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-06-14 14:56 - 2016-05-27 23:29 - 00502272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-14 14:55 - 2016-05-28 01:02 - 06488312 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-06-14 14:55 - 2016-05-28 01:02 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-14 14:55 - 2016-05-28 01:02 - 01314496 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-06-14 14:55 - 2016-05-28 01:02 - 00601344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-14 14:55 - 2016-05-28 01:02 - 00432360 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-14 14:55 - 2016-05-28 01:02 - 00421536 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-14 14:55 - 2016-05-28 01:02 - 00158048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-14 14:55 - 2016-05-28 01:02 - 00113144 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-06-14 14:55 - 2016-05-28 01:00 - 01591304 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-14 14:55 - 2016-05-28 01:00 - 00327520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-06-14 14:55 - 2016-05-28 01:00 - 00203496 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-06-14 14:55 - 2016-05-28 00:59 - 00363872 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-14 14:55 - 2016-05-28 00:59 - 00131208 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-14 14:55 - 2016-05-28 00:54 - 00658784 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-06-14 14:55 - 2016-05-28 00:53 - 03625416 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-14 14:55 - 2016-05-28 00:53 - 00026464 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2016-06-14 14:55 - 2016-05-28 00:47 - 00613120 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-06-14 14:55 - 2016-05-28 00:47 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-14 14:55 - 2016-05-28 00:39 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-14 14:55 - 2016-05-28 00:39 - 01365584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-14 14:55 - 2016-05-28 00:39 - 00952968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-06-14 14:55 - 2016-05-28 00:39 - 00365128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-14 14:55 - 2016-05-28 00:38 - 05118024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-06-14 14:55 - 2016-05-28 00:38 - 00372368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-14 14:55 - 2016-05-28 00:38 - 00306528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-14 14:55 - 2016-05-28 00:38 - 00097096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-06-14 14:55 - 2016-05-28 00:35 - 00183904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-06-14 14:55 - 2016-05-28 00:35 - 00112632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-14 14:55 - 2016-05-28 00:28 - 00467296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-06-14 14:55 - 2016-05-28 00:27 - 20861984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-14 14:55 - 2016-05-28 00:27 - 02880560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-14 14:55 - 2016-05-28 00:21 - 00545400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-06-14 14:55 - 2016-05-28 00:21 - 00316256 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-14 14:55 - 2016-05-28 00:11 - 00395264 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-06-14 14:55 - 2016-05-28 00:10 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-14 14:55 - 2016-05-28 00:10 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-06-14 14:55 - 2016-05-28 00:09 - 00914944 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-06-14 14:55 - 2016-05-28 00:00 - 01336832 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-14 14:55 - 2016-05-27 23:58 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-14 14:55 - 2016-05-27 23:58 - 00672256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-14 14:55 - 2016-05-27 23:58 - 00410624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-14 14:55 - 2016-05-27 23:58 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-06-14 14:55 - 2016-05-27 23:57 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-06-14 14:55 - 2016-05-27 23:54 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-14 14:55 - 2016-05-27 23:54 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-14 14:55 - 2016-05-27 23:54 - 00282112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-06-14 14:55 - 2016-05-27 23:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-14 14:55 - 2016-05-27 23:52 - 02663424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-06-14 14:55 - 2016-05-27 23:51 - 02848256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-14 14:55 - 2016-05-27 23:51 - 01603584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-14 14:55 - 2016-05-27 23:50 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-14 14:55 - 2016-05-27 23:50 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-06-14 14:55 - 2016-05-27 23:50 - 00574464 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-14 14:55 - 2016-05-27 23:48 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-14 14:55 - 2016-05-27 23:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-14 14:55 - 2016-05-27 23:44 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-06-14 14:55 - 2016-05-27 23:44 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-14 14:55 - 2016-05-27 23:43 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-14 14:55 - 2016-05-27 23:41 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-14 14:55 - 2016-05-27 23:40 - 00672768 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-06-14 14:55 - 2016-05-27 23:39 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-14 14:55 - 2016-05-27 23:39 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2016-06-14 14:55 - 2016-05-27 23:38 - 01821696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-06-14 14:55 - 2016-05-27 23:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-14 14:55 - 2016-05-27 23:37 - 02315776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-14 14:55 - 2016-05-27 23:35 - 00679936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-14 14:55 - 2016-05-27 23:35 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2016-06-14 14:55 - 2016-05-27 23:35 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-14 14:55 - 2016-05-27 23:35 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-06-14 14:55 - 2016-05-27 23:33 - 00578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-14 14:55 - 2016-05-27 23:32 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-14 14:55 - 2016-05-27 23:29 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-14 14:55 - 2016-05-27 23:25 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-06-12 08:10 - 2016-06-12 08:10 - 07603924 _____ C:\Users\Carter\Downloads\facebook-carterlehr.zip
2016-06-08 10:12 - 2016-06-08 10:12 - 00032663 _____ C:\Users\Carter\AppData\Local\recently-used.xbel
2016-06-08 08:35 - 2016-06-21 02:27 - 00000513 _____ C:\Users\Carter\Desktop\to do.txt
2016-06-05 13:32 - 2016-06-05 13:32 - 00000000 ____H C:\Users\Carter\Documents\Default.rdp
2016-06-04 07:55 - 2016-06-21 06:03 - 00000000 ____D C:\Windows\system32\appmgmt
2016-06-04 02:49 - 2016-06-04 03:44 - 00000400 __RSH C:\ProgramData\ntuser.pol
2016-06-04 02:43 - 2016-06-04 02:43 - 00004381 _____ C:\Windows\diagwrn.xml
2016-06-04 02:43 - 2016-06-04 02:43 - 00002507 _____ C:\Windows\diagerr.xml
2016-06-04 02:42 - 2016-06-04 02:42 - 00000000 ___HD C:\$Windows.~WS
2016-06-04 02:42 - 2016-06-04 02:42 - 00000000 ____D C:\$WINDOWS.~BT
2016-06-04 02:39 - 2016-06-04 02:40 - 00000000 ____D C:\Users\Carter\Desktop\MICROSOFT.WINDOWS.10.ENTERPRISE.AND.OFFICE.2016.PRO.PLUS.VISIO.PROJECT.PRO.VL-iSO
2016-06-03 07:29 - 2016-06-03 07:29 - 00000000 ____D C:\Users\Carter\AppData\Roaming\TeamViewer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-30 10:56 - 2016-02-11 01:53 - 00000000 ____D C:\Users\Carter\AppData\Roaming\qBittorrent
2016-06-30 10:16 - 2015-12-26 05:32 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-30 01:22 - 2015-07-10 07:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-30 01:22 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\AppReadiness
2016-06-29 18:26 - 2016-05-03 11:07 - 00000000 ____D C:\Users\Carter\Feed The Beast
2016-06-29 18:26 - 2016-05-03 11:05 - 00000000 ____D C:\Users\Carter\AppData\Local\ftblauncher
2016-06-29 17:16 - 2015-12-26 05:32 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-29 14:19 - 2015-12-28 23:04 - 00000000 ____D C:\Users\Carter\AppData\Roaming\vlc
2016-06-24 00:06 - 2015-12-26 05:01 - 00875126 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-24 00:06 - 2015-07-10 07:02 - 00000000 ____D C:\Windows\INF
2016-06-24 00:01 - 2015-12-28 04:50 - 00000000 ____D C:\Users\Carter\AppData\Local\Deployment
2016-06-24 00:01 - 2015-12-26 05:49 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-24 00:00 - 2015-12-26 05:58 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-24 00:00 - 2015-07-10 08:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-24 00:00 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\IME
2016-06-23 23:59 - 2015-07-10 05:05 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-06-23 12:02 - 2016-02-17 22:47 - 00000000 ____D C:\Users\Carter\Downloads\Archer
2016-06-23 12:00 - 2015-12-26 17:09 - 00000000 ____D C:\Users\Carter\Documents\ShareX
2016-06-22 14:31 - 2015-12-26 04:59 - 00000000 ____D C:\Users\Carter
2016-06-21 08:07 - 2016-05-06 18:41 - 00000000 ____D C:\Users\Carter\AppData\Local\CrashDumps
2016-06-21 08:05 - 2016-05-03 10:16 - 00000000 ____D C:\Program Files (x86)\Razer
2016-06-21 06:01 - 2015-12-26 05:58 - 00000000 ____D C:\Users\Carter\AppData\Local\NVIDIA
2016-06-21 05:52 - 2016-05-03 11:36 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-06-21 04:04 - 2016-02-11 01:53 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2016-06-21 03:31 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\system32\NDF
2016-06-21 03:26 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\rescache
2016-06-21 02:45 - 2015-12-26 04:59 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-21 02:44 - 2015-07-10 08:20 - 00220544 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-21 02:43 - 2015-07-10 07:04 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-06-21 02:41 - 2016-05-03 11:32 - 00000000 ____D C:\Users\Carter\AppData\Local\Battle.net
2016-06-17 22:17 - 2015-12-26 05:32 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 22:17 - 2015-12-26 05:32 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 05:53 - 2016-05-03 13:31 - 00000000 ____D C:\Users\Carter\.oracle_jre_usage
2016-06-17 05:53 - 2015-12-26 05:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-06-17 05:53 - 2015-12-26 05:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-17 05:52 - 2015-12-26 05:42 - 00000000 ____D C:\Program Files\Java
2016-06-16 15:04 - 2015-07-10 06:55 - 00000000 ____D C:\Windows\CbsTemp
2016-06-16 13:04 - 2016-05-11 14:17 - 00000045 _____ C:\Users\Carter\jagex_cl_oldschool_LIVE.dat
2016-06-16 13:00 - 2016-01-01 22:41 - 00000000 ____D C:\Users\Carter\AppData\Roaming\OBS
2016-06-15 16:40 - 2015-12-26 05:19 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-15 09:33 - 2015-12-26 05:18 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 09:25 - 2015-12-26 05:18 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 13:32 - 2015-07-10 07:06 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 13:32 - 2015-07-10 07:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 22:22 - 2015-12-26 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareX
2016-06-13 22:22 - 2015-12-26 17:09 - 00000000 ____D C:\Program Files\ShareX
2016-06-12 08:51 - 2016-05-03 11:32 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-06-08 10:07 - 2016-05-17 03:59 - 00000000 ____D C:\Users\Carter\.gimp-2.8
2016-06-08 08:35 - 2016-05-15 05:02 - 00000169 _____ C:\Users\Carter\Desktop\buy lists.txt
2016-06-07 09:06 - 2016-05-04 12:40 - 00000000 ____D C:\Users\Carter\AppData\Local\ElevatedDiagnostics
2016-06-07 07:23 - 2015-12-31 05:01 - 00000000 ____D C:\Users\Carter\AppData\Roaming\discord
2016-06-06 12:43 - 2015-12-26 05:34 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-06-04 02:49 - 2015-07-10 07:04 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-06-04 02:49 - 2015-07-10 07:04 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-06-04 02:43 - 2015-12-26 07:49 - 00000000 ____D C:\Windows\Panther
2016-06-03 16:09 - 2015-12-31 05:01 - 00002276 _____ C:\Users\Carter\Desktop\Discord.lnk
2016-06-03 16:09 - 2015-12-31 05:01 - 00000000 ____D C:\Users\Carter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-06-03 16:09 - 2015-12-31 05:01 - 00000000 ____D C:\Users\Carter\AppData\Local\SquirrelTemp
2016-06-03 16:09 - 2015-12-31 05:01 - 00000000 ____D C:\Users\Carter\AppData\Local\Discord

==================== Files in the root of some directories =======

2016-06-08 10:12 - 2016-06-08 10:12 - 0032663 _____ () C:\Users\Carter\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\Carter\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Carter\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\Carter\AppData\Local\Temp\libeay32.dll
C:\Users\Carter\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Carter\AppData\Local\Temp\msvcr120.dll
C:\Users\Carter\AppData\Local\Temp\npp.6.9.1.Installer.exe
C:\Users\Carter\AppData\Local\Temp\npp.6.9.2.Installer.exe
C:\Users\Carter\AppData\Local\Temp\ShareX-10.6.0-setup.exe
C:\Users\Carter\AppData\Local\Temp\ShareX-10.6.1-setup.exe
C:\Users\Carter\AppData\Local\Temp\ShareX-10.7.0-setup.exe
C:\Users\Carter\AppData\Local\Temp\ShareX-10.8.0-setup.exe
C:\Users\Carter\AppData\Local\Temp\ShareX-10.9.1-setup.exe
C:\Users\Carter\AppData\Local\Temp\ShareX-11.0.1-setup.exe
C:\Users\Carter\AppData\Local\Temp\sqlite3.dll
C:\Users\Carter\AppData\Local\Temp\vlc-2.2.4-win64.exe
C:\Users\Carter\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-21 01:21

==================== End of FRST.txt ============================

Attached: Addition.txt

Attached Files



BC AdBot (Login to Remove)

 


#2 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:06:40 AM

Posted 02 July 2016 - 05:37 PM

Thank you for your patience. Before we get to work here are a few things to keep in mind:
  • Please do not run any tools on your own while we solve this. Some are rather powerful, and using one at the wrong moment can have catastrophic effects. Also please refrain from seeking help for this problem elsewhere. Too many cooks spoils the broth.
  • Next, it is important that the instructions given be performed in the order given. We may need one tool to finish its job before another one starts.
  • If at any time my instructions are not clear stop and ask for clarification.
  • Rather than attach any logs to your post it is better that you copy and paste them instead, except if instructed otherwise.
  • Any program that I ask you run should only be run once.
  • As soon as your computer is clean I will let you know.
  • Please try to complete any tasks and reply in 24 to 48 hours. I will try to do likewise.
  • If you have any pirated software on your system I must ask that you remove them. No need for you to tell me if you do. Many times such programs are the source of many an infection, which makes cleaning a sick computer just that more difficult. And it's also against BleepingComputer's rules.
  • Lastly, do not make any changes to your computer from here on out until you get an "All Clear from me.
Going over your logs I noticed that you have qBittorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall qBittorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

One more thing, could you post the contents of Addition.txt? It seems to be missing some key ares that were scanned. Just copy/paste the contents in your next reply.

Edited by Bezukhov, 02 July 2016 - 05:45 PM.

To err is Human. To blame it on someone else is even more Human.

#3 Rules

Rules
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 03 July 2016 - 02:13 PM

Thanks for the response! I have disabled qBittorrent and it's autostart setting. Below I have posted the contents of Addition.txt


Edited by Rules, 03 July 2016 - 02:16 PM.


#4 Rules

Rules
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 03 July 2016 - 02:16 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2016
Ran by Carter (2016-06-30 11:06:02)
Running from C:\Users\Carter\Downloads
Windows 10 Enterprise (X64) (2015-12-26 08:58:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3865103102-2897012257-3594236102-500 - Administrator - Disabled)
Carter (S-1-5-21-3865103102-2897012257-3594236102-1001 - Administrator - Enabled) => C:\Users\Carter
DefaultAccount (S-1-5-21-3865103102-2897012257-3594236102-503 - Limited - Disabled)
Guest (S-1-5-21-3865103102-2897012257-3594236102-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3865103102-2897012257-3594236102-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AutoHotkey 1.1.22.09 (HKLM\...\AutoHotkey) (Version: 1.1.22.09 - Lexikos)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version:  - Infinity Ward)
Canon MG6100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6100_series) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse Client (HKU\S-1-5-21-3865103102-2897012257-3594236102-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Discord (HKU\S-1-5-21-3865103102-2897012257-3594236102-1001\...\Discord) (Version: 0.0.291 - Hammer & Chisel, Inc.)
f.lux (HKU\S-1-5-21-3865103102-2897012257-3594236102-1001\...\Flux) (Version:  - )
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM-x32\...\{0B5D7DA7-9220-392F-89C6-4C75AB36E977}) (Version: 47.0.2526.106 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Development Kit 8 Update 66 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180660}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 8 Update 66 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180660}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 8 Update 77 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180770}) (Version: 8.0.770.3 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Logitech Gaming Software 8.76 (HKLM\...\Logitech Gaming Software) (Version: 8.76.155 - Logitech Inc.)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Nightbot (HKLM-x32\...\{c59fdb2c-3f60-4455-b0a8-c45b5aee5447}_is1) (Version: 0.0.1 - NightDev, LLC)
Node.js (HKLM\...\{E5DD2249-1D15-43FC-809E-9415B3533D8C}) (Version: 4.4.5 - Node.js Foundation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
PuTTY release 0.66 (HKLM-x32\...\PuTTY_is1) (Version: 0.66 - Simon Tatham)
Python 2.7.11 (64-bit) (HKLM\...\{16E52445-1392-469F-9ADB-FC03AF00CD62}) (Version: 2.7.11150 - Python Software Foundation)
qBittorrent 3.3.5 (HKLM-x32\...\qBittorrent) (Version: 3.3.5 - The qBittorrent project)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.9 - Samsung Electronics)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 11.0.1 - ShareX Team)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
SoundSwitch (HKU\S-1-5-21-3865103102-2897012257-3594236102-1001\...\5e9d4b807286f8d3) (Version: 2.4.1.4 - Jeroen Pelgrims)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TrackMania² Canyon (HKLM-x32\...\Steam App 228760) (Version:  - Nadeo)
Virtual Audio Cable 4.14 (HKLM\...\Virtual Audio Cable 4.14) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
WinSCP 5.7.6 (HKLM-x32\...\winscp3_is1) (Version: 5.7.6 - Martin Prikryl)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3865103102-2897012257-3594236102-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Carter\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {17AA13B4-96FA-4851-A892-BD9BAC81E3F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-26] (Google Inc.)
Task: {50CCB9C9-ED99-46EA-97A4-8E4060CF42B7} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {A388FF45-9E72-47B7-A9CA-EE77B0DA0348} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2015-11-06] (Samsung Electronics.)
Task: {CEBF4321-A56D-4F01-8FD8-28491D438FDF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-26] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-12-26 05:17 - 2015-07-14 22:04 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-12-26 05:57 - 2015-07-22 21:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-17 22:38 - 2015-12-17 22:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 22:38 - 2015-12-17 22:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-22 12:30 - 2013-04-07 09:09 - 00542208 _____ () C:\Users\Carter\McMyAdmin\MCMA_Service.exe
2015-12-26 05:16 - 2015-08-11 05:14 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2016-05-03 12:12 - 2016-05-02 01:55 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-21 06:01 - 2016-05-02 01:54 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-06-21 06:01 - 2016-05-02 01:55 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-06-21 06:01 - 2016-05-02 01:54 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-06-21 06:01 - 2016-05-02 01:55 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-06-21 06:01 - 2016-05-02 01:55 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-06-21 06:01 - 2016-05-02 01:55 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-05-03 12:12 - 2016-05-02 01:55 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-05-03 10:39 - 2016-03-16 00:55 - 02495768 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-05-03 10:39 - 2016-03-16 00:55 - 02495768 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-12-26 05:14 - 2015-09-17 01:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-26 05:16 - 2015-09-17 02:04 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-06-21 06:01 - 2016-05-02 01:54 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-06-21 06:01 - 2016-05-02 01:54 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-11-20 17:41 - 2015-11-20 17:41 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 20:07 - 2015-03-06 20:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-11-20 17:41 - 2015-11-20 17:41 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-06-19 21:51 - 2016-06-19 21:51 - 15881216 _____ () C:\Program Files (x86)\qBittorrent\qbittorrent.exe
2015-12-26 05:16 - 2015-11-25 00:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-26 05:16 - 2015-11-25 00:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-26 05:16 - 2015-11-25 00:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-26 05:16 - 2015-09-17 01:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-17 22:17 - 2016-06-15 04:26 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-17 22:17 - 2016-06-15 04:26 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2015-12-26 05:58 - 2016-05-02 02:02 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-06-03 16:09 - 2016-06-02 20:40 - 02779832 _____ () C:\Users\Carter\AppData\Local\Discord\app-0.0.291\libdiscord.dll
2016-06-03 16:09 - 2016-06-02 20:40 - 01746104 _____ () C:\Users\Carter\AppData\Local\Discord\app-0.0.291\ffmpeg.dll
2016-06-03 16:09 - 2016-06-02 20:40 - 00244920 _____ () \\?\C:\Users\Carter\AppData\Local\Discord\app-0.0.291\resources\node_modules\discord_toaster\discord_toaster.node
2016-06-03 16:09 - 2016-06-02 20:40 - 00112312 _____ () \\?\C:\Users\Carter\AppData\Local\Discord\app-0.0.291\resources\node_modules\discord_overlay\discord_overlay.node
2016-06-03 16:09 - 2016-06-02 20:40 - 01843896 _____ () C:\Users\Carter\AppData\Local\Discord\app-0.0.291\libglesv2.dll
2016-06-03 16:09 - 2016-06-02 20:40 - 00020664 _____ () C:\Users\Carter\AppData\Local\Discord\app-0.0.291\libegl.dll
2015-12-26 05:57 - 2016-04-29 16:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-12-26 05:57 - 2015-07-03 12:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-12-26 05:57 - 2016-06-14 20:47 - 02387024 _____ () C:\Program Files (x86)\Steam\video.dll
2015-12-26 05:57 - 2015-07-03 12:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-12-26 05:57 - 2015-07-03 12:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-12-26 05:57 - 2016-02-08 19:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-12-26 05:57 - 2016-02-08 19:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-12-26 05:57 - 2016-02-08 19:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-12-26 05:57 - 2016-02-08 19:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-12-26 05:57 - 2016-02-08 19:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-12-26 05:57 - 2016-06-14 20:47 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 00:21 - 2016-02-17 18:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-06-24 00:01 - 2016-06-24 00:01 - 00140800 _____ () \\?\C:\Users\Carter\AppData\Local\Temp\2BBE.tmp.node
2015-12-26 05:57 - 2016-06-14 15:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-12-26 05:57 - 2015-09-24 19:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 07:04 - 2015-07-10 07:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3865103102-2897012257-3594236102-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "AirPort Base Station Agent"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F0340198-E583-4FA1-891C-438A881F6462}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5D778599-1F6B-4491-86A3-4C21DD48A0F7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AEE13CB3-F0C3-45EA-8C31-C02BAFC32117}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3BC73BCD-6A42-4927-9042-B49EF8447F8E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{024DC4C8-3E2D-4C9A-92EA-F9E359C430DE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8C176B13-25AF-489B-A644-F62B2ADEFEC2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{521E49DE-288D-45B8-BD30-063C4125A39E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3A8D399E-7B69-47C6-8C09-E5050C8B7CFB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{73782160-9791-4670-B1D3-7C9AE7277D21}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{18675FDD-1034-4E54-A3B5-B56E78D43FA5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6B524FD6-F386-4921-8B9F-D55100FF3F48}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{12A08AC5-E966-4483-B76E-4E2ADC7C5440}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{219D554F-DDDD-44AF-AC5F-48A253E911B7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4E3D29ED-5AD6-4C6A-9536-869DE73CACE1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{74409D6F-5C12-4ECD-A001-9F09068BC794}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E25EAA2A-B0F1-453E-A227-2A01B220C89F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CA63BA1A-BAA7-4D16-8256-395D7764A5DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E104493E-A494-4F56-8163-AE2D5CCA2A28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{98E8A35A-751F-4747-A3D9-440A2F0C0EE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AFB0971C-28B9-4736-83E9-3DB1E4A2B99F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{EB9B47E0-7359-410A-ABC6-E7620F915001}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{7191BCAC-5C69-4529-99D9-383E720F2311}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{3620240D-F610-4700-9F88-935A8D4F8D23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{8821EBD5-A923-4037-9340-A6E66578B666}D:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe
FirewallRules: [UDP Query User{578CC4A8-52F6-42E5-AC43-002692F82FDD}D:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe
FirewallRules: [{79C004B6-D457-4ECD-958C-DCE4A4579279}] => (Block) D:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe
FirewallRules: [{76B0239A-0D6F-49C0-9859-867E5AB4B378}] => (Block) D:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe
FirewallRules: [{A5763B7A-EBAE-4FCD-9A67-24376126B050}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{E5418F2F-4307-4F1E-9F81-FDC28BE647DC}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{7EE81DD5-C671-4684-9B07-D48C053E52E0}D:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [UDP Query User{96C1AD86-1CBB-4ABC-B619-92A570CF1105}D:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [TCP Query User{0C8E67A7-BB8A-4064-A3AE-53B75C438346}D:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [UDP Query User{7732A940-A28D-4A15-AB71-382729AC89FB}D:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe] => (Allow) D:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe
FirewallRules: [{DFB9EF86-AC66-4FF5-AF1E-D2E183CD66B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ManiaPlanet_TMCanyon\ManiaPlanetLauncher.exe
FirewallRules: [{D5A3D459-1B99-41A8-A52D-D7DA0D33E9F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ManiaPlanet_TMCanyon\ManiaPlanetLauncher.exe
FirewallRules: [{D05DBA60-C38A-4158-9BE9-5756A5DE1D0E}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{F09AE2F6-EDD9-486C-9913-04054F916D16}] => (Allow) D:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [TCP Query User{89B1A0E1-557B-45D0-83F8-5D923D8423B0}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{4A036FFA-6B75-49CE-B0C2-6093DD51D0AA}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{72B4714D-0681-4265-A636-C330F0EA3665}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FA308213-9A5E-4EC4-BB8A-D3BBCCFAFF68}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A4970603-05CA-4523-88D9-6572C37429C7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{09874DD5-2431-4EF6-939A-1C8AB72E575D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1BEA5B75-83B9-4554-978F-0B8E60C9CFEE}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{617AFD31-FF2D-4DE6-9929-5B6512176B16}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{DD7A8142-987E-4C86-972C-40B8412789DF}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{34751684-84EB-42A9-8EFD-42358886574A}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{977667C0-751E-446F-9F69-82DCABB619FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{3A0DCA59-07D6-4F28-8580-959F9D920F17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{1DF3D4E9-5FA0-4675-8421-F1738561BD0A}C:\users\carter\desktop\eldewrito_0.5.1.1_release\eldorado.exe] => (Allow) C:\users\carter\desktop\eldewrito_0.5.1.1_release\eldorado.exe
FirewallRules: [UDP Query User{F3C05CC5-5798-4E81-8015-03C852CCE0B5}C:\users\carter\desktop\eldewrito_0.5.1.1_release\eldorado.exe] => (Allow) C:\users\carter\desktop\eldewrito_0.5.1.1_release\eldorado.exe
FirewallRules: [TCP Query User{FFD004BE-6E19-48DA-9131-06B234DA336E}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [UDP Query User{B2432197-F596-465A-B607-476CAC784F8D}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe
FirewallRules: [{7194244A-F9AB-487E-BEC9-11ED219238B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [{F525AE7A-3120-43DE-8181-001C1344D30A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4mp.exe
FirewallRules: [TCP Query User{8542CA23-C0EB-418C-A791-936DDFF32375}C:\program files (x86)\airport\aputil.exe] => (Block) C:\program files (x86)\airport\aputil.exe
FirewallRules: [UDP Query User{C2EDD44F-88D2-47AB-9B7E-D6891A741F8A}C:\program files (x86)\airport\aputil.exe] => (Block) C:\program files (x86)\airport\aputil.exe
FirewallRules: [TCP Query User{2A5B5438-0A9A-49B8-A504-A8ED639F75FB}C:\users\carter\appdata\local\mcmyadmin\mcmyadmin.exe] => (Allow) C:\users\carter\appdata\local\mcmyadmin\mcmyadmin.exe
FirewallRules: [UDP Query User{E945B44F-0178-47A4-9692-64CECEDDBA19}C:\users\carter\appdata\local\mcmyadmin\mcmyadmin.exe] => (Allow) C:\users\carter\appdata\local\mcmyadmin\mcmyadmin.exe
FirewallRules: [TCP Query User{1957EC4B-53D1-4515-8927-E231551A3A1D}C:\program files\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\java.exe
FirewallRules: [UDP Query User{716B2859-31B3-436B-9646-C22154A7217A}C:\program files\java\jre1.8.0_91\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\java.exe
FirewallRules: [TCP Query User{AF7F56FD-87EF-4F85-B727-9EAAF8EAEB99}C:\users\carter\appdata\local\cubecoders\amp\instances\feedthatbeast\amp.exe] => (Allow) C:\users\carter\appdata\local\cubecoders\amp\instances\feedthatbeast\amp.exe
FirewallRules: [UDP Query User{CA1CD6CF-080E-4816-A6C5-B8887BA82502}C:\users\carter\appdata\local\cubecoders\amp\instances\feedthatbeast\amp.exe] => (Allow) C:\users\carter\appdata\local\cubecoders\amp\instances\feedthatbeast\amp.exe
FirewallRules: [TCP Query User{0E9E2EAE-7D95-48A8-AF81-4573ABA98D44}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{9AA498E8-EE5A-4AA3-A59F-F04FFDFD0E8D}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{DED3FD1C-5936-4E68-88D7-6CFAA0C2A05C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{502C5764-E838-4451-815D-B51B14AA213A}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{E5F496BC-2854-43FD-BF4E-3B61D9746C1B}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{A2311CD9-93F4-4A4E-A115-5CF99758C335}C:\users\carter\appdata\local\cubecoders\amp\instances\ftb\amp.exe] => (Allow) C:\users\carter\appdata\local\cubecoders\amp\instances\ftb\amp.exe
FirewallRules: [UDP Query User{B89D4DB0-65B7-4886-84C0-57BC1592D434}C:\users\carter\appdata\local\cubecoders\amp\instances\ftb\amp.exe] => (Allow) C:\users\carter\appdata\local\cubecoders\amp\instances\ftb\amp.exe
FirewallRules: [{90F5638B-5034-4437-AB93-26A3DFDA5A15}] => (Allow) C:\Users\Carter\AppData\Local\CubeCoders\AMP\Instances\vanilla\AMPService.exe
FirewallRules: [{244FE606-4D7B-47F6-90B1-E5CF9A04E125}] => (Allow) C:\AMP\Instances\McMyAdmin\AMPService.exe
FirewallRules: [TCP Query User{A75F3592-706F-43E3-BC21-4CFC1C6CED31}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [UDP Query User{08655A0A-43A0-420E-82B9-F3C93F003A55}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [TCP Query User{89F4CED1-6948-43BD-B6AA-EA5905E5614A}C:\users\carter\mcmyadmin\mcmyadmin.exe] => (Allow) C:\users\carter\mcmyadmin\mcmyadmin.exe
FirewallRules: [UDP Query User{5B97DC8D-1855-4047-8BE8-619A166B2B41}C:\users\carter\mcmyadmin\mcmyadmin.exe] => (Allow) C:\users\carter\mcmyadmin\mcmyadmin.exe
FirewallRules: [{A73B766F-5CF2-43C6-AA1F-3A3C5152408E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{2EF4ECA0-73F2-4521-A04B-CB25C48808C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
 
==================== Restore Points =========================
 
13-06-2016 10:19:43 Scheduled Checkpoint
15-06-2016 05:44:13 Installed AMP Instance Manager.
17-06-2016 05:52:16 Installed Java SE Development Kit 8 Update 77 (64-bit)
21-06-2016 04:52:32 Removed AMP Instance Manager.
22-06-2016 12:51:57 Removed AMP Instance Manager.
 
==================== Faulty Device Manager Devices =============
 
Name: Qualcomm Atheros AR9485 Wireless Network Adapter
Description: Qualcomm Atheros AR9485 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/22/2016 02:40:19 PM) (Source: Service1) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller
 
Error: (06/22/2016 02:33:59 PM) (Source: Service1) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller
 
Error: (06/22/2016 12:51:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (06/21/2016 08:07:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RzWizard.exe, version: 1.0.6.1000, time stamp: 0x56f20403
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16766, time stamp: 0x56e8cf1c
Exception code: 0xe0434352
Fault offset: 0x000b40f8
Faulting process id: 0x1a24
Faulting application start time: 0xRzWizard.exe0
Faulting application path: RzWizard.exe1
Faulting module path: RzWizard.exe2
Report Id: RzWizard.exe3
Faulting package full name: RzWizard.exe4
Faulting package-relative application ID: RzWizard.exe5
 
Error: (06/21/2016 08:07:08 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: RzWizard.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.Threading.Mutex+MutexTryCodeHelper.MutexTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.Mutex.CreateMutexWithGuaranteedCleanup(Boolean, System.String, Boolean ByRef, SECURITY_ATTRIBUTES)
   at System.Threading.Mutex..ctor(Boolean, System.String, Boolean ByRef, System.Security.AccessControl.MutexSecurity)
   at System.Threading.Mutex..ctor(Boolean, System.String, Boolean ByRef)
   at Razer.MiniInstaller.App.SingleInstance_SetUp()
   at Razer.MiniInstaller.App.OnStartup(System.Windows.StartupEventArgs)
   at System.Windows.Application.<.ctor>b__1_0(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at Razer.MiniInstaller.App.Main()
 
Error: (06/21/2016 07:18:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6172
 
Error: (06/21/2016 07:18:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6172
 
Error: (06/21/2016 07:18:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/21/2016 07:18:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5156
 
Error: (06/21/2016 07:18:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5156
 
 
System errors:
=============
Error: (06/24/2016 12:00:06 AM) (Source: NTFS) (EventID: 137) (User: )
Description: The default transaction resource manager on volume D: encountered a non-retryable error and could not start.  The data contains the error code.
 
Error: (06/23/2016 11:59:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/23/2016 11:59:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/23/2016 11:59:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/23/2016 11:59:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McMyAdmin service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (06/23/2016 11:59:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/23/2016 11:59:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Wizard Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/23/2016 11:59:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/23/2016 11:59:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/23/2016 11:59:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Network Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 27%
Total physical RAM: 20419.47 MB
Available physical RAM: 14904.34 MB
Total Virtual: 21443.47 MB
Available Virtual: 15738.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:455.76 GB) (Free:178.39 GB) NTFS
Drive d: () (Fixed) (Total:931 GB) (Free:500.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 06F1BED1)
Partition 1: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 53480C8D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#5 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:06:40 AM

Posted 05 July 2016 - 09:27 AM

Looking over your logs I see a few entries that might interfere with any fixes I submit:

We Need to Diagnose a Possible Problem with WGA

  • Please download MGADiag and save it to your desktop.
  • Double click the mgadiag.png icon on your desktop.
  • Click Continue
  • Click Copy
  • Go to Start -> Run and type in "Notepad"
  • Go to Edit -> Paste in notepad.
  • x out all of the numbers and letters in the line beginning with "Windows Product Key:"
  • Copy and paste that log here.

And one more:

  • Download CKScanner from here:http://downloads.malwareremoval.com/CKScanner.exe
    Important - Save it to your desktop.
  • Right Click CKScanner.exe and "Run as administrator".
  • Give permission if necessary, and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please run the program once only.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Any questions please ask. 


To err is Human. To blame it on someone else is even more Human.

#6 Rules

Rules
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 05 July 2016 - 05:14 PM

MGADiag:
 

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Validation unsupported OS
Validation Code: 6
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-xxxxx-xxxxx-xxxxx
Windows Product Key Hash: 0zRNbNcHPfkI0d+ErHk4bnRE5GM=
Windows Product ID: 00329-00000-00003-AA066
Windows Product ID Type: 0
Windows License Type: Unknown
Windows OS version: N/A, hr=0x8007007a
ID: {FF6FCAD4-85D5-4910-A40E-46C75E7633B7}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 10 Enterprise
Architecture: 0x00000009
Build lab: 10240.th1_st1.160408-1853
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A
 
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
 
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
 
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
 
OGA Data-->
Office Status: 111 Unsupported OS
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 
 
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
 
File Scan Data-->
File Mismatch: C:\Windows\system32\licdll.dll[Hr = 0x80070002]
File Mismatch: C:\Windows\system32\oembios.bin[Hr = 0x80070002]
File Mismatch: C:\Windows\system32\oembios.dat[Hr = 0x80070002]
File Mismatch: C:\Windows\system32\oembios.sig[Hr = 0x80070002]
 
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{FF6FCAD4-85D5-4910-A40E-46C75E7633B7}</UGUID><Version>1.9.0027.0</Version><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-2YT43</PKey><PID>00329-00000-00003-AA066</PID><PIDType>0</PIDType><SID>S-1-5-21-3865103102-2897012257-3594236102</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>To Be Filled By O.E.M.</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P1.90</Version><SMBIOSVersion major="2" minor="7"/><Date>20131224000000.000000+000</Date></BIOS><HWID>11B83607018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>111</Result><Products/><Applications><App Id="01" Version="10" Result="32"/><App Id="02" Version="10" Result="15681604"/><App Id="03" Version="10" Result="33554431"/><App Id="04" Version="10" Result="13175976"/><App Id="05" Version="10" Result="15681576"/><App Id="06" Version="10" Result="13172736"/><App Id="07" Version="10" Result="3"/><App Id="08" Version="10" Result="13949948"/><App Id="09" Version="10" Result="1997790040"/><App Id="0A" Version="10" Result="72"/><App Id="0C" Version="10" Result="13950704"/><App Id="0E" Version="10" Result="34078782"/><App Id="0F" Version="10" Result="13950064"/><App Id="10" Version="10" Result="80"/><App Id="12" Version="10" Result="2"/><App Id="14" Version="10" Result="10"/><App Id="16" Version="10" Result="15682656"/><App Id="17" Version="10" Result="13949964"/><App Id="18" Version="10" Result="1997789800"/><App Id="19" Version="10" Result="13950704"/><App Id="1A" Version="10" Result="62"/><App Id="1B" Version="10" Result="13950592"/><App Id="1C" Version="10" Result="1997778012"/><App Id="1D" Version="10" Result="15682664"/><App Id="1E" Version="10" Result="13950064"/><App Id="1F" Version="10" Result="62"/><App Id="20" Version="10" Result="13951488"/><App Id="21" Version="10" Result="15883440"/><App Id="22" Version="10" Result="1997778147"/><App Id="24" Version="10" Result="13950064"/><App Id="25" Version="10" Result="1997552724"/><App Id="26" Version="10" Result="65536"/><App Id="28" Version="10" Result="34078782"/><App Id="29" Version="10" Result="13950064"/><App Id="2A" Version="10" Result="13893694"/><App Id="2B" Version="10" Result="8"/><App Id="2D" Version="10" Result="15682664"/><App Id="2E" Version="10" Result="13950076"/><App Id="2F" Version="10" Result="1997988149"/><App Id="30" Version="10" Result="13950164"/><App Id="31" Version="10" Result="14027608"/><App Id="32" Version="10" Result="13950288"/><App Id="33" Version="10" Result="14027584"/><App Id="34" Version="10" Result="14027540"/><App Id="35" Version="10" Result="14027584"/><App Id="37" Version="10" Result="13950192"/><App Id="38" Version="10" Result="13950116"/><App Id="39" Version="10" Result="1997988094"/><App Id="3A" Version="10" Result="13950180"/><App Id="3B" Version="10" Result="13959420"/><App Id="3C" Version="10" Result="9"/><App Id="3D" Version="10" Result="13959168"/><App Id="3E" Version="10" Result="13965212"/><App Id="40" Version="10" Result="1997775586"/><App Id="41" Version="10" Result="13950204"/><App Id="42" Version="10" Result="13950352"/><App Id="43" Version="10" Result="1952"/><App Id="44" Version="10" Result="13959169"/><App Id="45" Version="10" Result="9"/><App Id="46" Version="10" Result="16"/><App Id="47" Version="10" Result="13967004"/><App Id="48" Version="10" Result="13967092"/><App Id="49" Version="10" Result="13950436"/><App Id="4B" Version="10" Result="13950288"/><App Id="4C" Version="10" Result="16899372"/><App Id="4D" Version="10" Result="-194488364"/><App Id="4E" Version="10" Result="380"/><App Id="50" Version="10" Result="236"/><App Id="51" Version="10" Result="2"/><App Id="53" Version="10" Result="477611025"/><App Id="54" Version="10" Result="13950308"/><App Id="55" Version="10" Result="1997774076"/><App Id="56" Version="10" Result="13950436"/><App Id="57" Version="10" Result="13950352"/><App Id="58" Version="10" Result="13950296"/><App Id="59" Version="10" Result="13950288"/><App Id="5A" Version="10" Result="1997774466"/><App Id="5C" Version="10" Result="13950652"/><App Id="5D" Version="10" Result="13950536"/><App Id="5E" Version="10" Result="1997774202"/><App Id="63" Version="10" Result="1952"/><App Id="64" Version="10" Result="13965212"/><App Id="65" Version="10" Result="2128142336"/><App Id="66" Version="10" Result="24"/><App Id="67" Version="10" Result="3"/><App Id="69" Version="10" Result="2"/><App Id="6A" Version="10" Result="3"/><App Id="6B" Version="10" Result="2"/><App Id="6C" Version="10" Result="-194488364"/><App Id="6D" Version="10" Result="2128113664"/><App Id="6E" Version="10" Result="1"/><App Id="6F" Version="10" Result="477611517"/><App Id="71" Version="10" Result="13950500"/><App Id="72" Version="10" Result="1997772863"/><App Id="73" Version="10" Result="3"/><App Id="75" Version="10" Result="2"/><App Id="76" Version="10" Result="13950436"/><App Id="77" Version="10" Result="13950352"/><App Id="78" Version="10" Result="13950992"/><App Id="7A" Version="10" Result="1997772960"/><App Id="7C" Version="10" Result="64"/><App Id="8C" Version="10" Result="13950588"/><App Id="8E" Version="10" Result="13950584"/><App Id="91" Version="10" Result="1310738"/><App Id="92" Version="10" Result="15925704"/><App Id="95" Version="10" Result="2"/><App Id="98" Version="10" Result="131072"/><App Id="99" Version="10" Result="13950488"/><App Id="9A" Version="10" Result="13950488"/><App Id="9B" Version="10" Result="13950488"/><App Id="9C" Version="10" Result="2"/><App Id="9D" Version="10" Result="2"/><App Id="9F" Version="10" Result="477611717"/><App Id="A0" Version="10" Result="13950868"/><App Id="A1" Version="10" Result="13950992"/><App Id="A2" Version="10" Result="1997776701"/><App Id="A3" Version="10" Result="13950652"/><App Id="A5" Version="10" Result="44"/><App Id="A6" Version="10" Result="13952056"/><App Id="A7" Version="10" Result="15925704"/><App Id="A8" Version="10" Result="1997776815"/><App Id="AA" Version="10" Result="1310738"/><App Id="AB" Version="10" Result="15925704"/><App Id="AE" Version="10" Result="13893632"/><App Id="B0" Version="10" Result="15532032"/><App Id="B1" Version="10" Result="15682648"/><App Id="B3" Version="10" Result="5"/><App Id="B7" Version="10" Result="15663114"/><App Id="B8" Version="10" Result="8388608"/><App Id="B9" Version="10" Result="13950728"/><App Id="BA" Version="10" Result="15575288"/><App Id="BB" Version="10" Result="13950652"/><App Id="BC" Version="10" Result="1998046554"/><App Id="BD" Version="10" Result="15532032"/><App Id="BE" Version="10" Result="13951488"/><App Id="BF" Version="10" Result="-1073741809"/><App Id="C0" Version="10" Result="2097152"/><App Id="C1" Version="10" Result="13950696"/><App Id="C2" Version="10" Result="13950696"/><App Id="C3" Version="10" Result="13950696"/><App Id="C4" Version="10" Result="32"/><App Id="C5" Version="10" Result="32"/><App Id="D2" Version="10" Result="1952448512"/><App Id="D3" Version="10" Result="1174405120"/><App Id="D4" Version="10" Result="3145776"/><App Id="D5" Version="10" Result="15682656"/><App Id="D6" Version="10" Result="156"/><App Id="D7" Version="10" Result="1441814"/><App Id="D8" Version="10" Result="15682704"/><App Id="D9" Version="10" Result="15682656"/><App Id="DA" Version="10" Result="4"/><App Id="DB" Version="10" Result="4194366"/><App Id="DC" Version="10" Result="15883440"/><App Id="DD" Version="10" Result="13951488"/><App Id="E3" Version="10" Result="1"/><App Id="E4" Version="10" Result="24"/><App Id="E6" Version="10" Result="13950704"/><App Id="E7" Version="10" Result="64"/><App Id="F2" Version="10" Result="1"/><App Id="F4" Version="10" Result="13965212"/><App Id="F5" Version="10" Result="13952436"/><App Id="F6" Version="10" Result="13952064"/><App Id="F7" Version="10" Result="13952292"/><App Id="F8" Version="10" Result="477611857"/><App Id="F9" Version="10" Result="13951
 
Spsys.log Content: 0x80070002
 
Licensing Data-->
N/A, hr = 0x80070424
 
Windows Activation Technologies-->
N/A
 
HWID Data-->
HWID Hash Current: OAAAAAEAAgABAAEAAQAGAAAAAQABAAEAbCYmUbXFwr/o7cJl3sAQAgbpmvnVX0TRReEzXTR7LnM=
 
OEM Activation 1.0 Data-->
N/A
 
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information: 
  ACPI Table Name OEMID Value OEMTableID Value
  MCFG ALASKA A M I
  FACP ALASKA A M I
  APIC ALASKA A M I
  HPET ALASKA A M I
  FPDT ALASKA A M I
  SSDT Intel_ AoacTabl
  AAFT ALASKA OEMAAFT 
  SSDT Intel_ AoacTabl
  SSDT Intel_ AoacTabl
  SSDT Intel_ AoacTabl
  ASF! INTEL HCG
  BGRT ALASKA A M I
 
CKScanner:

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\program files\inkscape\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files\kmspico\devcomponents.dotnetbar2.dll
c:\program files\kmspico\kmseldi.exe
c:\program files\kmspico\service_kms.exe
c:\program files\kmspico\unins000.dat
c:\program files\kmspico\unins000.exe
c:\program files\kmspico\uninshs.exe
c:\program files\kmspico\vestris.resourcelib.dll
c:\program files\kmspico\cert\installall.cmd
c:\program files\kmspico\cert\kmscert2010\access\accessvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\access\accessvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\access\accessvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excelvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\excel\excelvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\excel\excelvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groovevlreg32.reg
c:\program files\kmspico\cert\kmscert2010\groove\groovevlreg64.reg
c:\program files\kmspico\cert\kmscert2010\groove\groovevlregwow.reg
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlreg32.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlreg64.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlregwow.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlreg32.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlreg64.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlregwow.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_mak2.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusacad_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusacad_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusacad_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusacad_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlreg32.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlreg64.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlregwow.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardacad_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardacad_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardacad_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardacad_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\standard\standardvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\standard\standardvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiovlreg32.reg
c:\program files\kmspico\cert\kmscert2010\visio\visiovlreg64.reg
c:\program files\kmspico\cert\kmscert2010\visio\visiovlregwow.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_mak.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._6ee7622c_18d8_4005_9fb7_92db644a279b.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._6ee7622c_18d8_4005_9fb7_92db644a279b.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\licensesetdata._6ee7622c_18d8_4005_9fb7_92db644a279b.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\proplus.reg
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\visio.reg
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licenses.sl.pkeyconfig.signed.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.phn.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.ppdlic.xrm-ms
c:\program files\kmspico\driver\openvpn.cer
c:\program files\kmspico\driver\tap-windows-9.21.0.exe
c:\program files\kmspico\driver\uninstalldriver.cmd
c:\program files\kmspico\icons\error.png
c:\program files\kmspico\icons\information.png
c:\program files\kmspico\icons\question.png
c:\program files\kmspico\icons\warning.png
c:\program files\kmspico\logs\autopico.log
c:\program files\kmspico\logs\kmseldi.log
c:\program files\kmspico\logs\service_kms.log
c:\program files\kmspico\scripts\enablesmartscreen.cmd
c:\program files\kmspico\scripts\enablesmartscreen.reg
c:\program files\kmspico\scripts\install_service.cmd
c:\program files\kmspico\scripts\install_task.cmd
c:\program files\kmspico\scripts\log.cmd
c:\program files\kmspico\scripts\restore_watermark.cmd
c:\program files\kmspico\scripts\silent.cmd
c:\program files\kmspico\scripts\uninstall_service.cmd
c:\program files\kmspico\sounds\affirmative.mp3
c:\program files\kmspico\sounds\begin.mp3
c:\program files\kmspico\sounds\complete.mp3
c:\program files\kmspico\sounds\diagnostic.mp3
c:\program files\kmspico\sounds\enterauthorizationcode.mp3
c:\program files\kmspico\sounds\incomingtransmission.mp3
c:\program files\kmspico\sounds\inputfailed.mp3
c:\program files\kmspico\sounds\inputok.mp3
c:\program files\kmspico\sounds\processing.mp3
c:\program files\kmspico\sounds\transfer.mp3
c:\program files\kmspico\sounds\verified.mp3
c:\program files\kmspico\sounds\warning.mp3
c:\program files\kmspico\tokensbackup\keys.txt
c:\program files\kmspico\tokensbackup\windows\data.dat
c:\program files\kmspico\tokensbackup\windows\pkeyconfig.xrm-ms
c:\program files\kmspico\tokensbackup\windows\tokens.dat
c:\program files\kmspico\tokensbackup\windows\cache\cache.dat
c:\program files (x86)\steam\steamapps\common\rocketleague\tagame\cookedpcconsole\paintfinish_cracked_sf.upk
c:\users\carter\desktop\microsoft.windows.10.enterprise.and.office.2016.pro.plus.visio.project.pro.vl-iso\activator\kmsauto net.exe
c:\windows\prefetch\kmseldi.exe-77249401.pf
c:\windows\prefetch\kmspico_setup.exe-4be89e1f.pf
c:\windows\prefetch\kmspico_setup.tmp-4bdb3f3e.pf
c:\windows\prefetch\kmspico_setup.tmp-b6a93cb6.pf
scanner sequence 3.ZZ.11.JTAPKZ
 ----- EOF ----- 
 


#7 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:06:40 AM

Posted 08 July 2016 - 10:22 PM

Sorry for the wait.

It it appears your copy of Windows and Office are not valid. And in all likelihood someone may have slipped something unsavory into the illegal Windows activator in the form of some malware. This only makes sense. I doubt that anyone would go through all the trouble of setting up this program to crack a Windows Operating System just out of the kindness of their hearts. Something must be in it for them, and at your ultimate expense.

And I need to quote from the Bleeping Computer Rules:

No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences.

I'll be more than happy to assist you in fixing this. But to do so would involve removing the activator crack, and I don't know what effect that would have on the installed OS. You will either have to purchase a valid license or install a legit OS.

So if you have the Product Key for the original Operating System download the proper version of Windows 10. If you had a Home version of either Windows 7 or Windows 8, you can only use the Home version of Windows 10. Let me know of your next move.
To err is Human. To blame it on someone else is even more Human.

#8 Rules

Rules
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 09 July 2016 - 01:36 PM

Carry on with the infection removal. I'd be willing to purchase a license if/when the OS determines I need to without the crack.



#9 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:06:40 AM

Posted 12 July 2016 - 05:14 PM

I'm back.

:step1:

We need to remove some programs with Revo Uninstaller Free:

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an alternate method of removal.
  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    KMSpico
  • When prompted if you want to uninstall click Yes
  • Be sure the Advanced option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
:step2:
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it asfixlist.txt
R2 McMyAdmin; C:\Users\Carter\McMyAdmin\MCMA_Service.exe [542208 2013-04-07] () [File not signed]
2016-06-22 14:31 - 2016-06-30 04:00 - 00000000 ____D C:\Users\Carter\McMyAdmin
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
Reboot:
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
:step3:

When you have your computer back please run Farbar Recovery Scan Tool again and post the logs:
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Under Optional scan ensure that the box for Addition.txt is ticked
  • Press the Scan button.
  • When finished, it will produce two logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.
Please let me know how you computer is running after doing the above. 
To err is Human. To blame it on someone else is even more Human.

#10 Rules

Rules
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 12 July 2016 - 07:25 PM

I'm going to re-image. Thank you for your assistance.



#11 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:06:40 AM

Posted 13 July 2016 - 06:41 PM

I'm going to re-image. Thank you for your assistance.


Probably for the best. When it comes to any sort of "cracked" software it's hard to tell how deep the infection is hiding. Will you be needing any help with the re installation?
To err is Human. To blame it on someone else is even more Human.

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:40 AM

Posted 19 July 2016 - 05:58 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users