Ready to clean


Recommended Posts

Howdy Barba and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Do Not Remove anything or run any tools/programs until advised to do so !


Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  

 

---------------------------------------------------------------

 

AdwCleaner
       
Please download  https://toolslib.net/downloads/viewdownload/1-adwcleaner/ by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the "Clean" button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.


 Please post this log when the program is done !!

 

NEXT


    Download the free version Malwarebytes' Anti-Malware (save it to your desktop).  >>> https://www.malwarebytes.org/antimalware/
     
      * Windows XP : Double click on the icon to run it.
      *  Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
      
* On the Dashboard click on Update Now
* Go to the Setting Tab
* Under Setting go to Detection and Protection
* Under PUP and PUM make sure both are set to show Treat Detections as Malware
* Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
* Then on the Dashboard click on Scan
* Make sure to select THREAT SCAN
* Then click on Scan

When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes
   
 
==========================

 

NEXT

 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   

 

Post Next:
1. AdwCleaner log
2. Malwarebytes Log
3. OTL.txt and Extras.txt (if a Extras.txt is produced)


Thanks
Chuck

 

 

 

Link to post
Share on other sites

# AdwCleaner 7.0.8.0 - Logfile created on Tue Mar 13 01:54:44 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
Deleted: C:\Users\Owner\AppData\Local\YSearchUtil
Deleted: C:\Program Files (x86)\Yahoo!\yset


***** [ Files ] *****

Deleted: C:\Users\Owner\Downloads\DRIVERUPDATE-SETUP.EXE


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d2m2wsoho8qq12.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.aol.com
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BingProvidedSearch
Deleted: [Key] - HKU\S-1-5-21-1597461494-781392241-1313931377-1000\Software\BingProvidedSearch
Deleted: [Key] - HKCU\Software\BingProvidedSearch
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Deleted: [Key] - HKU\S-1-5-21-1597461494-781392241-1313931377-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
Deleted: [Key] - HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: PDFConverterHQ - 
Plugin deleted: FunSafeTab - 
SearchProvider deleted: Ask - websearch.ask.com
SearchProvider deleted: Conduit - search.conduit.com


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[C1].txt - [69511 B] - [2016/2/23 18:51:14]
C:/AdwCleaner/AdwCleaner[S1].txt - [2859 B] - [2016/2/23 18:49:4]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/12/18
Scan Time: 8:19 PM
Log File: eda2e506-2664-11e8-89b6-c0cb38b3f14c.json
Administrator: Yes

-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4322
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner-PC\Owner

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323303
Threats Detected: 184
Threats Quarantined: 184
Time Elapsed: 8 min, 11 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 49
PUP.Optional.ArcadeFrontier, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}, Quarantined, [3142], [175496],1.0.4322
PUP.Optional.ArcadeFrontier, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}, Quarantined, [3142], [175496],1.0.4322
PUP.Optional.ArcadeFrontier, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}, Quarantined, [3142], [175496],1.0.4322
PUP.Optional.ArcadeFrontier, HKU\S-1-5-21-1597461494-781392241-1313931377-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}, Quarantined, [3142], [175496],1.0.4322
PUP.Optional.ArcadeFrontier, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}, Quarantined, [3142], [175496],1.0.4322
PUP.Optional.ArcadeFrontier, HKU\S-1-5-21-1597461494-781392241-1313931377-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}, Quarantined, [3142], [175496],1.0.4322
PUP.Optional.ArcadeFrontier, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}, Quarantined, [3142], [175496],1.0.4322
PUP.Optional.ArcadeFrontier, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}\InprocServer32, Quarantined, [3142], [175496],1.0.4322
PUP.Optional.ArcadeFrontier, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6C8DB2EC-499B-4897-A784-0E3186C97E9D}\InprocServer32, Quarantined, [3142], [175496],1.0.4322
PUP.Optional.MindSpark, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\APPDATALOW\SOFTWARE\CursorMania_7l, Quarantined, [236], [240440],1.0.4322
PUP.Optional.FunWebProducts, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\APPDATALOW\SOFTWARE\Fun Web Products, Quarantined, [8620], [238589],1.0.4322
PUP.Optional.FunWebProducts, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\APPDATALOW\SOFTWARE\FunWebProducts, Quarantined, [8620], [238590],1.0.4322
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, Quarantined, [6], [235425],1.0.4322
PUP.Optional.Conduit.Generic, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\JHBBMMGBNJALCCAMLAEFHEPNAJFMGOPB, Quarantined, [1777], [443284],1.0.4322
PUP.Optional.Conduit.Generic, HKU\S-1-5-21-1597461494-781392241-1313931377-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jhbbmmgbnjalccamlaefhepnajfmgopb, Quarantined, [1777], [443284],1.0.4322
PUP.Optional.BetterBrain, HKLM\SOFTWARE\WOW6432NODE\BetterBrain_1.10.0.2, Quarantined, [9609], [235766],1.0.4322
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111991162}, Quarantined, [204], [237508],1.0.4322
PUP.Optional.MindSpark, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\CursorMania_7l, Quarantined, [236], [240556],1.0.4322
PUP.Optional.Conduit.Generic, HKU\S-1-5-21-1597461494-781392241-1313931377-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHCT3315828, Quarantined, [1777], [443523],1.0.4322
PUP.Optional.ASK, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3701ae53-8d45-4479-89e5-53f77550a256}, Quarantined, [480], [245523],1.0.4322
PUP.Optional.MyWebSearch, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}, Quarantined, [1976], [241108],1.0.4322
PUP.Optional.SaveValet, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\SOCIALBIT\IE\SaveValet, Quarantined, [9846], [242570],1.0.4322
PUP.Optional.Vosteran, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, Quarantined, [6685], [244631],1.0.4322
PUP.Optional.ArcadeFrontier, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{9BC285BF-A07F-4A55-883F-8A0F9AAA6071}, Quarantined, [3142], [235560],1.0.4322
PUP.Optional.ArcadeFrontier, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{9BC285BF-A07F-4A55-883F-8A0F9AAA6071}, Quarantined, [3142], [235560],1.0.4322
PUP.Optional.ArcadeFrontier, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ArcadeFrontier, Quarantined, [3142], [235560],1.0.4322
PUP.Optional.OpenCandy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OpenCandyHelperRunAsStandardUserA1C8E64CD0B64286BD1353E0D1936F63, Quarantined, [478], [241417],1.0.4322
PUP.Optional.OpenCandy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OpenCandyHelperRunOnce1F8B86E01479407EB76366F0711D8866, Quarantined, [478], [241417],1.0.4322
PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [6685], [160319],1.0.4322
PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [6685], [160319],1.0.4322
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [6685], [160319],1.0.4322
PUP.Optional.ASK, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{07B18EA9-A523-4961-B6BB-170DE4475CCA}, Quarantined, [480], [407902],1.0.4322
PUP.Optional.ASK, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{07B18EA9-A523-4961-B6BB-170DE4475CCA}, Quarantined, [480], [407902],1.0.4322
PUP.Optional.Wajam, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [73], [168989],1.0.4322
PUP.Optional.Wajam, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [73], [168989],1.0.4322
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [73], [-1],0.0.0
PUP.Optional.Yontoo, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [30], [169049],1.0.4322
PUP.Optional.Yontoo, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Quarantined, [30], [169049],1.0.4322
PUP.Optional.Yontoo, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, Quarantined, [30], [-1],0.0.0
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, Quarantined, [30], [-1],0.0.0
PUP.Optional.Yontoo, HKLM\SOFTWARE\POLICIES\CHROMIUM, Quarantined, [30], [-1],0.0.0
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\POLICIES\CHROMIUM, Quarantined, [30], [-1],0.0.0
PUP.Optional.MindSpark, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{76CAB667-1CD5-410F-8047-B08AB01A92A2}, Quarantined, [236], [168351],1.0.4322
PUP.Optional.MindSpark, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{76CAB667-1CD5-410F-8047-B08AB01A92A2}, Quarantined, [236], [168351],1.0.4322
PUP.Optional.MindSpark, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{936D1CC6-4508-4607-9638-8C714E9DC809}, Quarantined, [236], [168384],1.0.4322
PUP.Optional.MindSpark, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{936D1CC6-4508-4607-9638-8C714E9DC809}, Quarantined, [236], [168384],1.0.4322
PUP.Optional.MindSpark, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2D38D9EF-B94E-4ED8-8564-3AC2CF8B88F7}, Quarantined, [236], [168255],1.0.4322
PUP.Optional.MindSpark, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2D38D9EF-B94E-4ED8-8564-3AC2CF8B88F7}, Quarantined, [236], [168255],1.0.4322
PUP.Optional.ASK, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [480], [306571],1.0.4322

Registry Value: 26
PUP.Optional.Conduit.Generic, HKU\S-1-5-21-1597461494-781392241-1313931377-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jhbbmmgbnjalccamlaefhepnajfmgopb|PATH, Quarantined, [1777], [443284],1.0.4322
PUP.Optional.CrossRider, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{21111111-1111-1111-1111-110111991162}|APPNAME, Quarantined, [204], [237508],1.0.4322
PUP.Optional.Conduit.Generic, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jhbbmmgbnjalccamlaefhepnajfmgopb|PATH, Quarantined, [1777], [443285],1.0.4322
PUP.Optional.ASK, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3701ae53-8d45-4479-89e5-53f77550a256}|DISPLAYNAME, Quarantined, [480], [245523],1.0.4322
PUP.Optional.ASK, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3701ae53-8d45-4479-89e5-53f77550a256}|URL, Quarantined, [480], [245522],1.0.4322
PUP.Optional.MyWebSearch, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}|URL, Quarantined, [1976], [241108],1.0.4322
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|[email protected], Quarantined, [236], [240765],1.0.4322
PUP.Optional.ASK, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{07B18EA9-A523-4961-B6BB-170DE4475CCA}, Quarantined, [480], [407902],1.0.4322
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-1597461494-781392241-1313931377-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-1597461494-781392241-1313931377-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-1597461494-781392241-1313931377-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, [73], [-1],0.0.0
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [73], [-1],0.0.0
PUP.Optional.MindSpark, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{2D38D9EF-B94E-4ED8-8564-3AC2CF8B88F7}, Quarantined, [236], [168255],1.0.4322
PUP.Optional.MindSpark, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{2D38D9EF-B94E-4ED8-8564-3AC2CF8B88F7}, Quarantined, [236], [168255],1.0.4322
PUP.Optional.MindSpark, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{2D38D9EF-B94E-4ED8-8564-3AC2CF8B88F7}, Quarantined, [236], [168255],1.0.4322
PUP.Optional.ASK, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{07B18EA9-A523-4961-B6BB-170DE4475CCA}, Quarantined, [480], [407902],1.0.4322
PUP.Optional.MindSpark, HKU\S-1-5-21-1597461494-781392241-1313931377-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{5b9e2a0b-c94b-46a5-b53c-5892834c0d3e}, Quarantined, [236], [168319],1.0.4322

Registry Data: 2
PUM.Optional.DisableShowSearch, HKU\S-1-5-21-1597461494-781392241-1313931377-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWSEARCH, Replaced, [14129], [293317],1.0.4322
PUM.Optional.DisableShowSearch, HKU\S-1-5-21-1597461494-781392241-1313931377-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWSEARCH, Replaced, [14129], [293317],1.0.4322

Data Stream: 0
(No malicious items detected)

Folder: 13
PUP.Optional.ArcadeFrontier, C:\USERS\OWNER\APPDATA\LOCAL\ARCADEFRONTIER, Quarantined, [3142], [175496],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\_metadata, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\config, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\icons, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\dnflpnhpbffehddplcdlohealbgbbamk, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL EXTENSION SETTINGS\DNFLPNHPBFFEHDDPLCDLOHEALBGBBAMK, Quarantined, [236], [420408],1.0.4322
PUP.Optional.WinYahoo.TskLnk, C:\USERS\OWNER\APPDATA\LOCAL\{F3E0C5BC-D748-A904-BAD0-8CEC9EB87074}, Quarantined, [486], [484244],1.0.4322
PUP.Optional.FunSafeTab.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnlbdpolmifimkefonejdjlghkmgnej\0.7_1\_metadata, Quarantined, [7313], [495186],1.0.4322
PUP.Optional.FunSafeTab.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnlbdpolmifimkefonejdjlghkmgnej\0.7_1, Quarantined, [7313], [495186],1.0.4322
PUP.Optional.FunSafeTab.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GJNLBDPOLMIFIMKEFONEJDJLGHKMGNEJ, Quarantined, [7313], [495186],1.0.4322

File: 94
PUP.Optional.ArcadeFrontier, C:\Users\Owner\AppData\Local\ArcadeFrontier\ArcadeFrontier.dll, Quarantined, [3142], [175496],1.0.4322
PUP.Optional.ArcadeFrontier, C:\Users\Owner\AppData\Local\ArcadeFrontier\user.ini, Quarantined, [3142], [175496],1.0.4322
PUP.Optional.ArcadeFrontier, C:\WINDOWS\TASKS\ARCADEFRONTIER.JOB, Quarantined, [3142], [235557],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnflpnhpbffehddplcdlohealbgbbamk\000003.log, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnflpnhpbffehddplcdlohealbgbbamk\CURRENT, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnflpnhpbffehddplcdlohealbgbbamk\LOCK, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnflpnhpbffehddplcdlohealbgbbamk\LOG, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dnflpnhpbffehddplcdlohealbgbbamk\MANIFEST-000001, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\config\config.json, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\config\extension-config.json, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\config\extension-dev-config.json, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\icons\icon128.png, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\icons\icon16.png, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\icons\icon19disabled.png, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\icons\icon19on.png, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\icons\icon48.png, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\ajax.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\background.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\chrome.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\content_script.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\dlp.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\dlpHelper.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\extension_detect.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\genericLoadRemoteSettings.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\index.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\initOfferCEF.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\logger.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\offerService.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\pageUtils.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\PartnerId.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\product.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\storage.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\TabManager.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\TemplateParser.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\ul.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\urlFragmentActions.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\urlUtils.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\util.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\js\webtooltabAPI.js, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\_metadata\verified_contents.json, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\dynamicNewTab.html, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\manifest.json, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\productnewtab.html, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnflpnhpbffehddplcdlohealbgbbamk\13.421.12.41215_1\stubby.html, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dnflpnhpbffehddplcdlohealbgbbamk\000003.log, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dnflpnhpbffehddplcdlohealbgbbamk\CURRENT, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dnflpnhpbffehddplcdlohealbgbbamk\LOCK, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dnflpnhpbffehddplcdlohealbgbbamk\LOG, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dnflpnhpbffehddplcdlohealbgbbamk\LOG.old, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\dnflpnhpbffehddplcdlohealbgbbamk\MANIFEST-000001, Quarantined, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [236], [420408],1.0.4322
PUP.Optional.MindSpark, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [236], [420408],1.0.4322
PUP.Optional.WinYahoo.TskLnk, C:\USERS\OWNER\APPDATA\LOCAL\{F3E0C5BC-D748-A904-BAD0-8CEC9EB87074}\dana, Quarantined, [486], [484244],1.0.4322
PUP.Optional.WinYahoo.TskLnk, C:\Users\Owner\AppData\Local\{F3E0C5BC-D748-A904-BAD0-8CEC9EB87074}\config.dat, Quarantined, [486], [484244],1.0.4322
PUP.Optional.WinYahoo.TskLnk, C:\Users\Owner\AppData\Local\{F3E0C5BC-D748-A904-BAD0-8CEC9EB87074}\info.dat, Quarantined, [486], [484244],1.0.4322
PUP.Optional.WinYahoo.TskLnk, C:\Users\Owner\AppData\Local\{F3E0C5BC-D748-A904-BAD0-8CEC9EB87074}\install.log, Quarantined, [486], [484244],1.0.4322
PUP.Optional.WinYahoo.TskLnk, C:\Users\Owner\AppData\Local\{F3E0C5BC-D748-A904-BAD0-8CEC9EB87074}\Sqlite3.dll, Quarantined, [486], [484244],1.0.4322
PUP.Optional.WinYahoo.TskLnk, C:\Users\Owner\AppData\Local\{F3E0C5BC-D748-A904-BAD0-8CEC9EB87074}\STTL.DAT, Quarantined, [486], [484244],1.0.4322
PUP.Optional.WinYahoo.TskLnk, C:\Users\Owner\AppData\Local\{F3E0C5BC-D748-A904-BAD0-8CEC9EB87074}\TTL.DAT, Quarantined, [486], [484244],1.0.4322
PUP.Optional.WinYahoo.TskLnk, C:\Users\Owner\AppData\Local\{F3E0C5BC-D748-A904-BAD0-8CEC9EB87074}\uninst.dat, Quarantined, [486], [484244],1.0.4322
PUP.Optional.FunSafeTab.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [7313], [495186],1.0.4322
PUP.Optional.FunSafeTab.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [7313], [495186],1.0.4322
PUP.Optional.FunSafeTab.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [7313], [495186],1.0.4322
PUP.Optional.FunSafeTab.Generic, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GJNLBDPOLMIFIMKEFONEJDJLGHKMGNEJ\0.7_1\MANIFEST.JSON, Quarantined, [7313], [495186],1.0.4322
PUP.Optional.FunSafeTab.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnlbdpolmifimkefonejdjlghkmgnej\0.7_1\_metadata\verified_contents.json, Quarantined, [7313], [495186],1.0.4322
PUP.Optional.FunSafeTab.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnlbdpolmifimkefonejdjlghkmgnej\0.7_1\background.js, Quarantined, [7313], [495186],1.0.4322
PUP.Optional.FunSafeTab.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnlbdpolmifimkefonejdjlghkmgnej\0.7_1\logo.png, Quarantined, [7313], [495186],1.0.4322
PUP.Optional.FunSafeTab.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnlbdpolmifimkefonejdjlghkmgnej\0.7_1\redirect.html, Quarantined, [7313], [495186],1.0.4322
PUP.Optional.FunSafeTab.Generic, C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnlbdpolmifimkefonejdjlghkmgnej\0.7_1\redirect.js, Quarantined, [7313], [495186],1.0.4322
PUP.Optional.APNToolBar, C:\USERS\OWNER\APPDATA\LOCAL\DOWNLOADED INSTALLATIONS\{7A3198DD-50DC-4BD2-816B-536AA0D573DE}\THE WEATHER CHANNEL APP.MSI, Quarantined, [6035], [76243],1.0.4322
PUP.Optional.APNToolBar, C:\USERS\OWNER\APPDATA\LOCAL\DOWNLOADED INSTALLATIONS\{BF3589D3-BF62-48FE-9405-C2FB81574783}\THE WEATHER CHANNEL APP.MSI, Quarantined, [6035], [76243],1.0.4322
PUP.Optional.WinYahoo, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [58], [454790],1.0.4322
PUP.Optional.WinYahoo, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [58], [454790],1.0.4322
PUP.Optional.Binkiland, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [2346], [455060],1.0.4322
PUP.Optional.Binkiland, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [2346], [455060],1.0.4322
PUP.Optional.Conduit, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [529], [454832],1.0.4322
PUP.Optional.Conduit, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [529], [454832],1.0.4322
PUP.Optional.Vosteran, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [6685], [455253],1.0.4322
PUP.Optional.Binkiland, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [2346], [455060],1.0.4322
PUP.Optional.Binkiland, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [2346], [455060],1.0.4322
PUP.Optional.ASK, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [480], [454827],1.0.4322
PUP.Optional.ASK, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [480], [454827],1.0.4322
PUP.Optional.Conduit, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [529], [454832],1.0.4322
PUP.Optional.Binkiland, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [2346], [455060],1.0.4322
PUP.Optional.WinYahoo, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [58], [454790],1.0.4322
PUP.Optional.WinYahoo, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [58], [454790],1.0.4322
PUP.Optional.Conduit, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [529], [454832],1.0.4322
PUP.Optional.Vosteran, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [6685], [455253],1.0.4322
PUP.Optional.Vosteran, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [6685], [455253],1.0.4322
PUP.Optional.Conduit, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [529], [454832],1.0.4322
PUP.Optional.Binkiland, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [2346], [455060],1.0.4322
PUP.Optional.Binkiland, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [2346], [455060],1.0.4322
PUP.Optional.Vosteran, C:\USERS\OWNER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [6685], [455253],1.0.4322

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Barba, a lot of these have been in there for awhile so glad we got rid of those !!

After you post the OTL log next i will write up a OTL fix for you to run !!

Thanks

Chuck

Link to post
Share on other sites

OTL Extras logfile created on: 3/12/2018 8:46:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18920)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 45.80% Memory free
7.60 Gb Paging File | 5.25 Gb Available in Paging File | 69.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 364.80 Gb Free Space | 80.89% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1597461494-781392241-1313931377-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{098E3C34-BF13-4F94-ABE9-5BC23604E5B5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{11442C6F-8100-4A07-AA75-061F318D0AFD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{13328537-0EB2-4352-B095-88005C15BE05}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1A31D1A8-B488-4456-A136-F36C028DCF02}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{25E2D511-190B-40E7-91C7-422632DA4EAF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{3131A9C8-B505-4293-8BBC-1069989C70FA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{320A7D1B-A5EF-43F8-9E71-92DE35D2F2A4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{3820754C-A653-4CE1-9BE4-84082E950705}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{38D3188A-3843-47AD-9120-D79C140E86AA}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{38D896A2-7395-4CC3-BBE3-B2D1674AD0A8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3A0B0733-7B98-4552-B400-A43CBA09EA3E}" = lport=7681 | protocol=17 | dir=in | app=c:\program files (x86)\netratingsnetsight\netsight\nielsenonline.exe | 
"{4D21333A-C184-4199-86AE-820039D6C9A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{502E1499-1BC5-4B8A-A627-6E2A7D3C9BE0}" = lport=7681 | protocol=6 | dir=in | app=c:\program files (x86)\netratingsnetsight\netsight\nielsenonline.exe | 
"{52041210-3F1F-4C4E-B2B6-BF2E99F6F4F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{580D4649-5DAE-405D-9069-E9721BC6665D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{6288D0D4-9DF2-4A3F-A495-6B4E346649A1}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{6967A2B1-206B-4719-B1C9-94E85FC6C49E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6A1DB561-0644-4E93-9E6C-38BBBDA59135}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F7586C4-0582-4D34-BE01-5438B37A4070}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{80E9E7D9-9065-4547-A21C-656082813E6F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{96A6E96F-521A-4D23-A031-658C20F34A7A}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{A5E52565-7166-4AD7-97A2-C2B48CFCF604}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A6E86CA2-349C-4684-B770-8367A2A62C1E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC87C3C1-7CAC-4283-9F52-EC177B6BBD1B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B51FA3FB-8E9D-43AD-B02C-3A3218B577C7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D17BAC51-44D8-4925-B012-11F4B4CAD542}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D6484AF7-88F2-4561-9ED2-C2D73F373C69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D65E3284-3449-43D8-A39E-D00FC6B069E6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E1C04EA0-EA35-4BFF-B6E7-939A58676623}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{E63CF0B6-30A6-4E0C-B4E9-824D35724A57}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EBCD771A-373D-420D-B7F5-413991AA62D6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ED4C5C07-0139-4D75-A634-14BF38E65101}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EFB1ACCF-CF1C-44C4-A81C-A5D7C6D9EF55}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F1DDEEC3-05BD-4CEB-B53F-AFD85716C111}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{F7A5D398-4573-4677-AE1D-9AA1ED516750}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DA1986A-38F5-4A96-852A-6B9BA5322398}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\waol.exe | 
"{0E5A6213-6C67-43E0-AFC2-2CBA357A6BD2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0F543CC2-F4B1-47CE-89CC-11F590898983}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{131F9425-468C-45D6-8AE6-AF0A3075EF9D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{14181012-D9D6-4989-8E2E-D9D317115427}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{14BB2696-D015-4478-A7FE-3566AA3673B2}" = protocol=47 | dir=in | app=system | 
"{18CD4B02-B392-4DEB-AEBC-22DD449607BF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1B864239-2014-4C15-AF1C-BB1BA5EF4F40}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\waol.exe | 
"{2230A2F9-E0F6-40DF-A07E-AA10A1BF5FF1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2CB3E6B2-E571-4E9C-8BF8-CBE493C781B1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\microsoft shared\office14\office setup controller\promo.exe | 
"{3038785F-7FD0-4394-9AF8-ABA682760F13}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{310DCEBE-B097-4D41-822F-F8D2CCF0B975}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1381157483\ee\aolsoftware.exe | 
"{3367AED9-0672-4A13-BCC0-A16868F75D2C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{3EEB2FF2-67A7-4DE7-8D19-1783AABFA571}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4560D4CD-BD66-42A1-BB37-69739C9B63F4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{45B06C23-44C7-4CD4-8BFF-B6471D3D6F9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{47AADAB9-18C3-4B27-A766-6D1AF0E6170E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{486EA874-B73D-452C-8EE7-FC436E10EE54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{49B89D41-96AF-4A9F-AE48-7BF86C165DED}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{4A92EC2B-B350-4078-9B62-9D2167C68C90}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{5137609A-028C-475E-9367-43F5CCFA0F3E}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\aol.exe | 
"{566A2CD8-21B8-4EF1-A92F-B7C1FF594201}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{633FB75D-31DE-49F1-91A8-E4534255571F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{64FF661D-0843-4E32-BD78-02DF2097C17A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6D938D50-49CC-4B72-851B-B8DC71CA54D8}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{71540CF8-2DE2-4976-8A11-BF182C1A2DF8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{769486DC-8DA1-4A94-B042-FD4EB1E1A7B2}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe | 
"{78F16F72-F329-4569-A425-45225A290EAB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{7DAA2BE4-9AE9-44B8-8348-9DDB8CD563F6}" = protocol=58 | dir=out | [email protected],-28546 | 
"{7EE037BF-6F70-4032-8B3B-6ABB702BE1D9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{80E71FA4-C826-43AD-9FEC-395D5FF1727F}" = protocol=1 | dir=in | [email protected],-28543 | 
"{8589EFD3-41DD-4331-8D7E-53A8DD78E82A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\microsoft shared\office14\office setup controller\promo.exe | 
"{871FEEF0-B4DC-4557-94FE-C69A925A38FD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8758C39D-2D56-475C-8B1D-B2BBF29ACEA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B0366CA-55EA-416E-9E68-AE4F27D8CCB2}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{8B2B1B9C-236D-49C3-8172-F2D2FCEE63F0}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\aol.exe | 
"{8D4F857D-C3B0-481E-9E37-647CAEE16A30}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8FEA3AE8-8195-42DF-B86D-E08F2CDF9DD6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1381157483\ee\aolsoftware.exe | 
"{90587059-0069-4CD1-BFCB-BC1F76B4B069}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{927CC27E-6742-4D66-A12E-AD12776D1C48}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\aolbrowser\aolbrowser.exe | 
"{9306665B-FA35-4DF3-BCA5-6B797ADEA9DD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{954327C4-D1F6-405D-8E4A-AC102F5F5986}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9C4B76BE-FC60-4470-AADA-37F581088ECD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{9EA66A50-83A3-43CA-9768-6D318F521325}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{A0B24491-32B7-4ACD-80F8-19D563A2D233}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{A32A3C63-14C4-4814-AA41-82A962286CB6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{AC8885D6-F39A-4569-BD2F-3302D89C43E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B1700E46-C58C-44BD-9D53-CB3FA42EA027}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{B828315E-50AE-47F8-B4BB-85DB837D3D49}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{BE5E6988-31D3-44A5-B65F-23887E67FB23}" = protocol=6 | dir=out | app=system | 
"{C14D40B3-FF11-4699-A2F8-36D40412C5DE}" = protocol=47 | dir=out | app=system | 
"{C15B4281-AC03-401E-9BE1-B5A28D992D54}" = protocol=1 | dir=out | [email protected],-28544 | 
"{D2D32BFB-8F14-40F3-AB49-D82C391209AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D696B509-C476-42AA-B03C-E5902042092E}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe | 
"{D87EF9B6-9B86-4A72-BE6D-C9437F3A91DC}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{DA8B3ADE-2E5A-4C3A-80F3-1D429591461C}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\aolbrowser\aolbrowser.exe | 
"{E0ABA90E-1736-4ADD-8C9E-7C305901EBF3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EBBB1B62-7660-44B0-AD65-E6F03305E986}" = protocol=58 | dir=in | [email protected],-28545 | 
"{ED603EF1-3A14-4F4F-A603-4E85DDA7ADCE}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | 
"{F7525877-CF6E-43B9-8F9F-6AEA1B808296}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe | 
"{FD9CD8F4-B1DB-40B0-9A39-B40CECCB156A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{FEB2A381-EB83-463E-AD59-44BE28857C03}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe | 
"TCP Query User{57976E31-CACF-492B-9A8C-D68B7B15B5E4}C:\users\owner\appdata\local\directv player\ndspcshowserver.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\directv player\ndspcshowserver.exe | 
"TCP Query User{7B189598-0BB0-4D62-B40F-72C71B21055F}C:\program files (x86)\ibm\spss\statistics\21\stats.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\21\stats.exe | 
"TCP Query User{C400F978-B65B-48D6-B658-046E6DA662B6}C:\users\owner\appdata\local\directv player\ndspcshowserver.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\directv player\ndspcshowserver.exe | 
"TCP Query User{D50BDB1D-995C-4B9E-9E5A-74CA94E94D51}C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe | 
"TCP Query User{F07B72F1-E786-4938-B0C4-FF150D595F26}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{F84BBA71-3B4D-4F19-8E03-195B44B07A42}C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe | 
"UDP Query User{29296940-3AD6-4D2B-AA3A-C7C555ED2AF1}C:\users\owner\appdata\local\directv player\ndspcshowserver.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\directv player\ndspcshowserver.exe | 
"UDP Query User{4158B9A6-7BB7-494A-8AF5-1B98D8DD1562}C:\program files (x86)\ibm\spss\statistics\21\stats.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\21\stats.exe | 
"UDP Query User{7FACC56C-5603-456F-AD23-70DE4AD74FC5}C:\users\owner\appdata\local\directv player\ndspcshowserver.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\directv player\ndspcshowserver.exe | 
"UDP Query User{895BE6B0-74A5-40A7-9D98-5BAADA3F8757}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{CE4A71C4-63DC-41D1-95E6-640866FD11C8}C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe | 
"UDP Query User{F86D30A1-EF8B-4BBB-A345-7FE33694CC67}C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2937FD88-C9D6-4B82-B539-37CD0A572F42}" = Apple Application Support (64-bit)
"{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}" = Apple Mobile Device Support
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes version 3.4.4.2398
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.7.1
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A31C5565-90D9-4615-AE13-94D86C3836C7}" = iTunes
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BF8D7372-5200-4EC7-9FB0-5398D108F81C}" = Intel(R) Wireless Display
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E0C7523C-686B-3EE6-8FB1-CB4339E30EDD}" = Microsoft .NET Framework 4.7.1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04f0c8c0-e0c8-4292-8676-db9174655d7a}" = DIRECTV Player
"{04FED4B6-2CD9-4D93-AACA-6FD1F18EA380}" = Kaltura CaptureSpace Desktop Recorder
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}" = Citrix Online Launcher
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}" = IBM SPSS Statistics 21
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0
"{26A24AE4-039D-4CA4-87B4-2F32180161F0}" = Java 8 Update 161
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3365E735-48A6-4194-9988-CE59AC5AE503}" = Bing Bar
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35DAA04C-1720-4BE3-A920-A03731EC6A1D}" = Google Earth Pro
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{56EC47AA-5813-4FF6-8E75-544026FBEA83}" = Apple Software Update
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81F1C6DE-C053-4C6C-9DE8-ED23D28FA9AB}" = Cozi
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{8C9AA2C1-D07A-48E8-9DD8-471A072947F4}" = Adobe AIR
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-0804-1033-1959-001824265200}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F6430171-B86B-4639-839E-374913E7911D}" = Google Earth
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F9B579C2-D854-300A-BE62-A09EB9D722E4}" = Google Talk Plugin
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}" = Apple Application Support (32-bit)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 28 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 28 NPAPI
"Adobe Flash Player PPAPI" = Adobe Flash Player 28 PPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.2
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"FF389026-F961-42C5-BACD-B4A3AA73E0F3" = Riverpoint Writer
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"Mozilla Firefox 58.0.1 (x86 en-US)" = Mozilla Firefox 58.0.1 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"VLC media player" = VLC media player
"WinLiveSuite" = Windows Live Essentials
"WRUNINST" = Webroot SecureAnywhere
"Zotero Standalone 4.0.29.10 (x86 en-US)" = Zotero Standalone 4.0.29.10 (x86 en-US)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1597461494-781392241-1313931377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4AFCAFDC-D870-41FA-B9FB-1442B9DAFE76}" = ArcadeFrontier
"AOL Toolbar" = AOL Toolbar
"GoToMeeting" = GoToMeeting 8.22.0.8473
"Octoshape Streaming Services" = Infinite HD™ App
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/12/2018 8:13:04 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/12/2018 8:13:04 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003
 
Error - 3/12/2018 8:13:04 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003
 
Error - 3/12/2018 8:13:05 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/12/2018 8:13:05 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9111
 
Error - 3/12/2018 8:13:05 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9111
 
Error - 3/12/2018 9:58:23 PM | Computer Name = Owner-PC | Source = Application Virtualization Client | ID = 5009
Description = {tid=F94} The Application Virtualization Client could not connect to
 stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7194.5000.sft'
 (rc 24600F0A-10000001, original rc 24600F0A-10000001).
 
Error - 3/12/2018 9:58:23 PM | Computer Name = Owner-PC | Source = CVHSVC | ID = 100
Description = Information only.  Click-2-Run package registration failure.
 
Error - 3/12/2018 10:35:24 PM | Computer Name = Owner-PC | Source = Application Virtualization Client | ID = 5009
Description = {tid=E88} The Application Virtualization Client could not connect to
 stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7194.5000.sft'
 (rc 2460420A-40002EFD, original rc 2460420A-40002EFD).
 
Error - 3/12/2018 10:35:24 PM | Computer Name = Owner-PC | Source = CVHSVC | ID = 100
Description = Information only.  Click-2-Run package registration failure.
 
[ Dell Events ]
Error - 2/12/2011 2:25:37 PM | Computer Name = Owner-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 2/12/2011 2:25:37 PM | Computer Name = Owner-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
[ System Events ]
Error - 3/12/2018 9:54:54 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly.    Module Path: C:\Windows\System32\IWMSSvc.dll

 
Error - 3/12/2018 9:55:05 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly.    Module Path: C:\Windows\System32\IWMSSvc.dll

 
Error - 3/12/2018 9:55:05 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly.    Module Path: C:\Windows\System32\IWMSSvc.dll

 
Error - 3/12/2018 9:55:05 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly.    Module Path: C:\Windows\System32\IWMSSvc.dll

 
Error - 3/12/2018 9:55:09 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7038
Description = The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService
 with the currently configured password due to the following error:   %%50    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 3/12/2018 9:55:09 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
 start due to the following error:   %%1069
 
Error - 3/12/2018 9:56:46 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Service Installer TrueKey service failed to start due to the following
 error:   %%2
 
Error - 3/12/2018 9:57:52 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 3/12/2018 10:33:51 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Service Installer TrueKey service failed to start due to the following
 error:   %%2
 
Error - 3/12/2018 10:35:14 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
 

Link to post
Share on other sites

We will pick this up & finish in the morning ! It's late & my cold is telling me it's bed time !! Sorry

Post the OTL TXT log ! Then i will read through it and pick out the bad things needed removed !!

Thanks

Chuck

Link to post
Share on other sites

OTL Extras logfile created on: 3/12/2018 10:01:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18920)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 34.82% Memory free
7.60 Gb Paging File | 5.00 Gb Available in Paging File | 65.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 364.80 Gb Free Space | 80.88% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1597461494-781392241-1313931377-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{098E3C34-BF13-4F94-ABE9-5BC23604E5B5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{11442C6F-8100-4A07-AA75-061F318D0AFD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{13328537-0EB2-4352-B095-88005C15BE05}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1A31D1A8-B488-4456-A136-F36C028DCF02}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{25E2D511-190B-40E7-91C7-422632DA4EAF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{3131A9C8-B505-4293-8BBC-1069989C70FA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{320A7D1B-A5EF-43F8-9E71-92DE35D2F2A4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{3820754C-A653-4CE1-9BE4-84082E950705}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{38D3188A-3843-47AD-9120-D79C140E86AA}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{38D896A2-7395-4CC3-BBE3-B2D1674AD0A8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3A0B0733-7B98-4552-B400-A43CBA09EA3E}" = lport=7681 | protocol=17 | dir=in | app=c:\program files (x86)\netratingsnetsight\netsight\nielsenonline.exe | 
"{4D21333A-C184-4199-86AE-820039D6C9A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{502E1499-1BC5-4B8A-A627-6E2A7D3C9BE0}" = lport=7681 | protocol=6 | dir=in | app=c:\program files (x86)\netratingsnetsight\netsight\nielsenonline.exe | 
"{52041210-3F1F-4C4E-B2B6-BF2E99F6F4F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{580D4649-5DAE-405D-9069-E9721BC6665D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{6288D0D4-9DF2-4A3F-A495-6B4E346649A1}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{6967A2B1-206B-4719-B1C9-94E85FC6C49E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6A1DB561-0644-4E93-9E6C-38BBBDA59135}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6F7586C4-0582-4D34-BE01-5438B37A4070}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{80E9E7D9-9065-4547-A21C-656082813E6F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{96A6E96F-521A-4D23-A031-658C20F34A7A}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{A5E52565-7166-4AD7-97A2-C2B48CFCF604}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A6E86CA2-349C-4684-B770-8367A2A62C1E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC87C3C1-7CAC-4283-9F52-EC177B6BBD1B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B51FA3FB-8E9D-43AD-B02C-3A3218B577C7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D17BAC51-44D8-4925-B012-11F4B4CAD542}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D6484AF7-88F2-4561-9ED2-C2D73F373C69}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D65E3284-3449-43D8-A39E-D00FC6B069E6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E1C04EA0-EA35-4BFF-B6E7-939A58676623}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{E63CF0B6-30A6-4E0C-B4E9-824D35724A57}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EBCD771A-373D-420D-B7F5-413991AA62D6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{ED4C5C07-0139-4D75-A634-14BF38E65101}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EFB1ACCF-CF1C-44C4-A81C-A5D7C6D9EF55}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F1DDEEC3-05BD-4CEB-B53F-AFD85716C111}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{F7A5D398-4573-4677-AE1D-9AA1ED516750}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DA1986A-38F5-4A96-852A-6B9BA5322398}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\waol.exe | 
"{0E5A6213-6C67-43E0-AFC2-2CBA357A6BD2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0F543CC2-F4B1-47CE-89CC-11F590898983}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{131F9425-468C-45D6-8AE6-AF0A3075EF9D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{14181012-D9D6-4989-8E2E-D9D317115427}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{14BB2696-D015-4478-A7FE-3566AA3673B2}" = protocol=47 | dir=in | app=system | 
"{18CD4B02-B392-4DEB-AEBC-22DD449607BF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1B864239-2014-4C15-AF1C-BB1BA5EF4F40}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\waol.exe | 
"{2230A2F9-E0F6-40DF-A07E-AA10A1BF5FF1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2CB3E6B2-E571-4E9C-8BF8-CBE493C781B1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\microsoft shared\office14\office setup controller\promo.exe | 
"{3038785F-7FD0-4394-9AF8-ABA682760F13}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{310DCEBE-B097-4D41-822F-F8D2CCF0B975}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1381157483\ee\aolsoftware.exe | 
"{3367AED9-0672-4A13-BCC0-A16868F75D2C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 
"{3EEB2FF2-67A7-4DE7-8D19-1783AABFA571}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{4560D4CD-BD66-42A1-BB37-69739C9B63F4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{45B06C23-44C7-4CD4-8BFF-B6471D3D6F9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{47AADAB9-18C3-4B27-A766-6D1AF0E6170E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{486EA874-B73D-452C-8EE7-FC436E10EE54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{49B89D41-96AF-4A9F-AE48-7BF86C165DED}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{4A92EC2B-B350-4078-9B62-9D2167C68C90}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{5137609A-028C-475E-9367-43F5CCFA0F3E}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\aol.exe | 
"{566A2CD8-21B8-4EF1-A92F-B7C1FF594201}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{633FB75D-31DE-49F1-91A8-E4534255571F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{64FF661D-0843-4E32-BD78-02DF2097C17A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6D938D50-49CC-4B72-851B-B8DC71CA54D8}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{71540CF8-2DE2-4976-8A11-BF182C1A2DF8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{769486DC-8DA1-4A94-B042-FD4EB1E1A7B2}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe | 
"{78F16F72-F329-4569-A425-45225A290EAB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{7DAA2BE4-9AE9-44B8-8348-9DDB8CD563F6}" = protocol=58 | dir=out | [email protected],-28546 | 
"{7EE037BF-6F70-4032-8B3B-6ABB702BE1D9}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{80E71FA4-C826-43AD-9FEC-395D5FF1727F}" = protocol=1 | dir=in | [email protected],-28543 | 
"{8589EFD3-41DD-4331-8D7E-53A8DD78E82A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\microsoft shared\office14\office setup controller\promo.exe | 
"{871FEEF0-B4DC-4557-94FE-C69A925A38FD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8758C39D-2D56-475C-8B1D-B2BBF29ACEA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B0366CA-55EA-416E-9E68-AE4F27D8CCB2}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{8B2B1B9C-236D-49C3-8172-F2D2FCEE63F0}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\aol.exe | 
"{8D4F857D-C3B0-481E-9E37-647CAEE16A30}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8FEA3AE8-8195-42DF-B86D-E08F2CDF9DD6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1381157483\ee\aolsoftware.exe | 
"{90587059-0069-4CD1-BFCB-BC1F76B4B069}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{927CC27E-6742-4D66-A12E-AD12776D1C48}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\aolbrowser\aolbrowser.exe | 
"{9306665B-FA35-4DF3-BCA5-6B797ADEA9DD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{954327C4-D1F6-405D-8E4A-AC102F5F5986}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9C4B76BE-FC60-4470-AADA-37F581088ECD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{9EA66A50-83A3-43CA-9768-6D318F521325}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{A0B24491-32B7-4ACD-80F8-19D563A2D233}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 
"{A32A3C63-14C4-4814-AA41-82A962286CB6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 
"{AC8885D6-F39A-4569-BD2F-3302D89C43E8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B1700E46-C58C-44BD-9D53-CB3FA42EA027}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 
"{B828315E-50AE-47F8-B4BB-85DB837D3D49}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{BE5E6988-31D3-44A5-B65F-23887E67FB23}" = protocol=6 | dir=out | app=system | 
"{C14D40B3-FF11-4699-A2F8-36D40412C5DE}" = protocol=47 | dir=out | app=system | 
"{C15B4281-AC03-401E-9BE1-B5A28D992D54}" = protocol=1 | dir=out | [email protected],-28544 | 
"{D2D32BFB-8F14-40F3-AB49-D82C391209AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D696B509-C476-42AA-B03C-E5902042092E}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe | 
"{D87EF9B6-9B86-4A72-BE6D-C9437F3A91DC}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{DA8B3ADE-2E5A-4C3A-80F3-1D429591461C}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7a\aolbrowser\aolbrowser.exe | 
"{E0ABA90E-1736-4ADD-8C9E-7C305901EBF3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EBBB1B62-7660-44B0-AD65-E6F03305E986}" = protocol=58 | dir=in | [email protected],-28545 | 
"{ED603EF1-3A14-4F4F-A603-4E85DDA7ADCE}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | 
"{F7525877-CF6E-43B9-8F9F-6AEA1B808296}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe | 
"{FD9CD8F4-B1DB-40B0-9A39-B40CECCB156A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{FEB2A381-EB83-463E-AD59-44BE28857C03}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe | 
"TCP Query User{57976E31-CACF-492B-9A8C-D68B7B15B5E4}C:\users\owner\appdata\local\directv player\ndspcshowserver.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\directv player\ndspcshowserver.exe | 
"TCP Query User{7B189598-0BB0-4D62-B40F-72C71B21055F}C:\program files (x86)\ibm\spss\statistics\21\stats.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\21\stats.exe | 
"TCP Query User{C400F978-B65B-48D6-B658-046E6DA662B6}C:\users\owner\appdata\local\directv player\ndspcshowserver.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\directv player\ndspcshowserver.exe | 
"TCP Query User{D50BDB1D-995C-4B9E-9E5A-74CA94E94D51}C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe | 
"TCP Query User{F07B72F1-E786-4938-B0C4-FF150D595F26}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{F84BBA71-3B4D-4F19-8E03-195B44B07A42}C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe | 
"UDP Query User{29296940-3AD6-4D2B-AA3A-C7C555ED2AF1}C:\users\owner\appdata\local\directv player\ndspcshowserver.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\directv player\ndspcshowserver.exe | 
"UDP Query User{4158B9A6-7BB7-494A-8AF5-1B98D8DD1562}C:\program files (x86)\ibm\spss\statistics\21\stats.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\21\stats.exe | 
"UDP Query User{7FACC56C-5603-456F-AD23-70DE4AD74FC5}C:\users\owner\appdata\local\directv player\ndspcshowserver.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\directv player\ndspcshowserver.exe | 
"UDP Query User{895BE6B0-74A5-40A7-9D98-5BAADA3F8757}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{CE4A71C4-63DC-41D1-95E6-640866FD11C8}C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe | 
"UDP Query User{F86D30A1-EF8B-4BBB-A345-7FE33694CC67}C:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ibm\spss\statistics\21\jre\bin\javaw.exe | 
 

Link to post
Share on other sites

========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2937FD88-C9D6-4B82-B539-37CD0A572F42}" = Apple Application Support (64-bit)
"{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}" = Apple Mobile Device Support
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes version 3.4.4.2398
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.7.1
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A31C5565-90D9-4615-AE13-94D86C3836C7}" = iTunes
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BF8D7372-5200-4EC7-9FB0-5398D108F81C}" = Intel(R) Wireless Display
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E0C7523C-686B-3EE6-8FB1-CB4339E30EDD}" = Microsoft .NET Framework 4.7.1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04f0c8c0-e0c8-4292-8676-db9174655d7a}" = DIRECTV Player
"{04FED4B6-2CD9-4D93-AACA-6FD1F18EA380}" = Kaltura CaptureSpace Desktop Recorder
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}" = Citrix Online Launcher
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}" = IBM SPSS Statistics 21
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0
"{26A24AE4-039D-4CA4-87B4-2F32180161F0}" = Java 8 Update 161
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3365E735-48A6-4194-9988-CE59AC5AE503}" = Bing Bar
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35DAA04C-1720-4BE3-A920-A03731EC6A1D}" = Google Earth Pro
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{56EC47AA-5813-4FF6-8E75-544026FBEA83}" = Apple Software Update
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81F1C6DE-C053-4C6C-9DE8-ED23D28FA9AB}" = Cozi
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{8C9AA2C1-D07A-48E8-9DD8-471A072947F4}" = Adobe AIR
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-0804-1033-1959-001824265200}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F6430171-B86B-4639-839E-374913E7911D}" = Google Earth
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F9B579C2-D854-300A-BE62-A09EB9D722E4}" = Google Talk Plugin
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}" = Apple Application Support (32-bit)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 28 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 28 NPAPI
"Adobe Flash Player PPAPI" = Adobe Flash Player 28 PPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.2
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"FF389026-F961-42C5-BACD-B4A3AA73E0F3" = Riverpoint Writer
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"Mozilla Firefox 58.0.1 (x86 en-US)" = Mozilla Firefox 58.0.1 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"VLC media player" = VLC media player
"WinLiveSuite" = Windows Live Essentials
"WRUNINST" = Webroot SecureAnywhere
"Zotero Standalone 4.0.29.10 (x86 en-US)" = Zotero Standalone 4.0.29.10 (x86 en-US)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1597461494-781392241-1313931377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4AFCAFDC-D870-41FA-B9FB-1442B9DAFE76}" = ArcadeFrontier
"AOL Toolbar" = AOL Toolbar
"GoToMeeting" = GoToMeeting 8.22.0.8473
"Octoshape Streaming Services" = Infinite HD™ App
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/12/2018 8:13:04 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/12/2018 8:13:04 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003
 
Error - 3/12/2018 8:13:04 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003
 
Error - 3/12/2018 8:13:05 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 3/12/2018 8:13:05 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9111
 
Error - 3/12/2018 8:13:05 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9111
 
Error - 3/12/2018 9:58:23 PM | Computer Name = Owner-PC | Source = Application Virtualization Client | ID = 5009
Description = {tid=F94} The Application Virtualization Client could not connect to
 stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7194.5000.sft'
 (rc 24600F0A-10000001, original rc 24600F0A-10000001).
 
Error - 3/12/2018 9:58:23 PM | Computer Name = Owner-PC | Source = CVHSVC | ID = 100
Description = Information only.  Click-2-Run package registration failure.
 
Error - 3/12/2018 10:35:24 PM | Computer Name = Owner-PC | Source = Application Virtualization Client | ID = 5009
Description = {tid=E88} The Application Virtualization Client could not connect to
 stream URL 'http://c2r.microsoft.com/ConsumerC2R/en-us/14.0.4763.1000/ConsumerC2R.en-us_14.0.7194.5000.sft'
 (rc 2460420A-40002EFD, original rc 2460420A-40002EFD).
 
Error - 3/12/2018 10:35:24 PM | Computer Name = Owner-PC | Source = CVHSVC | ID = 100
Description = Information only.  Click-2-Run package registration failure.
 
[ Dell Events ]
Error - 2/12/2011 2:25:37 PM | Computer Name = Owner-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
Error - 2/12/2011 2:25:37 PM | Computer Name = Owner-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
 
[ System Events ]
Error - 3/12/2018 9:54:54 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly.    Module Path: C:\Windows\System32\IWMSSvc.dll

 
Error - 3/12/2018 9:55:05 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly.    Module Path: C:\Windows\System32\IWMSSvc.dll

 
Error - 3/12/2018 9:55:05 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly.    Module Path: C:\Windows\System32\IWMSSvc.dll

 
Error - 3/12/2018 9:55:05 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description = WLAN Extensibility Module has stopped unexpectedly.    Module Path: C:\Windows\System32\IWMSSvc.dll

 
Error - 3/12/2018 9:55:09 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7038
Description = The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService
 with the currently configured password due to the following error:   %%50    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 3/12/2018 9:55:09 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
 start due to the following error:   %%1069
 
Error - 3/12/2018 9:56:46 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Service Installer TrueKey service failed to start due to the following
 error:   %%2
 
Error - 3/12/2018 9:57:52 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 3/12/2018 10:33:51 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Service Installer TrueKey service failed to start due to the following
 error:   %%2
 
Error - 3/12/2018 10:35:14 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
 

Link to post
Share on other sites

OTL logfile created on: 3/12/2018 10:01:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18920)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 34.82% Memory free
7.60 Gb Paging File | 5.00 Gb Available in Paging File | 65.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 364.80 Gb Free Space | 80.88% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2018/03/12 20:43:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.scr
PRC - [2018/02/26 22:50:04 | 001,883,136 | ---- | M] (Webroot) -- C:\ProgramData\WRData\PKG\npwebroot.exe
PRC - [2018/02/26 22:47:31 | 001,252,856 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2018/02/22 15:02:18 | 003,676,960 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
PRC - [2018/02/09 19:02:50 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/08/23 13:06:14 | 001,632,752 | ---- | M] (Cisco) -- C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
PRC - [2015/08/23 13:06:14 | 001,384,416 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
PRC - [2014/10/08 18:18:56 | 000,211,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2014/10/08 18:18:50 | 000,534,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2014/08/01 06:43:43 | 000,500,016 | ---- | M] (Octoshape ApS) -- C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2014/03/12 00:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
PRC - [2010/08/20 01:53:00 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/03/08 01:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1381157483\ee\aolsoftware.exe
PRC - [2009/09/30 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/08/23 13:06:20 | 001,404,376 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\libxml2-2.dll
MOD - [2015/08/23 13:06:20 | 000,340,440 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\ndsLogStore.dll
MOD - [2015/08/23 13:06:20 | 000,093,128 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\z.dll
MOD - [2015/08/23 13:06:18 | 000,690,152 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
MOD - [2015/08/23 13:06:16 | 008,347,104 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\gsttspplugin.dll
MOD - [2015/08/23 13:06:14 | 011,424,224 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServer.dll
MOD - [2015/08/23 13:06:14 | 001,384,416 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
MOD - [2015/08/23 13:06:12 | 003,301,344 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\DrmSingleton.dll
MOD - [2015/08/23 13:06:12 | 002,101,224 | ---- | M] () -- C:\Users\Owner\AppData\Local\DIRECTV Player\DiscoveryManager.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -- (InstallerService)
SRV:64bit: - [2018/03/03 08:53:16 | 006,440,736 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV:64bit: - [2018/02/26 22:47:31 | 001,252,856 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV:64bit: - [2018/02/10 01:06:41 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2016/08/22 10:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/03/05 11:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 11:07:58 | 000,340,240 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 11:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/11/17 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/11/02 12:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2018/02/09 19:02:50 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2018/02/06 23:14:11 | 000,272,384 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2018/01/28 14:58:59 | 000,174,544 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017/10/04 02:21:36 | 000,107,624 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/10/08 18:18:56 | 000,211,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2014/10/08 18:18:50 | 000,534,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/03/12 00:36:06 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE -- (BBUpdate)
SRV - [2014/03/12 00:36:06 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/12/11 15:05:20 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist)
SRV - [2010/08/20 01:53:00 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/09/30 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/23 16:02:42 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2006/10/23 06:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2018/03/12 20:34:17 | 000,109,800 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\farflt.sys -- (MBAMFarflt)
DRV:64bit: - [2018/03/12 20:34:17 | 000,092,280 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebProtection)
DRV:64bit: - [2018/03/12 20:34:16 | 000,045,960 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtection)
DRV:64bit: - [2018/03/12 20:10:33 | 000,193,248 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\MbamChameleon.sys -- (MBAMChameleon)
DRV:64bit: - [2018/03/12 20:10:21 | 000,253,664 | ---- | M] (Malwarebytes) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2018/02/26 22:47:45 | 000,068,384 | ---- | M] (Webroot) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wrUrlFlt.sys -- (wrUrlFlt)
DRV:64bit: - [2018/02/26 22:47:35 | 000,144,256 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
DRV:64bit: - [2018/01/18 09:03:38 | 000,076,200 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mbae64.sys -- (ESProtectionDriver)
DRV:64bit: - [2014/10/08 18:18:54 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2014/10/08 18:18:54 | 000,029,352 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2014/10/08 18:18:54 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2014/10/08 18:18:50 | 000,766,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/10/01 20:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/02/11 22:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 03:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2011/02/14 03:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2011/02/14 03:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/19 23:40:38 | 010,603,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 09:15:54 | 000,287,232 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/04/05 20:18:30 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/03/17 23:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/11/02 12:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/13 04:00:20 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/16 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/24 00:13:02 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/07/23 12:57:48 | 000,018,792 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009/07/16 21:14:12 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/02 08:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/02 08:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/02 08:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/02 08:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/29 16:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========

Link to post
Share on other sites

========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-0ee16916
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{3F11430D-8047-4AFE-BF1B-FFDA8D860E6D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-0ee16916
IE - HKLM\..\SearchScopes,DefaultScope = {B1F051B2-6C59-42D0-9C3C-1B2DF9EC981B}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{E714BD68-86C7-4FB4-A747-C7B61E962FC4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1597461494-781392241-1313931377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1597461494-781392241-1313931377-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://aol.com/
IE - HKU\S-1-5-21-1597461494-781392241-1313931377-1000\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKU\S-1-5-21-1597461494-781392241-1313931377-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0ee16916&q={searchTerms}
IE - HKU\S-1-5-21-1597461494-781392241-1313931377-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1597461494-781392241-1313931377-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.cohort: "nov17-2"
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.widget.inNavBar: true
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.161.2: C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.161.2: C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1702150-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter5\FirefoxAddOns\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\WRData\PKG\FF_WEBEX [2018/02/26 22:47:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 58.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 58.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2016/02/04 23:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2018/01/16 21:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\SystemExtensionsDev
[2017/10/17 22:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\browser-extension-data
[2017/10/17 22:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\browser-extension-data\[email protected]
[2017/10/17 22:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\browser-extension-data\[email protected]
[2018/02/26 22:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\extensions
[2018/02/26 22:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}
[2018/02/26 22:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}\images\vault_4.0\extension
[2017/10/17 22:55:09 | 000,132,293 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\q3uh44w4.default-1495774073513-1504139498129\features\{a1f5e37f-04a4-46be-bb6e-0540d20ab7f2}\[email protected]
[2017/08/30 18:40:50 | 000,329,275 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\q3uh44w4.default-1495774073513-1504139498129\features\{f7b25f55-57e7-4950-8053-2ae32fd34cfe}\[email protected]
[2018/01/31 22:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\3.0.81_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen\14.830.1502_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd\1.6.0.13_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc\4.1.34_1\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6417.1211.0.0_0\
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll (Webroot)
O2:64bit: - BHO: (Webroot Filtering Extension) - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll (Webroot)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot)
O2 - BHO: (Webroot Filtering Extension) - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll (Webroot)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll (Webroot)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot)
O3 - HKLM\..\Toolbar: (no name) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1597461494-781392241-1313931377-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1381157483\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1597461494-781392241-1313931377-1000..\Run: [Google Update] C:\Users\Owner\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe (Google Inc.)
O4 - HKU\S-1-5-21-1597461494-781392241-1313931377-1000..\Run: [Octoshape Streaming Services] C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\S-1-5-21-1597461494-781392241-1313931377-1000..\Run: [PCShowServer] C:\Users\Owner\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (Cisco)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1597461494-781392241-1313931377-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar64.dll (Webroot)
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar64.dll (Webroot)
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot)
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\PKG\LPBar.dll (Webroot)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1597461494-781392241-1313931377-1000\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D5A0D21-350C-42DA-B18A-C42E7C7318B1}: NameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B140487D-3D07-48A7-B15D-9F165829EBDE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D66BA528-AA13-4635-A4E2-21D0ACEB7517}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\896\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{3ee30e66-4acf-11e3-ab31-c0cb38b3f14c}\Shell - "" = AutoRun
O33 - MountPoints2\{3ee30e66-4acf-11e3-ab31-c0cb38b3f14c}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant_installer.exe
O33 - MountPoints2\{685917da-73a1-11e0-9f5d-c0cb38b3f14c}\Shell - "" = AutoRun
O33 - MountPoints2\{685917da-73a1-11e0-9f5d-c0cb38b3f14c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{a68150a2-3f46-11e3-865d-c0cb38b3f14c}\Shell - "" = AutoRun
O33 - MountPoints2\{a68150a2-3f46-11e3-865d-c0cb38b3f14c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{aee570b3-bcc8-11e3-9bd1-c0cb38b3f14c}\Shell - "" = AutoRun
O33 - MountPoints2\{aee570b3-bcc8-11e3-9bd1-c0cb38b3f14c}\Shell\AutoRun\command - "" = E:\VerizonSWUpgradeAssistantLauncher.exe
O33 - MountPoints2\{bd21952b-0615-11e1-9b1b-c0cb38b3f14c}\Shell - "" = AutoRun
O33 - MountPoints2\{bd21952b-0615-11e1-9b1b-c0cb38b3f14c}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O33 - MountPoints2\{cc135128-e323-11e1-9f01-f04da259ac8d}\Shell - "" = AutoRun
O33 - MountPoints2\{cc135128-e323-11e1-9f01-f04da259ac8d}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O33 - MountPoints2\{ef51bbbf-12ad-11e3-b596-c0cb38b3f14c}\Shell - "" = AutoRun
O33 - MountPoints2\{ef51bbbf-12ad-11e3-b596-c0cb38b3f14c}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2018/03/12 20:34:16 | 000,045,960 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2018/03/12 20:10:38 | 000,109,800 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2018/03/12 20:10:38 | 000,092,280 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2018/03/12 20:10:33 | 000,193,248 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys
[2018/03/12 20:10:21 | 000,253,664 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2018/03/12 20:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2018/03/12 20:09:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2018/03/12 20:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2018/03/12 20:09:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
[2018/03/02 23:06:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Kaltura
[2018/02/26 22:49:51 | 018,102,328 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[2018/02/26 22:49:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\lptmp
[2018/02/26 22:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Webroot
[2018/02/26 22:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Webroot
[2018/02/26 22:47:46 | 000,068,384 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\wrUrlFlt.sys
[2018/02/26 22:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
[2018/02/26 22:47:35 | 000,182,704 | ---- | C] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2018/02/26 22:47:35 | 000,144,256 | ---- | C] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2018/02/26 22:47:35 | 000,115,248 | ---- | C] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[2018/02/26 22:47:31 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2018/02/26 22:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData
[2018/02/18 22:51:24 | 005,782,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2018/02/18 22:51:24 | 005,581,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2018/02/18 22:51:22 | 004,834,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xpsrchvw.exe
[2018/02/18 22:51:22 | 004,014,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2018/02/18 22:51:22 | 001,665,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2018/02/18 22:51:21 | 003,959,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2018/02/18 22:51:20 | 001,484,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2018/02/18 22:51:20 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2018/02/18 22:51:20 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2018/02/18 22:51:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2018/02/18 22:51:19 | 003,405,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xpsrchvw.exe
[2018/02/18 22:51:19 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2018/02/18 22:51:19 | 000,708,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2018/02/18 22:51:19 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2018/02/18 22:51:19 | 000,631,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2018/02/18 22:51:19 | 000,577,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2018/02/18 22:51:18 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2018/02/18 22:51:18 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2018/02/18 22:51:18 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2018/02/18 22:51:17 | 002,058,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2018/02/18 22:51:17 | 000,807,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2018/02/18 22:51:17 | 000,404,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wisptis.exe
[2018/02/18 22:51:17 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2018/02/18 22:51:17 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSCard.dll
[2018/02/18 22:51:17 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2018/02/18 22:51:16 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2018/02/18 22:51:16 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2018/02/18 22:51:16 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2018/02/18 22:51:16 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2018/02/18 22:51:16 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2018/02/18 22:51:16 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2018/02/18 22:51:16 | 000,377,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2018/02/18 22:51:16 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2018/02/18 22:51:16 | 000,262,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll
[2018/02/18 22:51:16 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2018/02/18 22:51:16 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2018/02/18 22:51:16 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2018/02/18 22:51:16 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2018/02/18 22:51:16 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2018/02/18 22:51:16 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2018/02/18 22:51:15 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2018/02/18 22:51:15 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2018/02/18 22:51:15 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2018/02/18 22:51:15 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcrypt.dll
[2018/02/18 22:51:14 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2018/02/18 22:51:14 | 000,969,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2018/02/18 22:51:14 | 000,287,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2018/02/18 22:51:13 | 000,383,720 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2018/02/18 22:51:13 | 000,309,480 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2018/02/18 22:51:13 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2018/02/18 22:51:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2018/02/18 22:51:13 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2018/02/18 22:51:13 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2018/02/18 22:51:13 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2018/02/18 22:51:13 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2018/02/18 22:51:13 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2018/02/18 22:51:13 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2018/02/18 22:51:13 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2018/02/18 22:51:13 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2018/02/18 22:51:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2018/02/18 22:51:13 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2018/02/18 22:51:13 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2018/02/18 22:51:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2018/02/18 22:51:13 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2018/02/18 22:51:12 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2018/02/18 22:51:12 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2018/02/18 22:51:12 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2018/02/18 22:51:12 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2018/02/18 22:51:12 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2018/02/18 22:51:12 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2018/02/18 22:51:12 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2018/02/18 22:51:12 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2018/02/18 22:51:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2018/02/18 22:51:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2018/02/18 22:51:11 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2018/02/18 22:51:11 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2018/02/18 22:51:11 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2018/02/18 22:51:11 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2018/02/18 22:51:11 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2018/02/18 22:51:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2018/02/18 22:51:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2018/02/18 22:51:10 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2018/02/18 22:51:10 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2018/02/18 22:51:10 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2018/02/18 22:51:10 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2018/02/18 22:51:10 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2018/02/18 22:51:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2018/02/18 22:51:09 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2018/02/18 22:51:09 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2018/02/18 22:51:09 | 000,417,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2018/02/18 22:51:09 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2018/02/18 22:51:09 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2018/02/18 22:51:09 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2018/02/18 22:51:09 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2018/02/18 22:51:09 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2018/02/18 22:51:09 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2018/02/18 22:51:09 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2018/02/18 22:51:09 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2018/02/18 22:51:09 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2018/02/18 22:51:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2018/02/18 22:51:09 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2018/02/18 22:51:09 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2018/02/18 22:51:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2018/02/18 22:51:09 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2018/02/18 22:51:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2018/02/18 22:51:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2018/02/18 22:51:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2018/02/18 22:51:09 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2018/02/18 22:51:08 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2018/02/18 22:51:08 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2018/02/18 22:51:08 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2018/02/18 22:51:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2018/02/18 22:51:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2018/02/18 22:51:08 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2018/02/18 22:51:08 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2018/02/18 22:51:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2018/02/18 22:51:08 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2018/02/18 22:51:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2018/02/18 22:51:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2018/02/18 22:51:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2018/02/18 22:51:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2018/02/18 22:51:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2018/02/18 22:51:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2018/02/18 22:51:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2018/02/18 22:51:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2018/02/18 22:51:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2018/02/18 22:51:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2018/02/18 22:51:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2018/02/18 22:51:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2018/02/18 22:51:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2018/02/18 22:51:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2018/02/18 22:51:07 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2018/02/18 22:51:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2018/02/18 22:51:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2018/02/18 22:51:06 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2018/02/18 22:51:06 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2018/02/18 22:51:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2018/02/18 22:51:06 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2018/02/18 22:51:06 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2018/02/18 22:51:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2018/02/18 22:51:05 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2018/02/18 22:51:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2018/02/18 22:27:34 | 001,569,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2018/02/18 22:27:34 | 000,749,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2018/02/18 22:27:34 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2018/02/18 22:27:34 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2018/02/18 22:27:34 | 000,450,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\centel.dll
[2018/02/18 22:27:34 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2018/02/18 22:27:34 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2018/02/18 22:27:33 | 001,994,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe
[2018/02/18 22:27:33 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2018/02/18 22:27:33 | 000,136,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[3 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[13 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2018/03/12 21:19:04 | 000,000,534 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1597461494-781392241-1313931377-1000.job
[2018/03/12 20:46:01 | 000,000,630 | ---- | M] () -- C:\Windows\tasks\G2MUploadTask-S-1-5-21-1597461494-781392241-1313931377-1000.job
[2018/03/12 20:42:33 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2018/03/12 20:42:33 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2018/03/12 20:39:37 | 000,783,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2018/03/12 20:39:37 | 000,663,132 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2018/03/12 20:39:37 | 000,122,710 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2018/03/12 20:34:17 | 000,109,800 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2018/03/12 20:34:17 | 000,092,280 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2018/03/12 20:34:16 | 000,045,960 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2018/03/12 20:33:42 | 000,182,704 | ---- | M] (Webroot) -- C:\Windows\SysWow64\WRusr.dll
[2018/03/12 20:33:42 | 000,115,248 | ---- | M] (Webroot) -- C:\Windows\SysNative\WRusr.dll
[2018/03/12 20:33:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2018/03/12 20:33:18 | 3061,219,328 | -HS- | M] () -- C:\hiberfil.sys
[2018/03/12 20:10:33 | 000,193,248 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys
[2018/03/12 20:10:21 | 000,253,664 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2018/03/12 20:09:54 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2018/03/02 23:11:26 | 531,531,892 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2018/03/02 23:07:03 | 000,003,051 | ---- | M] () -- C:\Users\Owner\Desktop\Kaltura CaptureSpace Desktop Recorder.lnk
[2018/02/27 22:40:15 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2018/02/26 22:50:04 | 000,002,240 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
[2018/02/26 22:49:59 | 018,102,328 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[2018/02/26 22:49:52 | 000,002,240 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
[2018/02/26 22:47:45 | 000,068,384 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\wrUrlFlt.sys
[2018/02/26 22:47:35 | 000,144,256 | ---- | M] (Webroot) -- C:\Windows\SysNative\drivers\WRkrn.sys
[2018/02/18 23:25:12 | 000,338,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2018/02/18 23:02:52 | 130,067,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MRT-KB890830.exe
[2018/02/18 22:58:15 | 000,776,146 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[3 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[13 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2018/03/12 20:09:54 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2018/03/12 20:09:51 | 000,076,200 | ---- | C] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2018/03/02 23:07:03 | 000,003,051 | ---- | C] () -- C:\Users\Owner\Desktop\Kaltura CaptureSpace Desktop Recorder.lnk
[2018/03/02 23:07:03 | 000,003,011 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaltura CaptureSpace Desktop Recorder.lnk
[2018/02/26 22:50:04 | 000,002,240 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk
[2018/02/26 22:49:52 | 000,002,240 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
[2017/08/28 20:11:23 | 000,518,144 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2017/02/28 23:28:12 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2017/02/28 23:28:12 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2014/11/22 07:43:51 | 000,000,002 | ---- | C] () -- C:\Users\Owner\AppData\Local\DSI.DAT
[2014/11/19 21:40:01 | 000,000,238 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\WB.CFG
[2013/12/11 15:05:07 | 000,103,832 | ---- | C] () -- C:\Users\Owner\GoToAssistDownloadHelper.exe
[2012/07/09 15:40:22 | 000,000,017 | ---- | C] () -- C:\Users\Owner\AppData\Local\resmon.resmoncfg
[2012/03/14 10:30:15 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2011/06/14 14:44:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/07 11:11:45 | 000,005,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2016/11/05 23:07:42 | 000,000,000 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1597461494-781392241-1313931377-1000\$RHTGBZ9\l
[2017/01/13 23:18:38 | 000,000,035 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1597461494-781392241-1313931377-1000\$RI8MS8X\n
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2017/12/31 20:18:30 | 014,183,936 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2017/12/31 20:00:12 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Purity Check ==========
 
 

< End of report >
 

Link to post
Share on other sites

Ok, I think I got it this time.  Thank you so much for your help here.  I have had a really tough winter, lost two family members, and this is just one more thing I can check off my list now.  I work tomorrow until 6:00 pm but will log back in here when I get home to see if we can finish this up.  Again I really do appreciate the help.

Barb

 

 

 

Link to post
Share on other sites

Sorry to hear about the passing of your family members !!

Yep ...... that's what i needed now to earn my title as Malware Removal Specialist !!! I will read through it and type up a Fix !!!

Chuck

Link to post
Share on other sites

What a cold this is going around, anyway here is the fix !!

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the http://img.photobucket.com/albums/v317/flashh4/Paste OTL script here.png text box of the OTL tool/program ! Start with and include the colon plus  :OTL
Copy everthing in RED and Paste into the box in the OTL program !!
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{3F11430D-8047-4AFE-BF1B-FFDA8D860E6D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {B1F051B2-6C59-42D0-9C3C-1B2DF9EC981B}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{E714BD68-86C7-4FB4-A747-C7B61E962FC4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKU\S-1-5-21-1597461494-781392241-1313931377-1000\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKU\S-1-5-21-1597461494-781392241-1313931377-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0ee16916&q={searchTerms}
IE - HKU\S-1-5-21-1597461494-781392241-1313931377-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2016/02/04 23:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2018/01/16 21:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\SystemExtensionsDev
[2017/10/17 22:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\browser-extension-data
[2017/10/17 22:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\browser-extension-data\[email protected]
[2017/10/17 22:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\browser-extension-data\[email protected]
[2018/02/26 22:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\extensions
[2018/02/26 22:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}
[2018/02/26 22:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}\images\vault_4.0\extension
[2017/10/17 22:55:09 | 000,132,293 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\q3uh44w4.default-1495774073513-1504139498129\features\{a1f5e37f-04a4-46be-bb6e-0540d20ab7f2}\[email protected]
[2017/08/30 18:40:50 | 000,329,275 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\q3uh44w4.default-1495774073513-1504139498129\features\{f7b25f55-57e7-4950-8053-2ae32fd34cfe}\[email protected]
[2018/01/31 22:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\3.0.81_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen\14.830.1502_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd\1.6.0.13_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc\4.1.34_1\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6417.1211.0.0_0\
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - No CLSID value found.
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

 

:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]


# Then click the Run Fix button at the top.
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

Post that log next !
Thanks
Chuck

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.