Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Registry Malware. Hundreds of G searches per hour recorded.


  • This topic is locked This topic is locked
16 replies to this topic

#1 later6868

later6868

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 18 July 2016 - 08:48 AM

Notice: I have absolutely no experience with computer internals. So it's OK to chat with me like I'm a complete and utter noob.

 

I have a problem with up to hundreds of G searches per hour through my G account. Not sure what browser the traffic is going through. I did a search in myactivity.google . com after noticing my internet connection was slowing down to a crawl and every time I went to do a search, G threw up a captcha. I found that someone, or malware, is using my computer to complete G searches on a scale I find impressive.

 

I downloaded ran MalwareBytes (paid version) and nothing was found.

 

I ran BitDefender (paid version) and nothing was found.

 

I ran all of CCleaner's options. 

 

I downloaded and ran RogueKiller. It found over 600 PUM.proxy items. After I deleted the items two days ago, today I noticed a similar internet slowdown. Ran RogueKiller again this morning and found additional Pum.proxy items...so obviously something is wrong.

 

Below is the report from RogueKiller that I ran two days ago and below that is the report from this morning.

 

========================================================================================

 

RogueKiller V12.3.8.0 (x64) [Jul 11 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Richard [Administrator]
Started from : C:\Users\Richard\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 07/16/2016 13:23:38
 
¤¤¤ Processes : 2 ¤¤¤
[Proc.Svchost] svchost.exe(6048) -- C:\Program Files (x86)\ASUS\ASUS Manager\USB Lock\svchost.exe[7] -> Found
 
¤¤¤ Registry : 684 ¤¤¤
[Suspicious.Path|VT.Unknown] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Run | application : C:\Users\Richard\AppData\Local\Apps\2.0\75D1L8WO.7LK\TRV0Z6CC.TH4\vide..tion_0000000000000000_0001.0014_070966b49b865176application.appref-ms [-] -> Found
[Suspicious.Path|VT.Unknown] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Run | application : C:\Users\Richard\AppData\Local\Apps\2.0\75D1L8WO.7LK\TRV0Z6CC.TH4\vide..tion_0000000000000000_0001.0014_070966b49b865176application.appref-ms [-] -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-00-ca-11-22-33 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-29-0d-27-72-57 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-67-f9-01-3f-a6 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-b1-af-67-da-46 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-8c-15-e9-68-64 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-ca-b8-ad-15-fa -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\16-40-62-37-a2-24 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\16-bf-58-2c-77-9c -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b_6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b_d0-59-e4-e8-af-39 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1e-32-34-5c-99-72 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1e-a0-c7-ea-38-44 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\22-e9-5b-7e-05-b4 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\26-bd-8a-64-ff-f3 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2a-19-2f-99-76-5b -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2e-1a-a8-35-fc-30 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\32-f5-d3-6e-b2-c5 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3a-6d-1e-03-f6-ab -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-22-1d-c3-d6-60 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-5e-87-6b-09-c8 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-78-3c-59-b6-61_6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-08-09-55-4a-e5 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-13-83-29-0b-7b -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-86-2e-b8-51-97 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4e-4c-c8-0b-ab-ef -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4e-b2-e6-da-0f-94 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\56-df-57-61-4a-14 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\5e-44-4c-64-3f-3c -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6c-ca-08-5b-95-20_f6-dd-59-9e-fb-2a -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6e-d4-3f-0f-8f-0e -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\72-2f-a9-12-07-b2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\74-9d-dc-3a-0f-89 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-10-01-59-05-d2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-94-3b-51-24-a6 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-99-75-50-dd-b6 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7e-3e-22-85-38-3b -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\82-41-37-c8-31-70 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8e-1c-af-9d-8e-84 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8e-c4-44-2c-cd-71 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-72-2d-78-df-42 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-85-9f-e2-c0-41 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\94-cc-b9-00-3e-e6 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\96-fb-08-5f-07-5e -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\9e-47-5a-ed-ce-b8 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\9e-59-fe-70-8e-2b -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\aa-6c-76-e3-df-56 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b6-50-f1-da-67-71 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b6-6d-d6-1c-3a-42 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ba-a8-c3-2e-de-8a -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\be-a5-f8-16-ab-4d -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9_f6-8f-86-f7-14-bc -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c2-c2-5f-b8-f7-2d -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-39-2e-27-f0-fb -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-39-2e-27-f0-fb_d0-59-e4-e8-af-39 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-ff-9d-e5-45-12 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ce-eb-6b-65-7e-13 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d0-59-e4-e8-af-39 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d0-59-e4-e8-af-39_ee-d1-d4-99-28-4a -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d6-07-1c-9f-32-a3 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-2f-ae-f1-2d-0b -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-47-b5-41-bb-db -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-cf-e7-3f-44-12 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-0f-dc-1e-c5-63 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-81-cc-97-6f-df -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-8f-74-d3-af-6f -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e2-01-0d-eb-7b-e2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e2-29-70-28-34-f9 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ea-11-1c-0e-86-b4 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ea-27-8e-47-cd-28 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-05-95-6f-f0-c2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-97-d4-f3-58-7a -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-d1-d4-99-28-4a -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f2-55-84-e2-8c-a2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f2-9b-d0-f9-39-81 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f4-0f-1b-1e-0e-87 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f6-8f-86-f7-14-bc -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fa-79-73-15-5e-a2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0E13413A-3C86-4AD1-BDE0-BE884CD73104} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0E13413A-3C86-4AD1-BDE0-BE884CD73104}_{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14}_{339A9BC1-D081-4752-A383-1BA4D648E343} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14}_{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14}_{A99C8DE7-E1B8-4874-B89E-6959D8E5D3B0} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114}_{60633355-3145-4D32-A4BD-8A123BDB5C43} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114}_{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114}_{D581F0D7-E10D-492B-BC8A-6C99BC697A8B} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1A2EC656-0D55-4D79-A969-421E29EDCF1F} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1FD3F7E0-272E-4898-808D-627C57A04518} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{335E9BD3-EEDE-40C7-B10F-B1E1255B40ED} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{339A9BC1-D081-4752-A383-1BA4D648E343} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3976EB48-510B-4E9A-B7BD-392050A3AD44} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{48BE21FD-552E-48AF-A963-1880821D43C3} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B4788A8-177B-4354-97B5-E238BD3585BA} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{60633355-3145-4D32-A4BD-8A123BDB5C43} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6471328F-E818-4BEA-9E03-816D541CEA15} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{7080E0DA-879E-4ABB-B81D-E2C7DCF4349E} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{70F2166A-35C4-40FB-9473-3F51F2CD5F1C} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8D1C82A8-6899-4E96-8FE7-5DC10DC7FA39} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9623FCDF-9FBA-45D6-B434-F61A369CEEAD} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AE522D97-1D5B-444A-B02A-A3757B767D20} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{BBE53314-DA1D-4F00-B54C-181FEFF051A0} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CC7ABE8E-B33A-4E0E-930D-F894B6C56C56} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D581F0D7-E10D-492B-BC8A-6C99BC697A8B} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E1D52E71-EEC1-43DD-AEF6-A75FC3CCAEA6} -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FCB8729E-DADA-4032-894C-A7691540714A} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-00-ca-11-22-33 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-29-0d-27-72-57 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-67-f9-01-3f-a6 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-b1-af-67-da-46 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-8c-15-e9-68-64 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-ca-b8-ad-15-fa -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\16-40-62-37-a2-24 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\16-bf-58-2c-77-9c -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b_6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b_d0-59-e4-e8-af-39 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1e-32-34-5c-99-72 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1e-a0-c7-ea-38-44 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\22-e9-5b-7e-05-b4 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\26-bd-8a-64-ff-f3 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2a-19-2f-99-76-5b -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2e-1a-a8-35-fc-30 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\32-f5-d3-6e-b2-c5 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3a-6d-1e-03-f6-ab -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-22-1d-c3-d6-60 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-5e-87-6b-09-c8 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-78-3c-59-b6-61_6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-08-09-55-4a-e5 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-13-83-29-0b-7b -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-86-2e-b8-51-97 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4e-4c-c8-0b-ab-ef -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4e-b2-e6-da-0f-94 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\56-df-57-61-4a-14 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\5e-44-4c-64-3f-3c -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6c-ca-08-5b-95-20_f6-dd-59-9e-fb-2a -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6e-d4-3f-0f-8f-0e -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\72-2f-a9-12-07-b2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\74-9d-dc-3a-0f-89 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-10-01-59-05-d2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-94-3b-51-24-a6 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-99-75-50-dd-b6 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7e-3e-22-85-38-3b -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\82-41-37-c8-31-70 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8e-1c-af-9d-8e-84 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8e-c4-44-2c-cd-71 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-72-2d-78-df-42 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-85-9f-e2-c0-41 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\94-cc-b9-00-3e-e6 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\96-fb-08-5f-07-5e -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\9e-47-5a-ed-ce-b8 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\9e-59-fe-70-8e-2b -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\aa-6c-76-e3-df-56 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b6-50-f1-da-67-71 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b6-6d-d6-1c-3a-42 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ba-a8-c3-2e-de-8a -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\be-a5-f8-16-ab-4d -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9_f6-8f-86-f7-14-bc -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c2-c2-5f-b8-f7-2d -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-39-2e-27-f0-fb -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-39-2e-27-f0-fb_d0-59-e4-e8-af-39 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-ff-9d-e5-45-12 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ce-eb-6b-65-7e-13 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d0-59-e4-e8-af-39 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d0-59-e4-e8-af-39_ee-d1-d4-99-28-4a -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d6-07-1c-9f-32-a3 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-2f-ae-f1-2d-0b -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-47-b5-41-bb-db -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-cf-e7-3f-44-12 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-0f-dc-1e-c5-63 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-81-cc-97-6f-df -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-8f-74-d3-af-6f -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e2-01-0d-eb-7b-e2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e2-29-70-28-34-f9 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ea-11-1c-0e-86-b4 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ea-27-8e-47-cd-28 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-05-95-6f-f0-c2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-97-d4-f3-58-7a -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-d1-d4-99-28-4a -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f2-55-84-e2-8c-a2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f2-9b-d0-f9-39-81 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f4-0f-1b-1e-0e-87 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f6-8f-86-f7-14-bc -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fa-79-73-15-5e-a2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0E13413A-3C86-4AD1-BDE0-BE884CD73104} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0E13413A-3C86-4AD1-BDE0-BE884CD73104}_{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14}_{339A9BC1-D081-4752-A383-1BA4D648E343} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14}_{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14}_{A99C8DE7-E1B8-4874-B89E-6959D8E5D3B0} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114}_{60633355-3145-4D32-A4BD-8A123BDB5C43} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114}_{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114}_{D581F0D7-E10D-492B-BC8A-6C99BC697A8B} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1A2EC656-0D55-4D79-A969-421E29EDCF1F} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1FD3F7E0-272E-4898-808D-627C57A04518} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{335E9BD3-EEDE-40C7-B10F-B1E1255B40ED} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{339A9BC1-D081-4752-A383-1BA4D648E343} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3976EB48-510B-4E9A-B7BD-392050A3AD44} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{48BE21FD-552E-48AF-A963-1880821D43C3} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B4788A8-177B-4354-97B5-E238BD3585BA} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{60633355-3145-4D32-A4BD-8A123BDB5C43} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6471328F-E818-4BEA-9E03-816D541CEA15} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{7080E0DA-879E-4ABB-B81D-E2C7DCF4349E} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{70F2166A-35C4-40FB-9473-3F51F2CD5F1C} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8D1C82A8-6899-4E96-8FE7-5DC10DC7FA39} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9623FCDF-9FBA-45D6-B434-F61A369CEEAD} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AE522D97-1D5B-444A-B02A-A3757B767D20} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{BBE53314-DA1D-4F00-B54C-181FEFF051A0} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CC7ABE8E-B33A-4E0E-930D-F894B6C56C56} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D581F0D7-E10D-492B-BC8A-6C99BC697A8B} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E1D52E71-EEC1-43DD-AEF6-A75FC3CCAEA6} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FCB8729E-DADA-4032-894C-A7691540714A} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-00-ca-11-22-33 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-29-0d-27-72-57 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-67-f9-01-3f-a6 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-b1-af-67-da-46 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-ca-b8-ad-15-fa -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\16-40-62-37-a2-24 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\16-bf-58-2c-77-9c -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b_6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b_d0-59-e4-e8-af-39 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1e-32-34-5c-99-72 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1e-a0-c7-ea-38-44 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\22-e9-5b-7e-05-b4 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\26-bd-8a-64-ff-f3 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2a-19-2f-99-76-5b -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2e-1a-a8-35-fc-30 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\32-f5-d3-6e-b2-c5 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3a-6d-1e-03-f6-ab -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-22-1d-c3-d6-60 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-5e-87-6b-09-c8 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-78-3c-59-b6-61_6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-08-09-55-4a-e5 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-13-83-29-0b-7b -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-86-2e-b8-51-97 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4e-4c-c8-0b-ab-ef -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4e-b2-e6-da-0f-94 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\56-df-57-61-4a-14 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\5e-44-4c-64-3f-3c -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6e-d4-3f-0f-8f-0e -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\72-2f-a9-12-07-b2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\74-9d-dc-3a-0f-89 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-10-01-59-05-d2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-94-3b-51-24-a6 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-99-75-50-dd-b6 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7e-3e-22-85-38-3b -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\82-41-37-c8-31-70 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8e-1c-af-9d-8e-84 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8e-c4-44-2c-cd-71 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-38-40-3b-68-12 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-72-2d-78-df-42 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-85-9f-e2-c0-41 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\94-cc-b9-00-3e-e6 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\96-45-26-00-3c-f3 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\96-fb-08-5f-07-5e -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\9e-47-5a-ed-ce-b8 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\9e-59-fe-70-8e-2b -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\aa-6c-76-e3-df-56 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b6-50-f1-da-67-71 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b6-6d-d6-1c-3a-42 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ba-a8-c3-2e-de-8a -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\be-a5-f8-16-ab-4d -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9_f6-8f-86-f7-14-bc -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c2-c2-5f-b8-f7-2d -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-39-2e-27-f0-fb -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-ff-9d-e5-45-12 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ce-2b-37-a9-cc-dd -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ce-eb-6b-65-7e-13 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d0-59-e4-e8-af-39 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d0-59-e4-e8-af-39_ee-d1-d4-99-28-4a -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d6-07-1c-9f-32-a3 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-2f-ae-f1-2d-0b -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-47-b5-41-bb-db -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-cf-e7-3f-44-12 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-0f-dc-1e-c5-63 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-81-cc-97-6f-df -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-8f-74-d3-af-6f -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e2-01-0d-eb-7b-e2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e2-29-70-28-34-f9 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ea-11-1c-0e-86-b4 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ea-27-8e-47-cd-28 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-05-95-6f-f0-c2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-97-d4-f3-58-7a -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-d1-d4-99-28-4a -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f2-55-84-e2-8c-a2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f2-9b-d0-f9-39-81 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f4-0f-1b-1e-0e-87 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f6-8f-86-f7-14-bc -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f6-dd-59-9e-fb-2a -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fa-79-73-15-5e-a2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0078710A-A9BF-48A9-8934-6D48F7420DAA} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0E13413A-3C86-4AD1-BDE0-BE884CD73104} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0E13413A-3C86-4AD1-BDE0-BE884CD73104}_{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14}_{339A9BC1-D081-4752-A383-1BA4D648E343} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14}_{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{181D912E-C443-4B10-A334-EE5C801B5574} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114}_{60633355-3145-4D32-A4BD-8A123BDB5C43} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114}_{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1A2EC656-0D55-4D79-A969-421E29EDCF1F} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1FD3F7E0-272E-4898-808D-627C57A04518} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{269B1BCA-37CC-4197-8362-7AA5082D3C1B} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{335E9BD3-EEDE-40C7-B10F-B1E1255B40ED} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{339A9BC1-D081-4752-A383-1BA4D648E343} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{374EEDD2-005A-4891-8782-DDE0074F92E5} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3976EB48-510B-4E9A-B7BD-392050A3AD44} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{48BE21FD-552E-48AF-A963-1880821D43C3} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B4788A8-177B-4354-97B5-E238BD3585BA} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{60633355-3145-4D32-A4BD-8A123BDB5C43} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6471328F-E818-4BEA-9E03-816D541CEA15} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{7080E0DA-879E-4ABB-B81D-E2C7DCF4349E} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{70F2166A-35C4-40FB-9473-3F51F2CD5F1C} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8D1C82A8-6899-4E96-8FE7-5DC10DC7FA39} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9623FCDF-9FBA-45D6-B434-F61A369CEEAD} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{A99C8DE7-E1B8-4874-B89E-6959D8E5D3B0} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AE522D97-1D5B-444A-B02A-A3757B767D20} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{BBE53314-DA1D-4F00-B54C-181FEFF051A0} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{C1B21557-7CC6-445A-9112-217BEA1870C2} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CC7ABE8E-B33A-4E0E-930D-F894B6C56C56} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D581F0D7-E10D-492B-BC8A-6C99BC697A8B} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E1D52E71-EEC1-43DD-AEF6-A75FC3CCAEA6} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E76FBBE1-26CC-4B35-8866-BA06F267B468} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F90EFFB3-9E44-4640-A1CE-F4C42D345269} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FCB8729E-DADA-4032-894C-A7691540714A} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-00-ca-11-22-33 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-29-0d-27-72-57 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-67-f9-01-3f-a6 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-b1-af-67-da-46 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-ca-b8-ad-15-fa -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\16-40-62-37-a2-24 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\16-bf-58-2c-77-9c -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b_6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b_d0-59-e4-e8-af-39 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1e-32-34-5c-99-72 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1e-a0-c7-ea-38-44 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\22-e9-5b-7e-05-b4 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\26-bd-8a-64-ff-f3 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2a-19-2f-99-76-5b -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2e-1a-a8-35-fc-30 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\32-f5-d3-6e-b2-c5 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3a-6d-1e-03-f6-ab -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-22-1d-c3-d6-60 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-5e-87-6b-09-c8 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-78-3c-59-b6-61_6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-08-09-55-4a-e5 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-13-83-29-0b-7b -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-86-2e-b8-51-97 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4e-4c-c8-0b-ab-ef -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4e-b2-e6-da-0f-94 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\56-df-57-61-4a-14 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\5e-44-4c-64-3f-3c -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6e-d4-3f-0f-8f-0e -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\72-2f-a9-12-07-b2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\74-9d-dc-3a-0f-89 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-10-01-59-05-d2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-94-3b-51-24-a6 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-99-75-50-dd-b6 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7e-3e-22-85-38-3b -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\82-41-37-c8-31-70 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8e-1c-af-9d-8e-84 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8e-c4-44-2c-cd-71 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-38-40-3b-68-12 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-72-2d-78-df-42 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-85-9f-e2-c0-41 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\94-cc-b9-00-3e-e6 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\96-45-26-00-3c-f3 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\96-fb-08-5f-07-5e -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\9e-47-5a-ed-ce-b8 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\9e-59-fe-70-8e-2b -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\aa-6c-76-e3-df-56 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b6-50-f1-da-67-71 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b6-6d-d6-1c-3a-42 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ba-a8-c3-2e-de-8a -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\be-a5-f8-16-ab-4d -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9_f6-8f-86-f7-14-bc -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c2-c2-5f-b8-f7-2d -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-39-2e-27-f0-fb -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-ff-9d-e5-45-12 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ce-2b-37-a9-cc-dd -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ce-eb-6b-65-7e-13 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d0-59-e4-e8-af-39 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d0-59-e4-e8-af-39_ee-d1-d4-99-28-4a -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d6-07-1c-9f-32-a3 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-2f-ae-f1-2d-0b -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-47-b5-41-bb-db -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-cf-e7-3f-44-12 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-0f-dc-1e-c5-63 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-81-cc-97-6f-df -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-8f-74-d3-af-6f -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e2-01-0d-eb-7b-e2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e2-29-70-28-34-f9 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ea-11-1c-0e-86-b4 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ea-27-8e-47-cd-28 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-05-95-6f-f0-c2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-97-d4-f3-58-7a -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-d1-d4-99-28-4a -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f2-55-84-e2-8c-a2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f2-9b-d0-f9-39-81 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f4-0f-1b-1e-0e-87 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f6-8f-86-f7-14-bc -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f6-dd-59-9e-fb-2a -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fa-79-73-15-5e-a2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0078710A-A9BF-48A9-8934-6D48F7420DAA} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0E13413A-3C86-4AD1-BDE0-BE884CD73104} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0E13413A-3C86-4AD1-BDE0-BE884CD73104}_{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14}_{339A9BC1-D081-4752-A383-1BA4D648E343} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14}_{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{181D912E-C443-4B10-A334-EE5C801B5574} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114}_{60633355-3145-4D32-A4BD-8A123BDB5C43} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114}_{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1A2EC656-0D55-4D79-A969-421E29EDCF1F} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1FD3F7E0-272E-4898-808D-627C57A04518} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{269B1BCA-37CC-4197-8362-7AA5082D3C1B} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{335E9BD3-EEDE-40C7-B10F-B1E1255B40ED} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{339A9BC1-D081-4752-A383-1BA4D648E343} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{374EEDD2-005A-4891-8782-DDE0074F92E5} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3976EB48-510B-4E9A-B7BD-392050A3AD44} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{48BE21FD-552E-48AF-A963-1880821D43C3} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B4788A8-177B-4354-97B5-E238BD3585BA} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{60633355-3145-4D32-A4BD-8A123BDB5C43} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6471328F-E818-4BEA-9E03-816D541CEA15} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{7080E0DA-879E-4ABB-B81D-E2C7DCF4349E} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{70F2166A-35C4-40FB-9473-3F51F2CD5F1C} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8D1C82A8-6899-4E96-8FE7-5DC10DC7FA39} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9623FCDF-9FBA-45D6-B434-F61A369CEEAD} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{A99C8DE7-E1B8-4874-B89E-6959D8E5D3B0} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AE522D97-1D5B-444A-B02A-A3757B767D20} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{BBE53314-DA1D-4F00-B54C-181FEFF051A0} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{C1B21557-7CC6-445A-9112-217BEA1870C2} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CC7ABE8E-B33A-4E0E-930D-F894B6C56C56} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D581F0D7-E10D-492B-BC8A-6C99BC697A8B} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E1D52E71-EEC1-43DD-AEF6-A75FC3CCAEA6} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E76FBBE1-26CC-4B35-8866-BA06F267B468} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{F90EFFB3-9E44-4640-A1CE-F4C42D345269} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FCB8729E-DADA-4032-894C-A7691540714A} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-00-ca-11-22-33 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-29-0d-27-72-57 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-67-f9-01-3f-a6 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-b1-af-67-da-46 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-8c-15-e9-68-64 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-ca-b8-ad-15-fa -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\16-40-62-37-a2-24 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\16-bf-58-2c-77-9c -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b_6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b_d0-59-e4-e8-af-39 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1e-32-34-5c-99-72 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1e-a0-c7-ea-38-44 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\22-e9-5b-7e-05-b4 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\26-bd-8a-64-ff-f3 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2a-19-2f-99-76-5b -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2e-1a-a8-35-fc-30 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\32-f5-d3-6e-b2-c5 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3a-6d-1e-03-f6-ab -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-22-1d-c3-d6-60 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-5e-87-6b-09-c8 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-78-3c-59-b6-61_6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-08-09-55-4a-e5 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-13-83-29-0b-7b -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-86-2e-b8-51-97 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4e-4c-c8-0b-ab-ef -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4e-b2-e6-da-0f-94 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\56-df-57-61-4a-14 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\5e-44-4c-64-3f-3c -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6c-ca-08-5b-95-20_f6-dd-59-9e-fb-2a -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6e-d4-3f-0f-8f-0e -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\72-2f-a9-12-07-b2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\74-9d-dc-3a-0f-89 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-10-01-59-05-d2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-94-3b-51-24-a6 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-99-75-50-dd-b6 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7e-3e-22-85-38-3b -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\82-41-37-c8-31-70 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8e-1c-af-9d-8e-84 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8e-c4-44-2c-cd-71 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-72-2d-78-df-42 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-85-9f-e2-c0-41 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\94-cc-b9-00-3e-e6 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\96-fb-08-5f-07-5e -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\9e-47-5a-ed-ce-b8 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\9e-59-fe-70-8e-2b -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\aa-6c-76-e3-df-56 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b6-50-f1-da-67-71 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b6-6d-d6-1c-3a-42 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ba-a8-c3-2e-de-8a -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\be-a5-f8-16-ab-4d -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9_f6-8f-86-f7-14-bc -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c2-c2-5f-b8-f7-2d -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-39-2e-27-f0-fb -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-39-2e-27-f0-fb_d0-59-e4-e8-af-39 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-ff-9d-e5-45-12 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ce-eb-6b-65-7e-13 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d0-59-e4-e8-af-39 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d0-59-e4-e8-af-39_ee-d1-d4-99-28-4a -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d6-07-1c-9f-32-a3 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-2f-ae-f1-2d-0b -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-47-b5-41-bb-db -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-cf-e7-3f-44-12 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-0f-dc-1e-c5-63 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-81-cc-97-6f-df -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-8f-74-d3-af-6f -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e2-01-0d-eb-7b-e2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e2-29-70-28-34-f9 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ea-11-1c-0e-86-b4 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ea-27-8e-47-cd-28 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-05-95-6f-f0-c2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-97-d4-f3-58-7a -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-d1-d4-99-28-4a -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f2-55-84-e2-8c-a2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f2-9b-d0-f9-39-81 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f4-0f-1b-1e-0e-87 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f6-8f-86-f7-14-bc -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fa-79-73-15-5e-a2 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0E13413A-3C86-4AD1-BDE0-BE884CD73104} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0E13413A-3C86-4AD1-BDE0-BE884CD73104}_{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14}_{339A9BC1-D081-4752-A383-1BA4D648E343} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14}_{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14}_{A99C8DE7-E1B8-4874-B89E-6959D8E5D3B0} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114}_{60633355-3145-4D32-A4BD-8A123BDB5C43} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114}_{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114}_{D581F0D7-E10D-492B-BC8A-6C99BC697A8B} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1A2EC656-0D55-4D79-A969-421E29EDCF1F} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1FD3F7E0-272E-4898-808D-627C57A04518} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{335E9BD3-EEDE-40C7-B10F-B1E1255B40ED} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{339A9BC1-D081-4752-A383-1BA4D648E343} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3976EB48-510B-4E9A-B7BD-392050A3AD44} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{48BE21FD-552E-48AF-A963-1880821D43C3} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B4788A8-177B-4354-97B5-E238BD3585BA} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{60633355-3145-4D32-A4BD-8A123BDB5C43} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6471328F-E818-4BEA-9E03-816D541CEA15} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{7080E0DA-879E-4ABB-B81D-E2C7DCF4349E} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{70F2166A-35C4-40FB-9473-3F51F2CD5F1C} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8D1C82A8-6899-4E96-8FE7-5DC10DC7FA39} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9623FCDF-9FBA-45D6-B434-F61A369CEEAD} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AE522D97-1D5B-444A-B02A-A3757B767D20} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{BBE53314-DA1D-4F00-B54C-181FEFF051A0} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CC7ABE8E-B33A-4E0E-930D-F894B6C56C56} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D581F0D7-E10D-492B-BC8A-6C99BC697A8B} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E1D52E71-EEC1-43DD-AEF6-A75FC3CCAEA6} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FCB8729E-DADA-4032-894C-A7691540714A} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\00-00-ca-11-22-33 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-29-0d-27-72-57 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-67-f9-01-3f-a6 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-b1-af-67-da-46 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-8c-15-e9-68-64 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-ca-b8-ad-15-fa -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\16-40-62-37-a2-24 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\16-bf-58-2c-77-9c -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b_6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1a-32-aa-9f-c3-4b_d0-59-e4-e8-af-39 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1e-32-34-5c-99-72 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\1e-a0-c7-ea-38-44 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\22-e9-5b-7e-05-b4 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\26-bd-8a-64-ff-f3 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2a-19-2f-99-76-5b -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\2e-1a-a8-35-fc-30 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\32-f5-d3-6e-b2-c5 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3a-6d-1e-03-f6-ab -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-22-1d-c3-d6-60 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-5e-87-6b-09-c8 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\3e-78-3c-59-b6-61_6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-08-09-55-4a-e5 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-13-83-29-0b-7b -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\46-86-2e-b8-51-97 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4e-4c-c8-0b-ab-ef -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4e-b2-e6-da-0f-94 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\56-df-57-61-4a-14 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\5e-44-4c-64-3f-3c -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6c-ca-08-5b-95-20 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6c-ca-08-5b-95-20_f6-dd-59-9e-fb-2a -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\6e-d4-3f-0f-8f-0e -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\72-2f-a9-12-07-b2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\74-9d-dc-3a-0f-89 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-10-01-59-05-d2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-94-3b-51-24-a6 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7a-99-75-50-dd-b6 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\7e-3e-22-85-38-3b -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\82-41-37-c8-31-70 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8e-1c-af-9d-8e-84 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\8e-c4-44-2c-cd-71 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-72-2d-78-df-42 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-85-9f-e2-c0-41 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\94-cc-b9-00-3e-e6 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\96-fb-08-5f-07-5e -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\9e-47-5a-ed-ce-b8 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\9e-59-fe-70-8e-2b -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\aa-6c-76-e3-df-56 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b6-50-f1-da-67-71 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\b6-6d-d6-1c-3a-42 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ba-a8-c3-2e-de-8a -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\be-a5-f8-16-ab-4d -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9_f6-8f-86-f7-14-bc -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c2-c2-5f-b8-f7-2d -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-39-2e-27-f0-fb -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-39-2e-27-f0-fb_d0-59-e4-e8-af-39 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c6-ff-9d-e5-45-12 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ce-eb-6b-65-7e-13 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d0-59-e4-e8-af-39 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d0-59-e4-e8-af-39_ee-d1-d4-99-28-4a -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d6-07-1c-9f-32-a3 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-2f-ae-f1-2d-0b -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-47-b5-41-bb-db -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\da-cf-e7-3f-44-12 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-0f-dc-1e-c5-63 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-81-cc-97-6f-df -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\de-8f-74-d3-af-6f -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e2-01-0d-eb-7b-e2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\e2-29-70-28-34-f9 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ea-11-1c-0e-86-b4 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ea-27-8e-47-cd-28 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-05-95-6f-f0-c2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-97-d4-f3-58-7a -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\ee-d1-d4-99-28-4a -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f2-55-84-e2-8c-a2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f2-9b-d0-f9-39-81 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f4-0f-1b-1e-0e-87 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\f6-8f-86-f7-14-bc -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\fa-79-73-15-5e-a2 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0E13413A-3C86-4AD1-BDE0-BE884CD73104} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0E13413A-3C86-4AD1-BDE0-BE884CD73104}_{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14}_{339A9BC1-D081-4752-A383-1BA4D648E343} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14}_{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{0F30CCC3-7FC6-4936-9C2C-F15B9F60CD14}_{A99C8DE7-E1B8-4874-B89E-6959D8E5D3B0} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114}_{60633355-3145-4D32-A4BD-8A123BDB5C43} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114}_{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{19CE7A28-4FFB-40A3-8F22-0A51CD317114}_{D581F0D7-E10D-492B-BC8A-6C99BC697A8B} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1A2EC656-0D55-4D79-A969-421E29EDCF1F} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{1FD3F7E0-272E-4898-808D-627C57A04518} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{335E9BD3-EEDE-40C7-B10F-B1E1255B40ED} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{339A9BC1-D081-4752-A383-1BA4D648E343} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{3976EB48-510B-4E9A-B7BD-392050A3AD44} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{48BE21FD-552E-48AF-A963-1880821D43C3} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5B4788A8-177B-4354-97B5-E238BD3585BA} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{60633355-3145-4D32-A4BD-8A123BDB5C43} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{6471328F-E818-4BEA-9E03-816D541CEA15} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{7080E0DA-879E-4ABB-B81D-E2C7DCF4349E} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{70F2166A-35C4-40FB-9473-3F51F2CD5F1C} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8D1C82A8-6899-4E96-8FE7-5DC10DC7FA39} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8E7A1774-AB38-4390-B771-C0385EE2C4A6} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9623FCDF-9FBA-45D6-B434-F61A369CEEAD} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{AE522D97-1D5B-444A-B02A-A3757B767D20} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{BBE53314-DA1D-4F00-B54C-181FEFF051A0} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{CC7ABE8E-B33A-4E0E-930D-F894B6C56C56} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D581F0D7-E10D-492B-BC8A-6C99BC697A8B} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E1D52E71-EEC1-43DD-AEF6-A75FC3CCAEA6} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{FCB8729E-DADA-4032-894C-A7691540714A} -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 2 ¤¤¤
[PUP][CHROME:Addon] Default : MozBar [eakacpaijcpapndcfffdgphdiccmpknp] -> Found
[PUP][CHROME:Addon] Default : Grammarly for Chrome [kbfnbcaeplbcioakkpcpgfkobkghlhen] -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS725050A7E630 SCSI Disk Device +++++
--- User ---
[MBR] e54d76620b9d0ce3be16d6d185d47b32
[BSP] ac9ab24021f498e88a4f51b789973d55 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 190774 MB
3 - Basic data partition | Offset (sectors): 391174144 | Size: 260337 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 924344320 | Size: 25600 MB
User = LL1 ... OK
User = LL2 ... OK
 
=====================================================================================
 
RogueKiller V12.3.8.0 (x64) [Jul 11 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Richard [Administrator]
Started from : C:\Users\Richard\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 07/18/2016 07:27:33
 
¤¤¤ Processes : 1 ¤¤¤
[Proc.Svchost] svchost.exe(8492) -- C:\Program Files (x86)\ASUS\ASUS Manager\USB Lock\svchost.exe[7] -> Found
 
¤¤¤ Registry : 12 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c0-83-0a-dd-f5-c9 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{826F71F8-120A-47B9-AA4E-41FF3DFAC22C} -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS725050A7E630 SCSI Disk Device +++++
--- User ---
[MBR] e54d76620b9d0ce3be16d6d185d47b32
[BSP] ac9ab24021f498e88a4f51b789973d55 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 190774 MB
3 - Basic data partition | Offset (sectors): 391174144 | Size: 260337 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 924344320 | Size: 25600 MB
User = LL1 ... OK
User = LL2 ... OK
 
 


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 AM

Posted 23 July 2016 - 08:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/620278 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 later6868

later6868
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 24 July 2016 - 11:43 AM

Hello - I described the issues I'm having in my original post.

 

Here is are the results of the FRST scan. The program only saved the frst.txt file. There is no saved addition.txt file.

==================================================================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-07-2016
Ran by Richard (administrator) on RICHARD-PC (24-07-2016 10:42:16)
Running from C:\Users\Richard\Downloads
Loaded Profiles: Richard (Available Profiles: Richard)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
() C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\ASNB4LDRSvc.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Windows\SysWOW64\AsHookDevice.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(UltimateOutsider) C:\Users\Richard\Downloads\GWX_control_panel.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Softtouch Software Design) C:\Users\Richard\Desktop\scrapebox.exe
(Softtouch Software Design) C:\Users\Richard\Desktop\Plugins\Expired Domain Finder\expireddomains.plugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-10-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-09] (Conexant Systems, Inc.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [228056 2015-03-25] (Realtek Semiconductor Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1654160 2016-06-28] (Bitdefender)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Users\Richard\Downloads\GWX_control_panel.exe [4559944 2016-03-26] (UltimateOutsider)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2014-03-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [406328 2014-05-15] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [209720 2014-06-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-1331136939-3758649227-25576793-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3493952 2014-07-18] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1331136939-3758649227-25576793-1001\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1331136939-3758649227-25576793-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-1331136939-3758649227-25576793-1001\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3483656 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1331136939-3758649227-25576793-1001\...\MountPoints2: {f41f3fd0-c783-11e5-814a-806e6f6e6963} - E:\auto.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-03-11]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-04-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{BC24AAA5-3991-4076-942B-07660AE6BB3B}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F3EAB782-E284-433A-A24A-121A4D6703A1}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1331136939-3758649227-25576793-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-11] (LastPass)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-06-10] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-06-28] (Bitdefender)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-18] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-11] (LastPass)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-06-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-18] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-11] (LastPass)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-11] (LastPass)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-06-28] (Bitdefender)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\82zswt2x.default
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-11] (LastPass)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-02-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-02-25] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-18] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-11] (LastPass)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1331136939-3758649227-25576793-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Richard\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-06-14] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-02-02]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-02-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://search.conduit.com/?ctid=CT3323897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP346DFB3B-5274-47F1-BC8D-3CD43A6F888D&SSPV=","hxxps://www.yahoo.com?fr=hp-avast&type=odc089"
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-11]
CHR Extension: (Sniply: Drive Conversion Through Content) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeihpnlhiiipbchlidcipfpiaecpkd [2016-07-19]
CHR Extension: (SEOquake) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2016-06-28]
CHR Extension: (Google Docs) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-11]
CHR Extension: (Google Drive) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-11]
CHR Extension: (Skype Calling) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-03-11]
CHR Extension: (YouTube) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-11]
CHR Extension: (Google Webspam Report (by Google)) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj [2016-03-11]
CHR Extension: (Link Klipper - Extract all links) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahollcgofmpnehocdgofnhkkchiekoo [2016-07-17]
CHR Extension: (Facebook Pixel Helper) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2016-07-20]
CHR Extension: (Google Sheets) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-11]
CHR Extension: (Audience Intersect) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjeffkdcbmggkbkedhbjemcpmgfccpil [2016-03-11]
CHR Extension: (Print this page with CleanPrint) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf [2016-03-11]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2016-07-08]
CHR Extension: (Google Docs Offline) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (AdBlock) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-07]
CHR Extension: (Follow) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2016-03-11]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-07-16]
CHR Extension: (Domain Hunter Plus) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifnkckdlnkmcmlmleoiofljanabhmjgg [2016-03-11]
CHR Extension: (Grammarly for Chrome) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-07-21]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2016-05-24]
CHR Extension: (The Great Suspender) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-03-11]
CHR Extension: (Insight Hero) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmghabppaehakcpfcbipiljjchejdmob [2016-06-28]
CHR Extension: (Skype) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-30]
CHR Extension: (Ghostery) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-03-11]
CHR Extension: (FPTraffic) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhapiceipfpmbbibcijkfecpehjjodm [2016-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (SEO SERP) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofoaoaloeipdofknnaapbmdddddioklg [2016-03-11]
CHR Extension: (Pinontop - Stay on top of Pinterest trends) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ompbffakmhdgkeeholbbhpjlcmbdcnme [2016-06-17]
CHR Extension: (Draw.io Desktop) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pebppomjfocnoigkeepgbmcifnnlndla [2016-07-23]
CHR Extension: (Gmail) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-11]
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Sheets) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-03]
CHR Extension: (Google Docs Offline) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-05-20]
CHR Extension: (Skype) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-03]
CHR Extension: (Gmail) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-03]
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-10]
CHR Extension: (Google Docs) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-10]
CHR Extension: (Google Drive) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-10]
CHR Extension: (YouTube) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-10]
CHR Extension: (Bitdefender Wallet) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-05-10]
CHR Extension: (Google Sheets) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-10]
CHR Extension: (Google Docs Offline) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-05-20]
CHR Extension: (Skype) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-10]
CHR Extension: (Gmail) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-10]
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-10]
CHR Extension: (Google Docs) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-21]
CHR Extension: (Google Drive) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-21]
CHR Extension: (YouTube) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-21]
CHR Extension: (Bitdefender Wallet) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-05-10]
CHR Extension: (Google Sheets) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-10]
CHR Extension: (Google Docs Offline) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-07-02]
CHR Extension: (Skype) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-10]
CHR Extension: (Gmail) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-21]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASNB4LDRSvc; C:\Program Files (x86)\ASUS\Wireless Console 3\ASNB4LDRSvc.exe [33912 2014-10-01] (ASUS)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [41176 2015-03-02] (Realtek Semiconductor Corporation)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [108248 2015-03-06] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [210744 2015-06-30] ()
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-09-18] (Intel Corporation)
R2 FBAgent; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe [73032 2014-08-13] ()
R2 HPSLPSVC; C:\Users\Richard\AppData\Local\Temp\7zS4709\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [353720 2015-07-14] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2014-10-03] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [156960 2015-02-25] (Intel Corporation)
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [51416 2015-01-04] (Realtek Semiconductor Corporation)
R2 Tran_Process_Proc; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe [71024 2014-03-25] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-06-28] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-06-28] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-28] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-04] ()
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [73512 2015-03-18] (ASUS Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-04-27] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-04-27] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [119696 2016-06-28] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 dptf_cpu; C:\Windows\System32\DRIVERS\dptf_cpu.sys [38720 2014-09-18] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\DRIVERS\dptf_pch.sys [38208 2014-09-18] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 esif_lf; C:\Windows\System32\DRIVERS\esif_lf.sys [216360 2014-09-18] (Intel Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2016-04-27] (BitDefender LLC)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [30960 2015-02-09] (Intel Corporation)
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [299816 2016-06-28] (Bitdefender)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-17] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2015-02-25] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [593112 2015-03-17] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3342552 2015-01-30] (Realtek Semiconductor Corporation                           )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-07-18] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [520032 2016-06-28] (BitDefender S.R.L.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-24 10:40 - 2016-07-24 10:42 - 00033471 _____ C:\Users\Richard\Downloads\FRST.txt
2016-07-24 10:40 - 2016-07-24 10:41 - 00032369 _____ C:\Users\Richard\Downloads\Addition.txt
2016-07-24 10:40 - 2016-07-24 10:40 - 00000000 ____D C:\FRST
2016-07-24 10:38 - 2016-07-24 10:39 - 02394112 _____ (Farbar) C:\Users\Richard\Downloads\FRST64.exe
2016-07-23 17:33 - 2016-07-23 17:33 - 00000036 _____ C:\Users\Richard\Desktop\scrapebox.id
2016-07-19 18:04 - 2016-07-19 18:04 - 00000013 _____ C:\Users\Richard\Documents\claimside.txt
2016-07-18 09:59 - 2016-07-18 09:59 - 00316720 _____ C:\Users\Richard\Downloads\workhorse.zip
2016-07-18 08:10 - 2016-07-18 08:10 - 00213144 _____ C:\Users\Richard\Desktop\Rogue Killer Report 1.txt
2016-07-18 08:10 - 2016-07-18 08:10 - 00006566 _____ C:\Users\Richard\Desktop\Rogue Killer Report 2.txt
2016-07-18 07:08 - 2016-07-18 07:08 - 00005693 ___RH C:\farstone_pe.letter
2016-07-17 21:09 - 2016-07-17 21:09 - 00002836 _____ C:\Users\Richard\Downloads\en.wikipedia.org_17th_Jul_2016 (12).txt
2016-07-17 19:03 - 2016-07-17 19:04 - 00000000 ____D C:\Users\Richard\Desktop\PA Offenders
2016-07-17 16:42 - 2016-07-17 17:52 - 00000000 ____D C:\Users\Richard\Desktop\Diane
2016-07-17 15:36 - 2016-07-17 15:36 - 00002943 _____ C:\Users\Richard\Downloads\en.wikipedia.org_17th_Jul_2016 (10).txt
2016-07-17 15:36 - 2016-07-17 15:36 - 00002836 _____ C:\Users\Richard\Downloads\en.wikipedia.org_17th_Jul_2016 (11).txt
2016-07-17 14:57 - 2016-07-17 14:57 - 00003173 _____ C:\Users\Richard\Downloads\en.wikipedia.org_17th_Jul_2016 (9).txt
2016-07-17 14:51 - 2016-07-17 14:51 - 00000867 _____ C:\Users\Richard\Downloads\en.wikipedia.org_17th_Jul_2016 (8).txt
2016-07-17 14:30 - 2016-07-17 14:32 - 293016688 _____ C:\Users\Richard\Downloads\Vendor_Small.mp4
2016-07-17 11:41 - 2016-07-17 11:41 - 00001519 _____ C:\Users\Richard\Downloads\en.wikipedia.org_17th_Jul_2016 (7).txt
2016-07-17 09:22 - 2016-07-17 09:22 - 00003690 _____ C:\Users\Richard\Downloads\en.wikipedia.org_17th_Jul_2016 (6).txt
2016-07-17 07:44 - 2016-07-17 07:44 - 00002594 _____ C:\Users\Richard\Downloads\en.wikipedia.org_17th_Jul_2016 (5).txt
2016-07-17 07:15 - 2016-07-17 07:15 - 00002798 _____ C:\Users\Richard\Downloads\en.wikipedia.org_17th_Jul_2016 (4).txt
2016-07-17 07:15 - 2016-07-17 07:15 - 00000493 _____ C:\Users\Richard\Downloads\en.wikipedia.org_17th_Jul_2016 (3).txt
2016-07-17 07:14 - 2016-07-17 07:14 - 00000552 _____ C:\Users\Richard\Downloads\en.wikipedia.org_17th_Jul_2016 (2).txt
2016-07-17 07:14 - 2016-07-17 07:14 - 00000376 _____ C:\Users\Richard\Downloads\en.wikipedia.org_17th_Jul_2016.txt
2016-07-17 07:14 - 2016-07-17 07:14 - 00000372 _____ C:\Users\Richard\Downloads\en.wikipedia.org_17th_Jul_2016 (1).txt
2016-07-16 12:46 - 2016-07-18 07:13 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-07-16 12:46 - 2016-07-16 12:46 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-16 12:45 - 2016-07-16 12:45 - 24482376 _____ C:\Users\Richard\Downloads\RogueKillerX64.exe
2016-07-16 12:38 - 2016-07-16 12:38 - 11438608 _____ (SurfRight B.V.) C:\Users\Richard\Downloads\hitmanpro_x64.exe
2016-07-16 12:32 - 2016-07-16 12:32 - 00224968 _____ (ESET) C:\Users\Richard\Downloads\ESETPoweliksCleaner.exe
2016-07-16 12:32 - 2016-07-16 12:32 - 00000022 _____ C:\Users\Richard\Downloads\ESETPoweliksCleaner.exe_20160716.123242.7184.zip
2016-07-14 13:28 - 2016-07-23 17:23 - 00003480 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2016-07-08 18:12 - 2016-07-08 18:12 - 00149979 _____ C:\Users\Richard\Downloads\Community Notice 7 8 16 (1).pdf
2016-07-08 15:23 - 2016-07-08 15:23 - 00149979 _____ C:\Users\Richard\Downloads\Community Notice 7 8 16.pdf
2016-07-07 21:00 - 2016-07-07 21:00 - 00000000 ____D C:\Program Files (x86)\LongTailPro
2016-07-07 20:43 - 2016-07-07 20:43 - 02474920 _____ C:\Users\Richard\Downloads\hppiw.exe
2016-07-07 20:34 - 2016-07-07 20:34 - 07384264 _____ C:\Users\Richard\Downloads\HPPSdr.exe
2016-07-07 16:06 - 2016-07-07 16:06 - 00134036 _____ C:\Users\Richard\Desktop\IHM-HailImapctReport-765-545065.pdf
2016-07-07 16:05 - 2016-07-07 16:05 - 00129540 _____ C:\Users\Richard\Downloads\IHM-HailImapctReport-765-545065.pdf
2016-07-05 16:21 - 2016-07-05 16:21 - 00008046 _____ C:\Users\Richard\Desktop\sa castroville self storage yp scrape.csv
2016-07-05 15:22 - 2016-07-05 15:22 - 00008660 _____ C:\Users\Richard\Desktop\sa self storage yp scrape.csv
2016-07-05 13:14 - 2016-07-17 13:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-05 13:14 - 2016-07-05 13:14 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-05 13:14 - 2016-07-05 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-05 13:14 - 2016-07-05 13:14 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-05 13:14 - 2016-07-05 13:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-05 13:14 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-05 13:14 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-05 13:14 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-07-05 13:12 - 2016-07-05 13:13 - 22851472 _____ (Malwarebytes ) C:\Users\Richard\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-01 11:41 - 2016-07-01 11:41 - 00000000 ____D C:\Users\Richard\AppData\Temp
2016-06-29 12:25 - 2016-07-07 19:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-24 10:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-07-24 10:39 - 2016-03-16 13:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-24 10:30 - 2016-06-14 11:41 - 00000574 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1331136939-3758649227-25576793-1001.job
2016-07-24 10:26 - 2016-03-11 18:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-24 10:10 - 2016-06-14 11:41 - 00000670 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1331136939-3758649227-25576793-1001.job
2016-07-23 20:26 - 2016-03-11 18:15 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-23 17:28 - 2009-07-14 00:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-23 17:26 - 2009-07-13 23:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-23 17:26 - 2009-07-13 23:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-23 17:23 - 2016-06-16 19:17 - 00003470 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2016-07-21 14:10 - 2016-03-14 12:21 - 00000000 ____D C:\Users\Richard\Desktop\CM
2016-07-19 18:05 - 2016-04-05 12:05 - 00000000 ____D C:\Users\Richard\Desktop\TempFolder
2016-07-19 18:02 - 2016-04-05 12:05 - 00000000 ____D C:\Users\Richard\Desktop\Configuration
2016-07-18 07:08 - 2016-03-11 18:12 - 00000000 __SHD C:\Users\Richard\IntelGraphicsProfiles
2016-07-18 07:08 - 2016-01-30 14:37 - 00000025 ___SH C:\Windows\SysWOW64\ReadTag.ini
2016-07-18 07:08 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-18 07:06 - 2016-03-17 11:08 - 00020841 _____ C:\bdlog.txt
2016-07-17 09:07 - 2016-05-14 13:01 - 00000000 ____D C:\Users\Richard\AppData\Local\CrashDumps
2016-07-17 07:36 - 2016-03-18 11:54 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-07-16 14:27 - 2016-03-20 11:38 - 13470680 _____ (Softtouch Software Design) C:\Users\Richard\Desktop\scrapebox.exe
2016-07-14 13:40 - 2016-03-16 13:13 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 13:40 - 2016-03-16 13:13 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-14 13:40 - 2016-03-16 13:13 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 13:40 - 2016-03-16 13:13 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-14 13:39 - 2016-03-16 13:13 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-11 21:33 - 2016-04-27 11:35 - 00162300 _____ C:\Users\Richard\Downloads\IFTTT SEO v2 Acc Workbook Template.xlsx
2016-07-08 16:19 - 2016-04-05 12:05 - 00000000 ____D C:\Users\Richard\Desktop\Harvester_Sessions
2016-07-08 16:19 - 2016-04-05 12:05 - 00000000 ____D C:\Users\Richard\Desktop\Errorlogs
2016-07-07 21:00 - 2016-03-26 12:49 - 00000915 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LongTailPro.lnk
2016-07-07 21:00 - 2016-03-26 12:49 - 00000903 _____ C:\Users\Public\Desktop\LongTailPro.lnk
2016-07-07 21:00 - 2016-03-26 12:49 - 00000268 _____ C:\Users\Richard\AppData\Roaming\RO39-2M3Q
2016-07-07 20:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-07 19:48 - 2016-03-11 18:15 - 00000000 ____D C:\Users\Richard\AppData\Local\Deployment
2016-07-07 19:44 - 2016-04-02 13:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-07 19:20 - 2016-03-16 16:30 - 00000000 ____D C:\Users\Richard\AppData\Roaming\Skype
2016-07-02 14:51 - 2016-06-14 11:41 - 00003704 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1331136939-3758649227-25576793-1001
2016-07-02 14:51 - 2016-06-14 11:41 - 00003608 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1331136939-3758649227-25576793-1001
2016-06-28 22:23 - 2016-03-11 16:35 - 00520032 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-06-28 22:20 - 2016-03-11 16:36 - 00299816 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2016-06-27 17:11 - 2016-03-23 13:40 - 00000000 ____D C:\Users\Richard\Desktop\Texas Claims
 
==================== Files in the root of some directories =======
 
2016-03-11 16:25 - 2016-03-11 16:25 - 21572120 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-03-26 12:49 - 2016-03-26 12:49 - 0000088 _____ () C:\Users\Richard\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2016-03-23 16:11 - 2016-03-23 16:11 - 5285376 _____ () C:\Users\Richard\AppData\Roaming\chromedriver221.exe
2016-03-23 16:11 - 2016-03-23 16:11 - 0034476 _____ () C:\Users\Richard\AppData\Roaming\disable_webrtc-1.0.6.xpi
2016-05-23 08:45 - 2016-05-23 08:45 - 1520606 _____ () C:\Users\Richard\AppData\Roaming\GoogleLogin2.zip
2016-03-31 10:18 - 2016-03-31 10:18 - 0000140 _____ () C:\Users\Richard\AppData\Roaming\GWMC-I92M
2016-03-23 16:11 - 2016-03-23 16:11 - 18587648 _____ (PhantomJS) C:\Users\Richard\AppData\Roaming\PhantomJSv211.exe
2016-03-26 12:49 - 2016-07-07 21:00 - 0000268 _____ () C:\Users\Richard\AppData\Roaming\RO39-2M3Q
2016-03-23 16:11 - 2016-03-23 16:11 - 0696952 _____ () C:\Users\Richard\AppData\Roaming\WebDriver.FirefoxExt2520.zip
2016-05-23 08:45 - 2016-05-23 08:46 - 35734349 _____ () C:\Users\Richard\AppData\Roaming\xulrunner.zip
2016-03-11 18:13 - 2016-07-23 17:20 - 0212912 _____ () C:\Users\Richard\AppData\Local\BTServer.log
2016-06-03 09:47 - 2016-06-03 09:47 - 0007626 _____ () C:\Users\Richard\AppData\Local\Resmon.ResmonCfg
2016-03-11 16:37 - 2016-03-11 16:37 - 0417778 _____ () C:\ProgramData\1457732111.bdinstall.bin
2016-03-22 09:15 - 2016-03-22 09:15 - 0025986 _____ () C:\ProgramData\1458656153.bdinstall.bin
2016-03-31 11:57 - 2016-03-31 11:57 - 0025981 _____ () C:\ProgramData\1459443455.bdinstall.bin
2016-04-06 17:43 - 2016-04-06 17:43 - 0019313 _____ () C:\ProgramData\1459982603.bdinstall.bin
2016-03-13 18:20 - 2016-03-13 18:20 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-03-28 07:56 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-03-28 07:56 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-03-28 07:56 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2009-07-29 01:01 - 2009-07-28 13:31 - 0000223 _____ () C:\ProgramData\SetWallpaper.cmd
2009-07-29 01:01 - 2009-07-22 20:04 - 0024576 _____ () C:\ProgramData\SetWallpaper.exe
 
Files to move or delete:
====================
C:\ProgramData\SetWallpaper.cmd
C:\ProgramData\SetWallpaper.exe
 
 
Some files in TEMP:
====================
C:\Users\Richard\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Richard\AppData\Local\Temp\HitmanPro.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-17 03:11
 
==================== End of FRST.txt ============================


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 25 July 2016 - 09:28 AM

Greetings later6868 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do these things, in this order.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Please rerun a FRST scan but make sure Addition.txt is checked. Copy and paste both logs in your reply.

===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MTB.txt
  • FRST.txt
  • Addition.txt
  • System Summary report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 later6868

later6868
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 25 July 2016 - 11:33 AM

Hello, Gary. Thank you so very much for assisting me.

 

You can call me Rich from this point forward.

 

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

MTB.txt

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Richard (administrator) on 25-07-2016 at 10:46:54
Running from "C:\Users\Richard\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Model: P552LA Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek 8821AE Wireless LAN 802.11ac PCI-E NIC = Wireless Network Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Richard-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : att.net
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : B0-C0-90-46-34-6F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : att.net
   Description . . . . . . . . . . . : Realtek 8821AE Wireless LAN 802.11ac PCI-E NIC
   Physical Address. . . . . . . . . : B0-C0-90-46-34-6F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:306:3426:f8e0:f1e1:2b74:4a36:6b1d(Preferred) 
   Temporary IPv6 Address. . . . . . : 2602:306:3426:f8e0:35fa:3c8b:3431:88e0(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::f1e1:2b74:4a36:6b1d%14(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.77(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, July 24, 2016 7:09:53 PM
   Lease Expires . . . . . . . . . . : Tuesday, July 26, 2016 10:39:49 AM
   Default Gateway . . . . . . . . . : fe80::6eca:8ff:fe5b:9520%14
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 363905168
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-3E-C0-01-9C-5C-8E-2D-3C-67
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 9C-5C-8E-2D-3C-67
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : B0-C0-90-46-34-70
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.att.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : att.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{1D40F363-62B9-412F-9B27-5A248C128AD5}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{72EAF77D-1E76-4556-ABB1-E7B84C8CB1A4}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{924FDA9B-9F23-433E-AEDE-0412DB022C9F}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  2001:558:feed::1
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
 
Pinging google.com [2607:f8b0:4005:801::200e] with 32 bytes of data:
Request timed out.
Request timed out.
 
Ping statistics for 2607:f8b0:4005:801::200e:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  2001:558:feed::1
 
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
 
Pinging yahoo.com [2001:4998:44:204::a7] with 32 bytes of data:
Request timed out.
Request timed out.
 
Ping statistics for 2001:4998:44:204::a7:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...b0 c0 90 46 34 6f ......Microsoft Virtual WiFi Miniport Adapter
 14...b0 c0 90 46 34 6f ......Realtek 8821AE Wireless LAN 802.11ac PCI-E NIC
 13...9c 5c 8e 2d 3c 67 ......Realtek PCIe GBE Family Controller
 11...b0 c0 90 46 34 70 ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 33...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.77     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.77    281
     192.168.1.77  255.255.255.255         On-link      192.168.1.77    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.77    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.77    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.77    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14    281 ::/0                     fe80::6eca:8ff:fe5b:9520
  1    306 ::1/128                  On-link
 14     33 2602:306:3426:f8e0::/64  On-link
 14    281 2602:306:3426:f8e0:35fa:3c8b:3431:88e0/128
                                    On-link
 14    281 2602:306:3426:f8e0:f1e1:2b74:4a36:6b1d/128
                                    On-link
 14    281 fe80::/64                On-link
 14    281 fe80::f1e1:2b74:4a36:6b1d/128
                                    On-link
  1    306 ff00::/8                 On-link
 14    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
**** End of log ****
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
FRST.txt
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-07-2016
Ran by Richard (administrator) on RICHARD-PC (25-07-2016 10:56:06)
Running from C:\Users\Richard\Downloads
Loaded Profiles: Richard (Available Profiles: Richard)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
() C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\ASNB4LDRSvc.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Windows\SysWOW64\AsHookDevice.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\USB Lock\svchost.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(UltimateOutsider) C:\Users\Richard\Downloads\GWX_control_panel.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [919768 2014-10-13] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-09] (Conexant Systems, Inc.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [228056 2015-03-25] (Realtek Semiconductor Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1654160 2016-06-28] (Bitdefender)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Users\Richard\Downloads\GWX_control_panel.exe [4559944 2016-03-26] (UltimateOutsider)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2014-03-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [406328 2014-05-15] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [209720 2014-06-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-1331136939-3758649227-25576793-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3493952 2014-07-18] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1331136939-3758649227-25576793-1001\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-1331136939-3758649227-25576793-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-1331136939-3758649227-25576793-1001\...\Run: [HP ENVY 5660 series (NET)] => C:\Program Files\HP\HP ENVY 5660 series\Bin\ScanToPCActivationApp.exe [3483656 2014-08-22] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1331136939-3758649227-25576793-1001\...\MountPoints2: {f41f3fd0-c783-11e5-814a-806e6f6e6963} - E:\auto.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{99006E6D-F894-4C47-B6F7-0CEF1B3D5953}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{BC24AAA5-3991-4076-942B-07660AE6BB3B}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F3EAB782-E284-433A-A24A-121A4D6703A1}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1331136939-3758649227-25576793-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1331136939-3758649227-25576793-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-11] (LastPass)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-06-10] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-06-28] (Bitdefender)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-24] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-11] (LastPass)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-06-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-24] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-11] (LastPass)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-06-28] (Bitdefender)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-11] (LastPass)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-06-28] (Bitdefender)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Richard\AppData\Roaming\Mozilla\Firefox\Profiles\82zswt2x.default
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-11] (LastPass)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-02-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-02-25] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-24] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-11] (LastPass)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1331136939-3758649227-25576793-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Richard\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-06-14] (Citrix Online)
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-02-02]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-02-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://search.conduit.com/?ctid=CT3323897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP346DFB3B-5274-47F1-BC8D-3CD43A6F888D&SSPV=","hxxps://www.yahoo.com?fr=hp-avast&type=odc089"
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-11]
CHR Extension: (Sniply: Drive Conversion Through Content) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeihpnlhiiipbchlidcipfpiaecpkd [2016-07-24]
CHR Extension: (SEOquake) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2016-06-28]
CHR Extension: (Google Docs) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-11]
CHR Extension: (Google Drive) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-11]
CHR Extension: (Skype Calling) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-03-11]
CHR Extension: (YouTube) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-11]
CHR Extension: (Google Webspam Report (by Google)) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\efinmbicabejjhjafeidhfbojhnfiepj [2016-03-11]
CHR Extension: (Link Klipper - Extract all links) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahollcgofmpnehocdgofnhkkchiekoo [2016-07-17]
CHR Extension: (Facebook Pixel Helper) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2016-07-24]
CHR Extension: (Google Sheets) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-11]
CHR Extension: (Audience Intersect) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjeffkdcbmggkbkedhbjemcpmgfccpil [2016-03-11]
CHR Extension: (Print this page with CleanPrint) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf [2016-03-11]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2016-07-08]
CHR Extension: (Google Docs Offline) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-25]
CHR Extension: (AdBlock) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-07-07]
CHR Extension: (Follow) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2016-03-11]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-07-16]
CHR Extension: (Domain Hunter Plus) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifnkckdlnkmcmlmleoiofljanabhmjgg [2016-03-11]
CHR Extension: (Grammarly for Chrome) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-07-25]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2016-05-24]
CHR Extension: (The Great Suspender) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2016-03-11]
CHR Extension: (Insight Hero) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmghabppaehakcpfcbipiljjchejdmob [2016-06-28]
CHR Extension: (Skype) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-30]
CHR Extension: (Ghostery) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-03-11]
CHR Extension: (FPTraffic) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhapiceipfpmbbibcijkfecpehjjodm [2016-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (SEO SERP) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofoaoaloeipdofknnaapbmdddddioklg [2016-03-11]
CHR Extension: (Pinontop - Stay on top of Pinterest trends) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ompbffakmhdgkeeholbbhpjlcmbdcnme [2016-06-17]
CHR Extension: (Draw.io Desktop) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pebppomjfocnoigkeepgbmcifnnlndla [2016-07-25]
CHR Extension: (Gmail) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-11]
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Sheets) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-03]
CHR Extension: (Google Docs Offline) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-05-20]
CHR Extension: (Skype) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-03]
CHR Extension: (Gmail) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-03]
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Google Slides) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-10]
CHR Extension: (Google Docs) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-10]
CHR Extension: (Google Drive) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-10]
CHR Extension: (YouTube) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-10]
CHR Extension: (Bitdefender Wallet) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-05-10]
CHR Extension: (Google Sheets) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-10]
CHR Extension: (Google Docs Offline) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-05-20]
CHR Extension: (Skype) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-10]
CHR Extension: (Gmail) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-10]
CHR Profile: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Google Slides) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-10]
CHR Extension: (Google Docs) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-21]
CHR Extension: (Google Drive) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-21]
CHR Extension: (YouTube) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-21]
CHR Extension: (Bitdefender Wallet) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-05-10]
CHR Extension: (Google Sheets) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-10]
CHR Extension: (Google Docs Offline) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-07-02]
CHR Extension: (Skype) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-10]
CHR Extension: (Gmail) - C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-21]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASNB4LDRSvc; C:\Program Files (x86)\ASUS\Wireless Console 3\ASNB4LDRSvc.exe [33912 2014-10-01] (ASUS)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [41176 2015-03-02] (Realtek Semiconductor Corporation)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [108248 2015-03-06] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
R2 Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [210744 2015-06-30] ()
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-09-18] (Intel Corporation)
R2 FBAgent; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe [73032 2014-08-13] ()
R2 HPSLPSVC; C:\Users\Richard\AppData\Local\Temp\7zS4709\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [353720 2015-07-14] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2014-10-03] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [156960 2015-02-25] (Intel Corporation)
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [51416 2015-01-04] (Realtek Semiconductor Corporation)
R2 Tran_Process_Proc; C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe [71024 2014-03-25] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [156016 2016-06-28] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1693104 2016-06-28] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-28] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-04] ()
R3 ATP; C:\Windows\System32\DRIVERS\AsusTP.sys [73512 2015-03-18] (ASUS Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1623536 2016-04-27] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [842152 2016-04-27] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [119696 2016-06-28] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 dptf_cpu; C:\Windows\System32\DRIVERS\dptf_cpu.sys [38720 2014-09-18] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\DRIVERS\dptf_pch.sys [38208 2014-09-18] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 esif_lf; C:\Windows\System32\DRIVERS\esif_lf.sys [216360 2014-09-18] (Intel Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [182936 2016-04-27] (BitDefender LLC)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [30960 2015-02-09] (Intel Corporation)
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [299816 2016-06-28] (Bitdefender)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2015-02-25] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [593112 2015-03-17] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3342552 2015-01-30] (Realtek Semiconductor Corporation                           )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-07-18] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [520032 2016-06-28] (BitDefender S.R.L.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-24 19:10 - 2016-07-24 19:10 - 00005693 ___RH C:\farstone_pe.letter
2016-07-24 19:05 - 2016-07-24 19:05 - 00000000 ____D C:\Windows\EOONotify
2016-07-24 19:04 - 2016-07-24 19:04 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-07-24 19:04 - 2016-07-24 19:04 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-24 18:35 - 2015-01-08 18:44 - 00419936 _____ C:\Windows\SysWOW64\locale.nls
2016-07-24 18:35 - 2015-01-08 18:43 - 00419936 _____ C:\Windows\system32\locale.nls
2016-07-24 17:20 - 2016-07-24 17:42 - 00000000 ____D C:\Windows\system32\MRT
2016-07-24 17:20 - 2016-07-24 17:20 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-24 16:33 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2016-07-24 16:33 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2016-07-24 16:33 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2016-07-24 16:33 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2016-07-24 16:33 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2016-07-24 16:33 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2016-07-24 16:33 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2016-07-24 16:33 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2016-07-24 16:31 - 2016-01-22 01:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-07-24 16:31 - 2016-01-22 01:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-07-24 16:31 - 2016-01-22 01:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-07-24 16:31 - 2016-01-22 01:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-07-24 16:30 - 2016-06-11 01:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-24 16:30 - 2016-06-10 23:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-24 16:30 - 2016-06-10 16:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-24 16:30 - 2016-06-10 16:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-24 16:30 - 2016-06-10 16:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-24 16:30 - 2016-06-10 16:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-24 16:30 - 2016-06-10 16:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-24 16:30 - 2016-06-10 16:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-24 16:30 - 2016-06-10 16:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-24 16:30 - 2016-06-10 16:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-24 16:30 - 2016-06-10 16:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-24 16:30 - 2016-06-10 16:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-24 16:30 - 2016-06-10 16:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-24 16:30 - 2016-06-10 16:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-24 16:30 - 2016-06-10 16:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-24 16:30 - 2016-06-10 16:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-24 16:30 - 2016-06-10 16:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-24 16:30 - 2016-06-10 16:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-24 16:30 - 2016-06-10 15:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-24 16:30 - 2016-06-10 15:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-24 16:30 - 2016-06-10 15:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-24 16:30 - 2016-06-10 15:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-24 16:30 - 2016-06-10 15:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-24 16:30 - 2016-06-10 15:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-24 16:30 - 2016-06-10 15:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-24 16:30 - 2016-06-10 15:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-24 16:30 - 2016-06-10 15:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-24 16:30 - 2016-06-10 15:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-24 16:30 - 2016-06-10 15:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-24 16:30 - 2016-06-10 15:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-24 16:30 - 2016-06-10 15:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-24 16:30 - 2016-06-10 15:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-24 16:30 - 2016-06-10 14:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-24 16:30 - 2016-06-10 14:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-24 16:30 - 2016-06-10 14:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-24 16:30 - 2016-06-10 14:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-24 16:30 - 2016-06-10 14:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-24 16:30 - 2016-06-10 13:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-24 16:30 - 2016-06-10 13:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-24 16:30 - 2016-06-10 13:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-24 16:30 - 2016-06-10 13:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-24 16:30 - 2016-06-10 13:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-24 16:30 - 2016-06-10 13:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-24 16:30 - 2016-06-10 13:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-24 16:30 - 2016-06-10 13:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-24 16:30 - 2016-06-10 13:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-24 16:30 - 2016-06-10 13:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-24 16:30 - 2016-06-10 13:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-24 16:30 - 2016-06-10 13:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-24 16:30 - 2016-06-10 13:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-24 16:30 - 2016-06-10 13:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-24 16:30 - 2016-06-10 13:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-24 16:30 - 2016-06-10 13:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-24 16:30 - 2016-06-10 13:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-24 16:30 - 2016-06-10 13:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-24 16:30 - 2016-06-10 13:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-24 16:30 - 2016-06-10 13:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-24 16:30 - 2016-06-10 13:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-24 16:30 - 2016-06-10 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-24 16:30 - 2016-06-10 13:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-24 16:30 - 2016-06-10 13:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-24 16:30 - 2016-06-10 13:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-24 16:30 - 2016-06-10 12:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-24 16:30 - 2016-06-10 12:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-24 16:30 - 2016-06-10 12:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-24 16:30 - 2016-06-10 12:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-24 16:30 - 2016-05-12 12:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-07-24 16:30 - 2016-05-12 12:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-07-24 16:30 - 2016-05-12 12:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-07-24 16:30 - 2016-05-12 12:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-07-24 16:30 - 2016-05-12 12:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-07-24 16:30 - 2016-05-12 12:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-07-24 16:30 - 2016-05-12 12:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-07-24 16:30 - 2016-05-12 12:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-07-24 16:30 - 2016-05-12 10:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-07-24 16:30 - 2016-05-12 10:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-07-24 16:30 - 2016-05-12 10:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-07-24 16:30 - 2016-05-12 10:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-07-24 16:30 - 2016-05-12 10:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-07-24 16:30 - 2016-05-12 10:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-07-24 16:30 - 2016-05-12 09:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-07-24 16:30 - 2016-05-12 09:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2016-07-24 16:29 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-07-24 16:29 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2016-07-24 16:29 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-07-24 16:29 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2016-07-24 16:29 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2016-07-24 16:29 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-07-24 16:29 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2016-07-24 16:29 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-07-24 16:29 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2016-07-24 16:29 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2016-07-24 16:29 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2016-07-24 16:29 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-07-24 16:29 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2016-07-24 16:29 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2016-07-24 16:29 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2016-07-24 16:29 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-07-24 16:28 - 2016-03-16 13:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-07-24 16:28 - 2016-03-16 13:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-07-24 16:28 - 2016-03-16 13:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-07-24 16:28 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-07-24 16:28 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-07-24 16:28 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-07-24 16:28 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-07-24 16:28 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-07-24 16:28 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-07-24 16:28 - 2015-12-08 16:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-07-24 16:28 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-07-24 16:28 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-07-24 16:28 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-07-24 16:28 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-07-24 16:28 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-07-24 16:28 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-07-24 16:28 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-07-24 16:28 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-07-24 16:28 - 2015-12-08 16:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-07-24 16:28 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-07-24 16:28 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-07-24 16:28 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-07-24 16:28 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-07-24 16:28 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-07-24 16:28 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-07-24 16:28 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-07-24 16:28 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-07-24 16:28 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-07-24 16:28 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-07-24 16:28 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-07-24 16:28 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-07-24 16:28 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-07-24 16:28 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-07-24 16:28 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-07-24 16:28 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-07-24 16:28 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-07-24 16:28 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-07-24 16:28 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-07-24 16:28 - 2015-12-08 14:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-07-24 16:28 - 2015-12-08 14:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-07-24 16:28 - 2015-12-08 14:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-07-24 16:28 - 2015-12-08 14:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-07-24 16:28 - 2015-12-08 14:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-07-24 16:28 - 2015-12-08 14:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-07-24 16:28 - 2015-12-08 14:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-07-24 16:28 - 2015-12-08 14:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-07-24 16:28 - 2015-12-08 14:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-07-24 16:28 - 2015-12-08 14:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-07-24 16:28 - 2015-12-08 14:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-07-24 16:28 - 2015-12-08 14:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-07-24 16:28 - 2015-12-08 14:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-07-24 16:28 - 2015-12-08 14:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-07-24 16:28 - 2015-12-08 14:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-07-24 16:28 - 2015-12-08 14:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-07-24 16:28 - 2015-12-08 14:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-07-24 16:28 - 2015-12-08 14:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-07-24 16:28 - 2015-12-08 14:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-07-24 16:28 - 2015-12-08 14:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-07-24 16:28 - 2015-12-08 13:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-07-24 16:28 - 2015-12-08 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-07-24 16:28 - 2015-12-08 13:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-07-24 16:28 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-07-24 16:28 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-07-24 16:28 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-07-24 16:28 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-07-24 16:28 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-07-24 16:28 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-07-24 16:27 - 2016-04-09 02:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-07-24 16:27 - 2016-04-09 02:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-24 16:27 - 2016-04-09 02:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-07-24 16:27 - 2016-04-09 01:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-07-24 16:27 - 2016-04-09 01:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-07-24 16:27 - 2016-04-09 01:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-07-24 16:27 - 2016-04-09 01:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-07-24 16:27 - 2016-04-09 01:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-07-24 16:27 - 2016-04-09 01:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-07-24 16:27 - 2016-04-09 01:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-07-24 16:27 - 2016-04-09 01:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-07-24 16:27 - 2016-04-09 01:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-07-24 16:27 - 2016-04-09 01:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 01:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 00:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-07-24 16:27 - 2016-04-09 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-07-24 16:27 - 2016-04-09 00:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-07-24 16:27 - 2016-04-09 00:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-07-24 16:27 - 2016-04-09 00:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-07-24 16:27 - 2016-04-09 00:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-07-24 16:27 - 2016-04-09 00:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-07-24 16:27 - 2016-04-09 00:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-07-24 16:27 - 2016-04-09 00:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-07-24 16:27 - 2016-04-09 00:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-07-24 16:27 - 2016-04-09 00:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 00:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 00:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-07-24 16:27 - 2016-04-09 00:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-07-24 16:27 - 2016-03-23 17:43 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2016-07-24 16:27 - 2016-03-23 17:40 - 00634432 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-07-24 16:27 - 2016-03-23 17:40 - 00546656 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-07-24 16:27 - 2016-02-12 13:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-07-24 16:27 - 2016-02-12 13:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-07-24 16:27 - 2016-02-12 13:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-07-24 16:27 - 2016-02-12 13:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-07-24 16:27 - 2016-02-12 13:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-07-24 16:27 - 2016-02-12 13:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-07-24 16:27 - 2016-02-12 13:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-07-24 16:27 - 2016-02-12 13:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-07-24 16:27 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-07-24 16:27 - 2016-02-12 13:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-07-24 16:27 - 2016-02-12 13:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-07-24 16:27 - 2016-02-12 13:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-07-24 16:27 - 2016-02-12 13:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-07-24 16:27 - 2016-02-12 13:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-07-24 16:27 - 2016-02-12 13:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-07-24 16:27 - 2016-02-12 13:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-07-24 16:27 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-07-24 16:25 - 2016-05-12 12:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-24 16:25 - 2016-05-12 12:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-07-24 16:25 - 2016-05-12 12:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-07-24 16:25 - 2016-05-12 12:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-07-24 16:25 - 2016-05-12 12:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-07-24 16:25 - 2016-05-12 12:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-07-24 16:25 - 2016-05-12 12:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-07-24 16:25 - 2016-05-12 12:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-07-24 16:25 - 2016-05-12 12:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-24 16:25 - 2016-05-12 12:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-07-24 16:25 - 2016-05-12 12:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-07-24 16:25 - 2016-05-12 12:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-07-24 16:25 - 2016-05-12 12:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-07-24 16:25 - 2016-05-12 12:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-07-24 16:25 - 2016-05-12 12:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-07-24 16:25 - 2016-05-12 12:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-07-24 16:25 - 2016-05-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-07-24 16:25 - 2016-05-12 12:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-07-24 16:25 - 2016-05-12 12:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-07-24 16:25 - 2016-05-12 12:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-07-24 16:25 - 2016-05-12 10:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-07-24 16:25 - 2016-05-12 10:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-07-24 16:25 - 2016-05-12 10:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-07-24 16:25 - 2016-05-12 10:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-07-24 16:25 - 2016-05-12 10:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-07-24 16:25 - 2016-05-12 10:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-07-24 16:25 - 2016-05-12 10:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-07-24 16:25 - 2016-05-12 10:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-07-24 16:25 - 2016-05-12 10:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-07-24 16:25 - 2016-05-12 10:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-07-24 16:25 - 2016-05-12 10:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-07-24 16:25 - 2016-05-12 10:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-07-24 16:25 - 2016-05-12 10:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-07-24 16:25 - 2016-05-12 10:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-07-24 16:25 - 2016-05-12 10:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-07-24 16:25 - 2016-05-12 10:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-07-24 16:25 - 2016-05-12 09:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-07-24 16:25 - 2016-05-12 09:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-07-24 16:25 - 2016-05-12 09:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-07-24 16:25 - 2016-05-12 09:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-07-24 16:25 - 2016-05-12 09:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-07-24 16:25 - 2016-05-12 09:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-07-24 16:25 - 2016-05-12 09:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-07-24 16:25 - 2016-05-12 09:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-07-24 16:25 - 2016-05-12 09:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-07-24 16:25 - 2016-05-12 08:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-24 16:25 - 2016-05-12 08:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-24 16:25 - 2016-05-12 08:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-07-24 16:25 - 2016-04-09 02:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-07-24 16:25 - 2016-04-09 02:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-07-24 16:25 - 2016-04-09 01:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-07-24 16:25 - 2016-03-15 19:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-07-24 16:25 - 2016-03-15 19:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-07-24 16:25 - 2016-03-15 18:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-07-24 16:25 - 2016-02-05 14:03 - 00147904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2016-07-24 16:25 - 2016-02-05 13:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-07-24 16:25 - 2016-02-05 13:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-07-24 16:25 - 2016-02-05 12:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-07-24 16:25 - 2015-11-05 14:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-07-24 16:25 - 2015-11-05 14:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-07-24 16:25 - 2015-11-05 04:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-07-24 16:25 - 2015-06-03 15:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-07-24 16:25 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2016-07-24 16:25 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2016-07-24 16:25 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2016-07-24 16:25 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2016-07-24 16:25 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2016-07-24 16:25 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2016-07-24 16:25 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2016-07-24 16:25 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2016-07-24 16:25 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2016-07-24 16:25 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2016-07-24 16:25 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2016-07-24 16:25 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2016-07-24 16:25 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2016-07-24 16:25 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2016-07-24 16:24 - 2016-04-09 01:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-07-24 16:24 - 2016-04-09 01:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-07-24 16:24 - 2016-04-09 01:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-07-24 16:24 - 2016-04-09 01:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-07-24 16:24 - 2016-04-09 00:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-07-24 16:24 - 2016-04-09 00:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-07-24 16:24 - 2016-01-07 12:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-07-24 16:24 - 2015-04-27 14:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-07-24 16:24 - 2015-04-27 14:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-07-24 16:24 - 2015-04-27 14:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-07-24 16:24 - 2015-04-27 14:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-07-24 16:24 - 2015-04-27 14:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-07-24 16:24 - 2015-04-27 14:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-07-24 16:24 - 2015-04-27 14:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-07-24 16:24 - 2015-04-27 14:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-07-24 16:24 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2016-07-24 16:24 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-07-24 16:24 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-07-24 16:24 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-07-24 16:24 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-07-24 16:24 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-07-24 16:24 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-07-24 16:24 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-07-24 16:24 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-07-24 16:24 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-07-24 16:24 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-07-24 16:24 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2016-07-24 16:24 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2016-07-24 16:24 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2016-07-24 16:24 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2016-07-24 16:24 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2016-07-24 16:24 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2016-07-24 16:24 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2016-07-24 16:24 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2016-07-24 16:24 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2016-07-24 16:24 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-07-24 16:24 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2016-07-24 16:24 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2016-07-24 16:24 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2016-07-24 16:23 - 2016-06-25 19:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-24 16:23 - 2016-06-25 19:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-24 16:23 - 2016-06-22 08:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-24 16:23 - 2016-06-17 13:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-24 16:23 - 2016-06-17 13:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-24 16:23 - 2016-06-17 13:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-24 16:23 - 2016-06-17 13:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-24 16:23 - 2016-06-17 13:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-24 16:23 - 2016-06-17 13:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-24 16:23 - 2016-06-14 10:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-24 16:23 - 2016-04-08 23:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-07-24 16:23 - 2016-04-08 22:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-07-24 16:23 - 2016-03-23 17:40 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2016-07-24 16:23 - 2016-02-04 20:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-07-24 16:23 - 2016-02-04 13:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-07-24 16:23 - 2016-01-11 14:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-07-24 16:23 - 2015-11-10 13:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-07-24 16:23 - 2015-11-10 13:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-07-24 16:23 - 2015-11-10 13:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-07-24 16:23 - 2015-11-10 13:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-07-24 16:23 - 2015-11-10 13:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-07-24 16:23 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-07-24 16:23 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-07-24 16:23 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-07-24 16:23 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2016-07-24 16:23 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2016-07-24 16:22 - 2016-04-14 08:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-07-24 16:22 - 2016-04-14 08:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-07-24 16:22 - 2015-11-19 09:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-07-24 16:22 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-07-24 16:22 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2016-07-24 16:22 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-07-24 16:22 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2016-07-24 16:22 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2016-07-24 16:22 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2016-07-24 16:22 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2016-07-24 16:21 - 2016-05-18 11:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-07-24 16:21 - 2016-05-18 11:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-07-24 16:21 - 2016-05-13 17:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-07-24 16:21 - 2016-05-13 17:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-07-24 16:21 - 2016-05-13 17:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-07-24 16:21 - 2016-05-13 17:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-07-24 16:21 - 2016-05-13 17:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-07-24 16:21 - 2016-05-13 16:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-07-24 16:21 - 2016-05-13 16:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-07-24 16:21 - 2016-05-13 16:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-07-24 16:21 - 2016-05-13 16:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-07-24 16:21 - 2016-05-13 16:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-07-24 16:21 - 2016-05-11 12:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-07-24 16:21 - 2016-05-11 12:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-07-24 16:21 - 2016-05-11 12:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-07-24 16:21 - 2016-05-11 10:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-07-24 16:21 - 2016-05-11 10:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-07-24 16:21 - 2016-05-11 10:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-07-24 16:21 - 2016-05-11 10:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-07-24 16:21 - 2016-05-11 10:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-07-24 16:21 - 2016-05-11 09:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-07-24 16:21 - 2016-04-06 10:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-07-24 16:21 - 2016-03-09 14:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-07-24 16:21 - 2016-03-09 13:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-07-24 16:21 - 2016-03-09 13:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-07-24 16:21 - 2016-03-09 13:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-07-24 16:21 - 2016-02-09 04:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-07-24 16:21 - 2016-02-09 04:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-07-24 16:21 - 2016-02-09 04:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-07-24 16:21 - 2016-02-09 04:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-07-24 16:21 - 2016-02-09 04:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-07-24 16:21 - 2016-02-09 04:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-07-24 16:21 - 2016-02-09 04:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-07-24 16:21 - 2016-02-09 04:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-07-24 16:21 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-07-24 16:21 - 2016-02-09 04:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-07-24 16:21 - 2016-02-03 13:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-07-24 16:21 - 2016-02-03 13:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-07-24 16:21 - 2016-02-03 13:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-07-24 16:21 - 2016-02-03 13:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-07-24 16:21 - 2016-02-03 13:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-07-24 16:21 - 2016-02-02 13:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-07-24 16:21 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-07-24 16:21 - 2015-12-08 14:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-07-24 16:21 - 2015-11-11 13:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-07-24 16:21 - 2015-11-11 13:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-07-24 16:21 - 2015-11-11 13:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-07-24 16:21 - 2015-11-11 13:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-07-24 16:21 - 2015-10-13 11:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-07-24 16:21 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-07-24 16:21 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-07-24 16:21 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-07-24 16:21 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-07-24 16:21 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-07-24 16:21 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-07-24 16:21 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-07-24 16:21 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2016-07-24 16:21 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-07-24 16:21 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-07-24 16:21 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-07-24 16:21 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-07-24 16:21 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2016-07-24 16:21 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-07-24 16:21 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-07-24 16:21 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-07-24 16:21 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-07-24 16:21 - 2015-04-24 13:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2016-07-24 16:21 - 2015-04-24 12:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2016-07-24 16:21 - 2015-04-12 22:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2016-07-24 16:21 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-07-24 16:21 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2016-07-24 16:21 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2016-07-24 16:21 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2016-07-24 16:21 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2016-07-24 16:21 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-07-24 16:21 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-07-24 16:21 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-07-24 16:21 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2016-07-24 16:21 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2016-07-24 16:21 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2016-07-24 16:21 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2016-07-24 16:21 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2016-07-24 16:21 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-07-24 16:21 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-07-24 16:21 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-07-24 16:21 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-07-24 16:21 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-07-24 16:21 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-07-24 16:21 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-07-24 16:21 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-07-24 16:21 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2016-07-24 16:21 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2016-07-24 16:21 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-07-24 16:21 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-07-24 16:21 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2016-07-24 16:21 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2016-07-24 16:21 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-07-24 16:21 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-07-24 16:21 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-07-24 16:21 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2016-07-24 16:21 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-07-24 16:20 - 2016-05-11 12:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-07-24 16:20 - 2016-05-11 10:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-07-24 16:20 - 2016-02-09 04:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-07-24 16:20 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-07-24 16:20 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-07-24 16:20 - 2015-11-13 18:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-07-24 16:20 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-07-24 16:20 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-07-24 16:20 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-07-24 16:20 - 2015-11-03 14:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-07-24 16:20 - 2015-11-03 13:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-07-24 16:20 - 2015-06-01 19:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2016-07-24 16:20 - 2015-06-01 18:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2016-07-24 16:20 - 2015-04-10 22:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2016-07-24 16:20 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-07-24 16:20 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2016-07-24 16:20 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2016-07-24 16:20 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2016-07-24 16:20 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2016-07-24 16:01 - 2016-04-14 11:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-07-24 16:01 - 2016-04-14 11:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-07-24 16:01 - 2016-04-14 11:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-07-24 16:01 - 2016-04-14 11:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-07-24 16:01 - 2016-04-14 11:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-07-24 16:01 - 2016-04-14 11:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-07-24 16:01 - 2016-04-14 10:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-07-24 16:01 - 2016-04-14 10:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-07-24 16:01 - 2016-04-14 10:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-07-24 16:01 - 2016-04-14 10:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-07-24 16:01 - 2016-04-14 10:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-07-24 16:01 - 2016-04-14 10:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-07-24 15:52 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-07-24 15:52 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-07-16 12:46 - 2016-07-18 07:13 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-07-14 13:28 - 2016-07-24 12:00 - 00003480 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2016-07-07 21:00 - 2016-07-07 21:00 - 00000000 ____D C:\Program Files (x86)\LongTailPro
2016-06-29 12:25 - 2016-07-07 19:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-25 10:39 - 2016-06-14 11:41 - 00000670 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1331136939-3758649227-25576793-1001.job
2016-07-25 10:39 - 2016-06-14 11:41 - 00000574 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1331136939-3758649227-25576793-1001.job
2016-07-25 10:39 - 2016-03-16 13:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-25 10:39 - 2016-03-11 18:15 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-25 04:34 - 2009-07-13 23:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-25 04:34 - 2009-07-13 23:45 - 00009712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-25 04:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2016-07-24 23:57 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-24 23:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-07-24 21:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-07-24 20:26 - 2016-03-11 18:15 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-24 19:30 - 2016-03-14 12:29 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-24 19:24 - 2016-06-18 13:59 - 00000000 ____D C:\Program Files (x86)\Java
2016-07-24 19:23 - 2016-06-18 13:59 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-07-24 19:09 - 2016-01-30 14:37 - 00000025 ___SH C:\Windows\SysWOW64\ReadTag.ini
2016-07-24 19:09 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-24 19:09 - 2009-07-13 23:45 - 00428928 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-24 19:06 - 2016-03-17 11:08 - 00021432 _____ C:\bdlog.txt
2016-07-24 19:05 - 2009-07-14 02:47 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-24 19:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-07-24 19:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2016-07-24 19:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-07-24 19:05 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-07-24 17:52 - 2014-03-28 07:56 - 00775964 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-07-24 12:00 - 2016-06-16 19:17 - 00003470 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2016-07-14 13:40 - 2016-03-16 13:13 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 13:40 - 2016-03-16 13:13 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-14 13:40 - 2016-03-16 13:13 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 13:40 - 2016-03-16 13:13 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-14 13:39 - 2016-03-16 13:13 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-07 20:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-07 19:44 - 2016-04-02 13:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-02 14:51 - 2016-06-14 11:41 - 00003704 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1331136939-3758649227-25576793-1001
2016-07-02 14:51 - 2016-06-14 11:41 - 00003608 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1331136939-3758649227-25576793-1001
2016-06-28 22:23 - 2016-03-11 16:35 - 00520032 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2016-06-28 22:20 - 2016-03-11 16:36 - 00299816 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
 
==================== Files in the root of some directories =======
 
2016-03-11 16:25 - 2016-03-11 16:25 - 21572120 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-03-26 12:49 - 2016-03-26 12:49 - 0000088 _____ () C:\Users\Richard\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2016-03-23 16:11 - 2016-03-23 16:11 - 5285376 _____ () C:\Users\Richard\AppData\Roaming\chromedriver221.exe
2016-03-23 16:11 - 2016-03-23 16:11 - 0034476 _____ () C:\Users\Richard\AppData\Roaming\disable_webrtc-1.0.6.xpi
2016-05-23 08:45 - 2016-05-23 08:45 - 1520606 _____ () C:\Users\Richard\AppData\Roaming\GoogleLogin2.zip
2016-03-31 10:18 - 2016-03-31 10:18 - 0000140 _____ () C:\Users\Richard\AppData\Roaming\GWMC-I92M
2016-03-23 16:11 - 2016-03-23 16:11 - 18587648 _____ (PhantomJS) C:\Users\Richard\AppData\Roaming\PhantomJSv211.exe
2016-03-26 12:49 - 2016-07-07 21:00 - 0000268 _____ () C:\Users\Richard\AppData\Roaming\RO39-2M3Q
2016-03-23 16:11 - 2016-03-23 16:11 - 0696952 _____ () C:\Users\Richard\AppData\Roaming\WebDriver.FirefoxExt2520.zip
2016-05-23 08:45 - 2016-05-23 08:46 - 35734349 _____ () C:\Users\Richard\AppData\Roaming\xulrunner.zip
2016-03-11 18:13 - 2016-07-25 10:39 - 0215329 _____ () C:\Users\Richard\AppData\Local\BTServer.log
2016-06-03 09:47 - 2016-07-24 18:01 - 0007667 _____ () C:\Users\Richard\AppData\Local\Resmon.ResmonCfg
2016-03-11 16:37 - 2016-03-11 16:37 - 0417778 _____ () C:\ProgramData\1457732111.bdinstall.bin
2016-03-22 09:15 - 2016-03-22 09:15 - 0025986 _____ () C:\ProgramData\1458656153.bdinstall.bin
2016-03-31 11:57 - 2016-03-31 11:57 - 0025981 _____ () C:\ProgramData\1459443455.bdinstall.bin
2016-04-06 17:43 - 2016-04-06 17:43 - 0019313 _____ () C:\ProgramData\1459982603.bdinstall.bin
2016-03-13 18:20 - 2016-03-13 18:20 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-03-28 07:56 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-03-28 07:56 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-03-28 07:56 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2009-07-29 01:01 - 2009-07-28 13:31 - 0000223 _____ () C:\ProgramData\SetWallpaper.cmd
2009-07-29 01:01 - 2009-07-22 20:04 - 0024576 _____ () C:\ProgramData\SetWallpaper.exe
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-17 03:11
 
==================== End of FRST.txt ============================
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Addition.txt
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-07-2016
Ran by Richard (2016-07-25 10:57:15)
Running from C:\Users\Richard\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-03-11 23:12:43)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1331136939-3758649227-25576793-500 - Administrator - Disabled)
Guest (S-1-5-21-1331136939-3758649227-25576793-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1331136939-3758649227-25576793-1002 - Limited - Enabled)
Richard (S-1-5-21-1331136939-3758649227-25576793-1001 - Administrator - Enabled) => C:\Users\Richard
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{972355AE-5F5A-4858-AC0F-4E9F62E7B164}) (Version: 20.5.20117.43858 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.5.20117.43858 - Alcor Micro Corp.) Hidden
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.1 - ASUS)
ASUS Manager - PC Cleanup (HKLM-x32\...\{E22A19AE-7DDB-4959-B1DB-A0996294352A}) (Version: 1.0.3 - ASUSTeK Computer Inc.)
ASUS Manager - Power Saver (HKLM-x32\...\{4858A8B4-0987-4723-844F-8506BD85501E}) (Version: 1.0.1 - ASUSTeK Computer Inc.)
ASUS Manager - USB Lock (HKLM-x32\...\{1931C916-6CB8-4E4D-8561-EA20C426AE19}) (Version: 1.0.6 - ASUSTeK Computer Inc.)
ASUS Manager - WiFi Hotspot (HKLM-x32\...\{86D2A7CE-1E38-40A4-B990-6D66FB857069}) (Version: 1.0.2 - ASUSTeK Computer Inc.)
ASUS Manager (HKLM-x32\...\{F5E5AD85-4A90-4604-A887-464D3818D8FD}) (Version: 1.0.5 - ASUSTeK Computer Inc.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 3.0.14 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.2 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.68 - ICEpower a/s)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.25.1378 - Bitdefender)
Brave (HKU\S-1-5-21-1331136939-3758649227-25576793-1001\...\Brave) (Version: 0.11.1 - Brave Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.3.54 - Conexant)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.20.0.5174 (HKU\S-1-5-21-1331136939-3758649227-25576793-1001\...\GoToMeeting) (Version: 7.20.0.5174 - CitrixOnline)
GPSinfo version S-0PC-07-1109151 (HKLM-x32\...\{7F8A9255-C043-4895-AFFC-67D900C5D516}_is1) (Version: S-0PC-07-1109151 - Globalsat Worldcom Group)
HP ENVY 5660 series Basic Device Software (HKLM\...\{2C0721C5-0CD8-46BC-9D7D-666D3B171CFF}) (Version: 34.2.117.50647 - Hewlett-Packard Co.)
HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
HP Officejet Pro 6830 Help (HKLM-x32\...\{28693307-6F99-4B5D-9FA3-4D9132DDA716}) (Version: 34.0.0 - Hewlett Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.0.30.473 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.39.1003 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4112 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
Keyword Researcher Pro version 10.932 (HKLM-x32\...\Keyword Researcher Pro_is1) (Version: 10.932 - Clever Gizmos)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LongTailPro - Version 3.1.0 (HKLM-x32\...\com.longtailpro.LongTailPro) (Version: 3.1.0 - Long Tail Media, LLC)
LongTailPro - Version 3.1.0 (x32 Version: 3.1.0 - Long Tail Media, LLC) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1331136939-3758649227-25576793-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{4e7db4cc-d429-40c4-b359-bcc70debf78f}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{e5bb5c4d-7276-4254-8320-5a976f34e056}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
PicPal (HKLM-x32\...\{ED25EE4B-AA7F-44E4-BE5B-A1A3544B1E6F}) (Version: 1.0.0 - ClaimsSoftware)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.4.17 - Prolific Technology INC)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.853.853.032615 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0256 - REALTEK Semiconductor Corp.)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
RS ypExtractor USA Pro version 3.18 (HKLM-x32\...\{11373366-D9AD-45DF-947A-C61ADF747059}_is1) (Version: 3.18 - Redscraper)
RSS Authority Sniper 2.0 (HKLM-x32\...\com.mindlinklabs.RssAuthoritySniper2) (Version: 2.2.1 - UNKNOWN)
RSS Authority Sniper 2.0 (x32 Version: 2.2.1 - UNKNOWN) Hidden
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 5.1 - Screaming Frog Ltd)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
TotalRecovery Pro (Commercial) (HKLM-x32\...\TotalRecovery) (Version: 10.0.8.1 - FarStone Inc.)
Windows Driver Package - ASUS (ATP) Mouse  (01/13/2015 1.0.0.233) (HKLM\...\8335D73177E6D80E7ADC00FED2275758BD28AEFB) (Version: 01/13/2015 1.0.0.233 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.47 - ASUS)
Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1331136939-3758649227-25576793-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Richard\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1331136939-3758649227-25576793-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Richard\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1331136939-3758649227-25576793-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Richard\AppData\Local\Citrix\GoToMeeting\4911\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0024A529-59C1-49D8-93FC-23F1B7186D5F} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2014-05-15] (ASUSTek Computer Inc.)
Task: {0363FC95-B1F4-486E-AC24-C24DAC854E84} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-11] (Google Inc.)
Task: {05A2A898-5561-4571-98ED-356A6870D8C2} - System32\Tasks\ASUS\ASUS Manager BackgroundWindow => C:\Program Files (x86)\ASUS\ASUS Manager\BackgroundWindow.exe [2015-06-04] ()
Task: {0A8990A3-BFF6-4242-BACB-B32850AB0BCC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {1F1E087E-0F07-4DED-AABB-702293483269} - System32\Tasks\ASUS\ASUS Manager - PC Cleanup - SecureDeleteBackground => C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe [2015-01-20] ()
Task: {211C9DC9-C146-40D2-9BBC-C95405C54D6E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-10] (Microsoft Corporation)
Task: {2AA187D7-A0E1-4FD8-850E-5A980310CA1F} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-02-25] (ASUSTek Computer Inc.)
Task: {2F0BC862-43AC-44A1-9E8D-A29D19EB02E6} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-06-03] ()
Task: {4116EA91-772C-49F3-B4DD-D7BAA23E37BD} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-03-18] (AsusTek)
Task: {4390B04B-7749-4762-8E15-A408732425EF} - System32\Tasks\G2MUpdateTask-S-1-5-21-1331136939-3758649227-25576793-1001 => C:\Users\Richard\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe [2016-07-02] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {44336673-B791-4329-84E4-F20B0AAC1988} - System32\Tasks\G2MUploadTask-S-1-5-21-1331136939-3758649227-25576793-1001 => C:\Users\Richard\AppData\Local\Citrix\GoToMeeting\5174\g2mupload.exe [2016-07-02] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {446F6D31-1AC0-42F0-A430-C8FC0EF8B22C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {53CE43B1-2AB0-41E1-AB6D-30FE04B499EA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {60C21111-ECA1-43B4-90D9-A51E38997FAE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-11-13] (Hewlett-Packard)
Task: {6562CE6D-FF9A-46B6-AC4F-7D3DCDAE7B0B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {701B4CB9-8BF6-43D6-988F-6A2B03461564} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7DC30DD6-C7D3-47EB-ADF7-39E8D23ABC6B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {882F60AA-2DF9-418E-8BE2-419F3E38098F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {887C34BC-9EBC-4FFC-AA72-3849AB521BD7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {8891CDAE-B4D2-4B94-A743-0081BF66117E} - \Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 -> No File <==== ATTENTION
Task: {8C6E0F61-A489-42DD-8F8B-C6ACA3086617} - System32\Tasks\Microsoft\Windows\Setup\EOONotify => C:\Windows\EOONotify\EOONotify.exe [2016-07-08] (Microsoft Corporation)
Task: {97B6A9A0-AB5B-44CC-8792-B8355D3E16CD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9AA69EE5-CB39-4F7E-8155-AB9CD76D4160} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-06-03] ()
Task: {9AA7448B-FB62-4FB2-AF07-F2F475DD2EDD} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {AD1543EB-E4F6-4A11-9836-22DBDF465D6A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {B8B9030D-9F7B-4FBA-B44B-3F2A807AC2AD} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe
Task: {D928F1AE-2F53-4C62-99B0-5C73ADA83EE8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {E0C090E6-854C-4F44-BA9C-9EF2374406E0} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-06-03] ()
Task: {E84F9960-EB6B-4F92-B65B-5CFA08B32F63} - System32\Tasks\ASUS\4D36E965-BFC1-11CE-E325-08002BE10318 => C:\Program Files (x86)\ASUS\ASUS Manager\USB Lock\svchost.exe [2015-05-27] () <==== ATTENTION
Task: {EBA43A24-E093-4F40-BC1A-008F66131C99} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F1522C2C-E80C-4395-A44F-C64E1B405FA8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {F3CA0D9C-FB0B-4D6A-873B-A20B4E0FC1C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {F451518F-0A50-4B9E-BD2B-3677395FF66E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-11] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1331136939-3758649227-25576793-1001.job => C:\Users\Richard\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1331136939-3758649227-25576793-1001.job => C:\Users\Richard\AppData\Local\Citrix\GoToMeeting\5174\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Richard\Desktop\Google Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake
ShortcutWithArgument: C:\Users\Richard\Desktop\Richard - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake
ShortcutWithArgument: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Draw.io Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=pebppomjfocnoigkeepgbmcifnnlndla
ShortcutWithArgument: C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake
ShortcutWithArgument: C:\Users\Richard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake
ShortcutWithArgument: C:\Users\Richard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-11 16:36 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-05-09 03:47 - 2016-05-09 03:48 - 01006336 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_005\ashttpbr.mdl
2016-05-09 03:47 - 2016-05-09 03:48 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_005\ashttpdsp.mdl
2016-05-09 03:47 - 2016-05-09 03:48 - 03035488 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_005\ashttpph.mdl
2016-05-09 03:47 - 2016-05-09 03:48 - 01541440 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02251_005\ashttprbl.mdl
2014-08-13 01:30 - 2014-08-13 01:30 - 00073032 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
2016-01-30 14:05 - 2015-03-06 17:49 - 00108248 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2016-01-30 14:31 - 2015-06-30 14:37 - 00210744 _____ () C:\Windows\SysWOW64\AsHookDevice.exe
2014-03-25 04:14 - 2014-03-25 04:14 - 00071024 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DCNTranProc.exe
2016-04-06 15:36 - 2016-06-10 04:05 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-01-30 14:31 - 2015-01-20 20:36 - 00516376 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
2016-01-30 14:31 - 2015-05-27 20:52 - 00023352 _____ () C:\Program Files (x86)\ASUS\ASUS Manager\USB Lock\svchost.exe
2015-07-15 23:39 - 2015-07-14 07:23 - 00401328 _____ () C:\Windows\system32\igfxTray.exe
2016-01-30 14:05 - 2014-07-03 12:22 - 00277720 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe
2014-03-25 04:14 - 2014-03-25 04:14 - 00088576 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\zlibwapi.dll
2015-03-26 01:47 - 2015-03-26 01:47 - 00307200 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBCmdDsp.dll
2014-12-23 01:52 - 2014-12-23 01:52 - 00065536 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FlBckpBk.dll
2015-02-25 22:18 - 2015-02-25 22:18 - 00105984 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\EasyFuncs.dll
2014-12-16 20:23 - 2014-12-16 20:23 - 00223744 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DiskMgr.dll
2014-09-21 21:41 - 2014-09-21 21:41 - 00239104 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\diskpart.dll
2014-11-04 19:44 - 2014-11-04 19:44 - 00017408 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\VDiskConvert.dll
2015-03-26 01:46 - 2015-03-26 01:46 - 00101376 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\BootConfig.dll
2014-03-14 02:04 - 2014-03-14 02:04 - 00012288 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FSFat32.dll
2014-03-14 02:04 - 2014-03-14 02:04 - 00201216 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\NtfsLib.dll
2014-09-03 21:41 - 2014-09-03 21:41 - 00037888 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\RapidClone.dll
2014-08-19 20:23 - 2014-08-19 20:23 - 00075264 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DiskInterface.dll
2014-03-14 02:04 - 2014-03-14 02:04 - 00013312 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\VssNew.dll
2014-12-16 21:18 - 2014-12-16 21:18 - 00311808 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FlBckpRt.dll
2014-11-24 22:22 - 2014-11-24 22:22 - 00089088 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\EfbCheckImg.dll
2014-09-10 19:42 - 2014-09-10 19:42 - 00222720 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\DiskClone.dll
2014-09-21 21:40 - 2014-09-21 21:40 - 00194560 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\EFBSearchTool.dll
2014-09-21 21:40 - 2014-09-21 21:40 - 00022528 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBEventMgr.dll
2014-05-20 22:04 - 2014-05-20 22:04 - 00018432 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FSToken.dll
2014-03-25 04:14 - 2014-03-25 04:14 - 00194048 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\NetTool.dll
2014-03-25 04:14 - 2014-03-25 04:14 - 00157552 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FtpPipeModule.dll
2016-01-30 14:31 - 2015-05-18 18:49 - 00019256 _____ () C:\Windows\SysWOW64\BTLock.dll
2014-03-25 04:14 - 2014-03-25 04:14 - 00091584 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\TransferManager.dll
2014-03-25 04:14 - 2014-03-25 04:14 - 00062832 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\CommonFun.dll
2014-03-25 04:14 - 2014-03-25 04:14 - 00054712 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FTPFunModule.dll
2014-03-25 04:14 - 2014-03-25 04:14 - 00617952 _____ () C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\XpIcfOpt.dll
2014-10-01 20:48 - 2014-10-01 20:48 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2015-02-25 17:15 - 2015-02-25 17:15 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-06-16 18:56 - 2016-06-15 04:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-16 18:56 - 2016-06-15 04:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2016-07-25 10:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1331136939-3758649227-25576793-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{4F402F07-C87D-4059-AEBD-325099D93EE1}] => (Allow) C:\Program Files (x86)\FarStone\TotalRecovery Pro\EFB\FBAgent.exe
FirewallRules: [{087B6F72-7E54-469C-820E-2F1CBC2B2915}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\FaxApplications.exe
FirewallRules: [{9F3C9D24-F55D-4ACD-A9F7-41FBA1E0DE0D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\DigitalWizards.exe
FirewallRules: [{896C34B3-8A77-4FBC-80EE-9EFC3F03F2C2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\SendAFax.exe
FirewallRules: [{89342D2D-9DB3-419A-B437-DB4667A03E86}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exe
FirewallRules: [{D5E978D7-68C3-4CDA-A3CF-13473E83B35F}] => (Allow) LPort=5357
FirewallRules: [{DE2E8D83-83CE-4E27-B901-FB0F26CD47F2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{24F9B3A2-CCA5-4335-BCD1-18F4D29D482E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{86FED50B-5925-4CC0-B509-78FBACC6A33A}] => (Allow) LPort=8298
FirewallRules: [{DE6D91CA-8CD8-45B3-B437-FF99E1201DD1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{075C21DB-374A-47D0-AE32-A382559DACAD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{85B665D7-340F-464B-B6E3-C7D3A875B726}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{EF5FDEF4-D968-412A-9331-6CA543F5D034}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\DeviceSetup.exe
FirewallRules: [{C38CC3B8-FF2F-4D1C-9470-75F0258BE8F9}] => (Allow) C:\Program Files\HP\HP ENVY 5660 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{CF862B34-2804-4C29-BA90-46163D94E923}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8BA18BD1-7F85-4AC5-AAA1-88019F043AF0}] => (Allow) C:\Users\Richard\AppData\Local\Temp\7zS4043\HPDiagnosticCoreUI.exe
FirewallRules: [{29589660-E54E-4EAB-89FF-289B2E699B3B}] => (Allow) C:\Users\Richard\AppData\Local\Temp\7zS4043\HPDiagnosticCoreUI.exe
FirewallRules: [{D7B387A2-1EA4-45B0-AF95-FB2DED7CFFAB}] => (Allow) C:\Users\Richard\AppData\Local\Temp\7zS41B7\HPDiagnosticCoreUI.exe
FirewallRules: [{F6E41EF4-9237-4919-82B8-9E6E7D5646D4}] => (Allow) C:\Users\Richard\AppData\Local\Temp\7zS41B7\HPDiagnosticCoreUI.exe
FirewallRules: [{9846322F-12D3-4B0C-A0DD-A66F64E78BB5}] => (Allow) C:\Users\Richard\AppData\Local\Temp\7zS4709\hppiw.exe
FirewallRules: [{6326216B-6DFF-488A-B8F6-65C91A5454B0}] => (Allow) C:\Users\Richard\AppData\Local\Temp\7zS4709\hppiw.exe
 
==================== Restore Points =========================
 
16-07-2016 15:17:23 Revo Uninstaller Pro's restore point - HitmanPro 3.7
17-07-2016 11:05:31 Revo Uninstaller Pro's restore point - Notepad++
24-07-2016 10:56:53 Revo Uninstaller Pro's restore point - Malwarebytes Anti-Malware version 2.2.1.1043
24-07-2016 16:32:19 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet Pro 6830
Description: Officejet Pro 6830
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/24/2016 09:16:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: expireddomains.plugin.exe, version: 1.0.0.15, time stamp: 0x578c3504
Faulting module name: expireddomains.plugin.exe, version: 1.0.0.15, time stamp: 0x578c3504
Exception code: 0xc0000005
Fault offset: 0x0000000000248691
Faulting process id: 0x1ae0
Faulting application start time: 0xexpireddomains.plugin.exe0
Faulting application path: expireddomains.plugin.exe1
Faulting module path: expireddomains.plugin.exe2
Report Id: expireddomains.plugin.exe3
 
Error: (07/24/2016 10:56:53 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a4870c80-42cc-4aaf-8088-50536d30fd88}
 
Error: (07/17/2016 08:22:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: expireddomains.plugin.exe, version: 1.0.0.14, time stamp: 0x57879a0f
Faulting module name: expireddomains.plugin.exe, version: 1.0.0.14, time stamp: 0x57879a0f
Exception code: 0xc0000005
Fault offset: 0x000000000024840b
Faulting process id: 0x230c
Faulting application start time: 0xexpireddomains.plugin.exe0
Faulting application path: expireddomains.plugin.exe1
Faulting module path: expireddomains.plugin.exe2
Report Id: expireddomains.plugin.exe3
 
Error: (07/16/2016 03:17:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {f1155703-86d9-4908-a888-42d22cfc3f47}
 
Error: (07/08/2016 08:12:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RunDLL32.exe_hpinksts7212.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: HPStatusUI.dll, version: 33.1.73.49987, time stamp: 0x53c9cb11
Exception code: 0xc0000005
Fault offset: 0x000000000004a793
Faulting process id: 0x11c0
Faulting application start time: 0xRunDLL32.exe_hpinksts7212.dll0
Faulting application path: RunDLL32.exe_hpinksts7212.dll1
Faulting module path: RunDLL32.exe_hpinksts7212.dll2
Report Id: RunDLL32.exe_hpinksts7212.dll3
 
Error: (07/07/2016 09:00:13 PM) (Source: MsiInstaller) (EventID: 11730) (User: Richard-PC)
Description: Product: LongTailPro - Version 3.0.49 -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.
 
Error: (07/07/2016 08:52:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program DeviceSetup.exe version 33.1.73.49987 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1220
 
Start Time: 01d1d8b6d3a288b6
 
Termination Time: 16
 
Application Path: C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exe
 
Report Id:
 
Error: (07/07/2016 08:36:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPDiagnosticCoreUI.exe version 4.9.0.26 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 748
 
Start Time: 01d1d8b8ef61f2db
 
Termination Time: 6
 
Application Path: C:\Users\Richard\AppData\Local\Temp\7zS4043\HPDiagnosticCoreUI.exe
 
Report Id: 66cf6c9e-44ac-11e6-92c6-b0c090463470
 
Error: (07/01/2016 11:39:43 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (07/01/2016 11:39:43 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (07/24/2016 07:14:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error: 
%%16405
 
Error: (07/24/2016 07:12:05 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: CBS Client initialization failed. Last error: 0x80080005
 
Error: (07/24/2016 07:12:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (07/24/2016 07:09:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:07:03 PM on ‎7/‎24/‎2016 was unexpected.
 
Error: (07/24/2016 07:07:16 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
 
Error: (07/24/2016 07:06:46 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
 
Error: (07/24/2016 06:59:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4.5 on Windows 7, Vista, Windows Server 2008, Windows Server 2008 R2 for x64 (KB2861208).
 
Error: (07/24/2016 06:58:42 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (07/24/2016 06:30:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB3146963).
 
Error: (07/24/2016 06:30:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 and Windows Server 2008 R2 SP1 for x64 (KB3072305).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 42%
Total physical RAM: 8090.98 MB
Available physical RAM: 4680.13 MB
Total Virtual: 16180.14 MB
Available Virtual: 11874.54 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:118.79 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:254.24 GB) (Free:254.05 GB) NTFS
Drive e: (GPS Receiver) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 76866C16)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

Attached Files



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 25 July 2016 - 03:46 PM

Greetings Rich,

Thank you for the information.

Have you changed the password on your Google account?

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
HKU\S-1-5-21-1331136939-3758649227-25576793-1001\...\MountPoints2: {f41f3fd0-c783-11e5-814a-806e6f6e6963} - E:\auto.exe
SearchScopes: HKU\S-1-5-21-1331136939-3758649227-25576793-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://search.conduit.com/?ctid=CT3323897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP346DFB3B-5274-47F1-BC8D-3CD43A6F888D&
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2014-03-28 07:56 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-03-28 07:56 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-03-28 07:56 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Task: {53CE43B1-2AB0-41E1-AB6D-30FE04B499EA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent
Task: {701B4CB9-8BF6-43D6-988F-6A2B03461564} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime 
Task: {7DC30DD6-C7D3-47EB-ADF7-39E8D23ABC6B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig 
Task: {882F60AA-2DF9-418E-8BE2-419F3E38098F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent 
Task: {8891CDAE-B4D2-4B94-A743-0081BF66117E} - \Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 
Task: {97B6A9A0-AB5B-44CC-8792-B8355D3E16CD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess 
Task: {9AA7448B-FB62-4FB2-AF07-F2F475DD2EDD} - \Microsoft\Windows\Setup\gwx\rundetector 
Task: {AD1543EB-E4F6-4A11-9836-22DBDF465D6A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime 
Task: {EBA43A24-E093-4F40-BC1A-008F66131C99} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B 
Task: {EBA43A24-E093-4F40-BC1A-008F66131C99} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
File: C:\Users\Richard\AppData\Roaming\chromedriver221.exe
File: C:\Users\Richard\Desktop\Plugins\Expired Domain Finder\expireddomains.plugin.exe
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Adware Removal Tool by TSA

--------------------
  • Please download Adware Removal Tool and save it to your Desktop.
  • Right click on the icon and select Run as administrator.
  • Select: Yes, I agree.
  • Click Scan.
  • If objects are found, click OK.
  • Review the log and uncheck any items you want to keep (somewhat uncommon).
  • Click Clean.
  • If requested, click OK to close any open browsers.
  • Click OK after the cleaning process has Successfully Finished.
  • Click Save this Result and save the file to your Desktop asART.txt.
  • Confirm the file was successfully saved.
  • Click Finished, then close the browser that will open.
  • Copy and paste ART.txt
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Changed Google password?
  • Fixlog
  • ART log
  • AdwCleaner log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 later6868

later6868
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 25 July 2016 - 07:03 PM

I changed my G password a little over 3 months ago
 
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 24-07-2016
Ran by Richard (2016-07-25 18:03:33) Run:1
Running from C:\Users\Richard\Downloads\Malware Stuff
Loaded Profiles: Richard (Available Profiles: Richard)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-1331136939-3758649227-25576793-1001\...\MountPoints2: {f41f3fd0-c783-11e5-814a-806e6f6e6963} - E:\auto.exe
SearchScopes: HKU\S-1-5-21-1331136939-3758649227-25576793-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://search.conduit.com/?ctid=CT3323897&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP346DFB3B-5274-47F1-BC8D-3CD43A6F888D&
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2014-03-28 07:56 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-03-28 07:56 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-03-28 07:56 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Task: {53CE43B1-2AB0-41E1-AB6D-30FE04B499EA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent
Task: {701B4CB9-8BF6-43D6-988F-6A2B03461564} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime 
Task: {7DC30DD6-C7D3-47EB-ADF7-39E8D23ABC6B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig 
Task: {882F60AA-2DF9-418E-8BE2-419F3E38098F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent 
Task: {8891CDAE-B4D2-4B94-A743-0081BF66117E} - \Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 
Task: {97B6A9A0-AB5B-44CC-8792-B8355D3E16CD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess 
Task: {9AA7448B-FB62-4FB2-AF07-F2F475DD2EDD} - \Microsoft\Windows\Setup\gwx\rundetector 
Task: {AD1543EB-E4F6-4A11-9836-22DBDF465D6A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime 
Task: {EBA43A24-E093-4F40-BC1A-008F66131C99} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B 
Task: {EBA43A24-E093-4F40-BC1A-008F66131C99} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
File: C:\Users\Richard\AppData\Roaming\chromedriver221.exe
File: C:\Users\Richard\Desktop\Plugins\Expired Domain Finder\expireddomains.plugin.exe
*****************
 
"HKU\S-1-5-21-1331136939-3758649227-25576793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f41f3fd0-c783-11e5-814a-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{f41f3fd0-c783-11e5-814a-806e6f6e6963} => key not found. 
HKU\S-1-5-21-1331136939-3758649227-25576793-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Chrome StartupUrls => removed successfully
MBAMSwissArmy => service removed successfully
C:\ProgramData\SetStretch.cmd => moved successfully
C:\ProgramData\SetStretch.exe => moved successfully
C:\ProgramData\SetStretch.VBS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53CE43B1-2AB0-41E1-AB6D-30FE04B499EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53CE43B1-2AB0-41E1-AB6D-30FE04B499EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{701B4CB9-8BF6-43D6-988F-6A2B03461564}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{701B4CB9-8BF6-43D6-988F-6A2B03461564}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DC30DD6-C7D3-47EB-ADF7-39E8D23ABC6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DC30DD6-C7D3-47EB-ADF7-39E8D23ABC6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{882F60AA-2DF9-418E-8BE2-419F3E38098F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{882F60AA-2DF9-418E-8BE2-419F3E38098F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8891CDAE-B4D2-4B94-A743-0081BF66117E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8891CDAE-B4D2-4B94-A743-0081BF66117E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97B6A9A0-AB5B-44CC-8792-B8355D3E16CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97B6A9A0-AB5B-44CC-8792-B8355D3E16CD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9AA7448B-FB62-4FB2-AF07-F2F475DD2EDD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AA7448B-FB62-4FB2-AF07-F2F475DD2EDD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD1543EB-E4F6-4A11-9836-22DBDF465D6A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD1543EB-E4F6-4A11-9836-22DBDF465D6A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EBA43A24-E093-4F40-BC1A-008F66131C99}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBA43A24-E093-4F40-BC1A-008F66131C99}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBA43A24-E093-4F40-BC1A-008F66131C99} => key not found. 
 
========================= File: C:\Users\Richard\AppData\Roaming\chromedriver221.exe ========================
 
File not signed
MD5: 891D38952DE81621931D8A49F67E7B51
Creation and modification date: 2016-03-23 16:11 - 2016-03-23 16:11
Size: 5285376
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========================= File: C:\Users\Richard\Desktop\Plugins\Expired Domain Finder\expireddomains.plugin.exe ========================
 
File is digitally signed
MD5: 38FDFC32A1B436F501C0C50C713FCD89
Creation and modification date: 2016-06-15 20:08 - 2016-07-25 21:44
Size: 6742488
Attributes: ----A
Company Name: Softtouch Software Design
Internal Name: Expired Domain Finder
Original Name: 
Product: Expired Domain Finder
Description: Expired Domain Finder
File Version: 1.0.0.16
Product Version: 1.0.0.0
Copyright: ©2016 Scrapebox.com
 
====== End of File: ======
 
 
==== End of Fixlog 18:03:35 ====
 
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 
ART.txt
 
[-] Deleted ->> File ->> C:\Users\Richard\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage
[-] Deleted ->> File ->> C:\Users\Richard\Appdata\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal
[-] Deleted ->> File ->> C:\Windows\Prefetch\UPDATECHECKER.EXE-BCDC56E1.pf
[-] Deleted ->> Registry Key ->> HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome
 
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 
# AdwCleaner v5.201 - Logfile created 25/07/2016 at 18:55:46
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-25.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Richard - RICHARD-PC
# Running from : C:\Users\Richard\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
[-] Folder Deleted : C:\Users\Richard\AppData\Local\Geckofx
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage
[-] File Deleted : C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kbfnbcaeplbcioakkpcpgfkobkghlhen_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\INSTALLPATH\STATUS
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : cknebhggccemgcnbidipinkifmmegdel
[-] [C:\Users\Richard\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : kbfnbcaeplbcioakkpcpgfkobkghlhen
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1600 bytes] - [25/07/2016 18:55:46]
C:\AdwCleaner\AdwCleaner[S1].txt - [1711 bytes] - [25/07/2016 18:40:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1746 bytes] ##########
 

 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 25 July 2016 - 09:06 PM

Thank you. Are you familiar with this?

Expired Domain Finder


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 later6868

later6868
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 25 July 2016 - 09:56 PM

Yes I am. It's a plugin used for SEO purposes. 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 26 July 2016 - 01:23 PM

Thank you for clarifying that.

Please create a System Restore Point then run RogueKiller again. Delete all items except for:
 

¤¤¤ Processes : 2 ¤¤¤
[Proc.Svchost] svchost.exe(6048) -- C:\Program Files (x86)\ASUS\ASUS Manager\USB Lock\svchost.exe[7] -> Found


Copy and paste the report in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 later6868

later6868
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 26 July 2016 - 04:29 PM

Hi Gary -

 

There's nothing to report. I ran RK and the only thing that it caught was the one item you instructed me to not include.

 

So I assume my system is now clean??

 

Can you explain what my system may have caught?

 

When I originally wrote the topic headline, I mistakenly wrote "Hundreds G searches per hour...". The correct headline should have been "Hundreds G searches per minute".

 

Rich



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 26 July 2016 - 07:47 PM

Are you currently experiencing Google searches or a slowdown in browser speed?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 later6868

later6868
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 26 July 2016 - 08:31 PM

No, sir.

 

I just double checked myactivity.google(.)com. I've had no multi-search queries in the last 36 hrs.

 

Thank you so very much.

 

Can you enlighten me as to what I may have had? If you're too busy to reply because of you assisting others, I'll understand if you don't reply.

 

If I don't hear back....Thanks!



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 26 July 2016 - 08:51 PM

Greetings,

I can't really tell you how you were infected but I believe what you had is known as a Man in the Middle attack. Basically your computer was being utilized to send out a large volume of web traffic, as you already know. What you may not have known is often times a large number of computers are compromised in the same way and used by attackers to conduct a DDoS attack.

Happy reading!

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif

Edited by Oh My!, 26 July 2016 - 08:53 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 later6868

later6868
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:23 AM

Posted 26 July 2016 - 09:18 PM

Gary, Thank you again for all your help!

 

I've donated to the defense fund. Good Luck!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users