Inactive-A Various spyware/malware

Status
Not open for further replies.
B

beebs

Posts: 18   +0
Hi there,

Doing this for a friend who is not the most computer literate!

Just gone through the following steps and will be posting the logs here. Computer is very slow and various malware/spyware has slowed this down over time to the point it's takes ages just to open a page on IE. It's taken almost 20 mins just to download the FRST file! Running the FRST scan now, logs below. Hope you will be able to help out!

Thanks!!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Peter (administrator) on WORK-PC (18-12-2016 14:52:51)
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McT243F.tmp
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(© 2015 Microsoft Corporation) C:\Users\Peter\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1199576 2013-01-30] (Spotify Ltd)
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1958248 2015-11-20] (TomTom)
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\Run: [BingSvc] => C:\Users\Peter\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-20] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\Run: [Chromium] => c:\users\peter\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\RunOnce: [Uninstall C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\RunOnce: [UpdateTask] => [X]
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-12-10]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.469\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{142be7b7-461e-4339-9693-8a23183302ac}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{368b7966-86b7-4cf5-84e2-6addc12ace1a}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKU\S-1-5-21-2547263580-2819482140-900026014-1001 -> DefaultScope {BCC2C1F3-CA8A-4078-8ED8-7C9C554515B6} URL =
SearchScopes: HKU\S-1-5-21-2547263580-2819482140-900026014-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_popjar_16_32_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0CtDyDtDyByEtDtDyBtCyByBtCtA0BtN0D0Tzu0StCyCzzyCtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0EzytDyC0E0EtDtGyD0FtB0FtG0DtCyDzztGyC0FtCtBtGtByC0CyCyBzyzyyDzy0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0AtDzztA0DtC0BtGtAzz0FtBtGyEyBtAtBtGzy0D0AyEtG0CyDtB0F0F0EyC0CyC0FtB0B2QtN0A0LzuyE%26cr%3D1517793009%26a%3Dwnf_popjar_16_32_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2547263580-2819482140-900026014-1001 -> {BCC2C1F3-CA8A-4078-8ED8-7C9C554515B6} URL =
SearchScopes: HKU\S-1-5-21-2547263580-2819482140-900026014-1001 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-00777ad5&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-10-02] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-10-02] (Oracle Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2016-10-02] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2016-10-02] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security)
Toolbar: HKU\S-1-5-21-2547263580-2819482140-900026014-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-07-02] (Microsoft Corporation)
Handler-x32: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - C:\Users\Peter\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-05-11] (Microsoft Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2015-10-30] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2015-10-30] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0f56j65c.default
FF NewTab: hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFcRdF1eVl9GDFYadgEVVVgSFRgaJQhcTFhBEFQWJg1aUQ1ARBNBNARaB0tXUUEeGGlxR1dMZlBNJUtXFEo1RFRP
FF DefaultSearchEngine: Yahoo! Powered
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Yahoo! Powered
FF Homepage: hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=en-gb
hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghBcg1cBw4XFhhAeQ8ATA0QQgEOeVwJBRQQEQRCdV8MAwlFEFAFIk0FA18DB0VXfWFoKB8fHHJGLlxKDkwCZVBCLA==
FF Keyword.URL: user_pref("keyword.URL", true);
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-10] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-10-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-10-02] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin64.dll [2014-11-03] (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-10] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2016-10-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2016-10-02] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-02] (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin.dll [2014-11-03] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2547263580-2819482140-900026014-1001: @microsoft.com/Office on Demand;version=1 -> C:\Users\Peter\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll [2012-11-10] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0f56j65c.default\searchplugins\yahoo! powered.xml [2016-08-13]
FF SearchPlugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0f56j65c.default\searchplugins\yahoo-lavasoft.xml [2016-03-28]
FF Extension: Bing Search - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0f56j65c.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-01-20]
FF Extension: NewTabTV Extension - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0f56j65c.default\Extensions\NewTabTV-the-extension@mozilla.com.xpi [2015-09-12]
FF Extension: Search Powered by Yahoo Engine - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0f56j65c.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-10-02]
FF Extension: Generous Deal - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0f56j65c.default\Extensions\{6a3cec1b-b44c-4a51-8da6-4a3d012319bd}.xpi [2016-03-25]
FF Extension: Adblock Plus - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0f56j65c.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-02]
FF Extension: Search for Firefox - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0f56j65c.default\Extensions\{de71f09a-3342-48c5-95c1-4b0f17567554}.xpi [2016-08-27]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-11-19]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Users\Peter\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL => No File
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-03]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-03]
CHR Extension: (Rapport) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-12-26]
CHR Extension: (InboxAce) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlijlfhiafecphlajcellfblbfelapo [2015-11-23]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-03]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-03]
CHR Extension: (Bing) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-01-22]
CHR Extension: (Google Docs Offline) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-12]
CHR Extension: (ListingsPortal) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb [2016-04-07]
CHR Extension: (Skype) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-22]
CHR Extension: (CouponXplorer) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\magdmbkcibdnnfmnamahibddledomccn [2015-11-23]
CHR Extension: (InboxAce) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\milikiamccfkhchpiiigkebcobekbiln [2015-11-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-08]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-03]
CHR Extension: (Chrome Media Router) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-26]
CHR HKU\S-1-5-21-2547263580-2819482140-900026014-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2547263580-2819482140-900026014-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0191801481579227mcinstcleanup; C:\WINDOWS\TEMP\019180~1.EXE [922152 2016-03-02] (McAfee, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.469\McCHSvc.exe [329480 2016-12-02] (McAfee, Inc.)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52736 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1026d536; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1026d536; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_10b3b7a9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_10b3b7a9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_117a9099; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_117a9099; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_12845f7c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_12845f7c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_12fc6ab; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_12fc6ab; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_13f88757; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_13f88757; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1426f14; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1426f14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_15130bd9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_15130bd9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_15953e28; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_15953e28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_15a1d8a5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_15a1d8a5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_16a3476d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_16a3476d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_17041484; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_17041484; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_172e3a14; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_172e3a14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1921c841; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1921c841; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1950c519; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1950c519; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1a4f6ebb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1a4f6ebb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1a7f0a6a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1a7f0a6a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1ae7c8d2; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1ae7c8d2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1b83de28; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1b83de28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1c8cb31a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1c8cb31a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1cc41a23; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1cc41a23; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1cf07dac; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1cf07dac; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1d1fe8ed; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1d1fe8ed; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1ef542; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1ef542; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_20a9ab5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_20a9ab5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_2d39e1c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_2d39e1c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_315df53; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_315df53; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_354fb6c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_354fb6c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3b5eb31; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3b5eb31; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3bd510b8; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3bd510b8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3dead5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3dead5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3e124; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3e124; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_4085a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_4085a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_44af1; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_44af1; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_451f5d5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_451f5d5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_482f322; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_482f322; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_55b5c47; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_55b5c47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 MessagingService_77b4cea; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 MessagingService_77b4cea; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_79d8f4d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_79d8f4d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_7cd198f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_7cd198f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_8719761; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_8719761; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_8806fb8; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_8806fb8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_94313cb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_94313cb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_9bfe701; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_9bfe701; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_9df135e; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_9df135e; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_b120a08; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_b120a08; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_b75e27c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_b75e27c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_b8cfcf; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_b8cfcf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_d5a0659; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_d5a0659; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_e7cccdf; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_e7cccdf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_ecf0c86; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_ecf0c86; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_fa63f27; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_fa63f27; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1026d536; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1026d536; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_10b3b7a9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_10b3b7a9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_117a9099; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_117a9099; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_12845f7c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_12845f7c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_12fc6ab; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_12fc6ab; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_13f88757; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_13f88757; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1426f14; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1426f14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_15130bd9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_15130bd9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_15953e28; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_15953e28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_15a1d8a5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_15a1d8a5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_16a3476d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_16a3476d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_17041484; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_17041484; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_172e3a14; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_172e3a14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1921c841; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1921c841; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1950c519; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1950c519; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1a4f6ebb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1a4f6ebb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1a7f0a6a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1a7f0a6a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1ae7c8d2; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1ae7c8d2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1b83de28; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1b83de28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1c8cb31a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1c8cb31a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1cc41a23; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1cc41a23; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1cf07dac; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1cf07dac; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1d1fe8ed; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1d1fe8ed; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1ef542; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1ef542; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_20a9ab5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_20a9ab5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_2d39e1c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_2d39e1c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_315df53; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_315df53; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_354fb6c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_354fb6c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3b5eb31; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3b5eb31; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3bd510b8; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3bd510b8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3dead5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3dead5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3e124; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3e124; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_4085a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_4085a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_44af1; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_44af1; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_451f5d5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_451f5d5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_482f322; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_482f322; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_55b5c47; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_55b5c47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 OneSyncSvc_77b4cea; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R2 OneSyncSvc_77b4cea; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_79d8f4d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_79d8f4d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_7cd198f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_7cd198f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_8719761; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_8719761; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_8806fb8; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_8806fb8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_94313cb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_94313cb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_9bfe701; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_9bfe701; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_9df135e; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_9df135e; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_b120a08; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_b120a08; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_b75e27c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_b75e27c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_b8cfcf; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_b8cfcf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_d5a0659; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_d5a0659; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_e7cccdf; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_e7cccdf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_ecf0c86; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_ecf0c86; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_fa63f27; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_fa63f27; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1026d536; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1026d536; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_10b3b7a9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_10b3b7a9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_117a9099; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_117a9099; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_12845f7c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_12845f7c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_12fc6ab; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_12fc6ab; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_13f88757; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_13f88757; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1426f14; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1426f14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_15130bd9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_15130bd9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_15953e28; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_15953e28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_15a1d8a5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_15a1d8a5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_16a3476d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_16a3476d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_17041484; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_17041484; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_172e3a14; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_172e3a14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1921c841; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1921c841; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1950c519; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1950c519; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1a4f6ebb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1a4f6ebb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1a7f0a6a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1a7f0a6a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1ae7c8d2; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1ae7c8d2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1b83de28; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1b83de28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1c8cb31a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1c8cb31a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1cc41a23; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1cc41a23; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1cf07dac; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1cf07dac; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1d1fe8ed; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1d1fe8ed; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1ef542; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1ef542; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_20a9ab5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_20a9ab5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_2d39e1c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_2d39e1c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_315df53; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_315df53; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_354fb6c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_354fb6c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3b5eb31; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3b5eb31; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3bd510b8; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3bd510b8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3dead5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3dead5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3e124; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3e124; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_4085a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_4085a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_44af1; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_44af1; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_451f5d5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_451f5d5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_482f322; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_482f322; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_55b5c47; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_55b5c47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_77b4cea; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_77b4cea; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_79d8f4d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_79d8f4d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_7cd198f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_7cd198f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_8719761; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_8719761; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_8806fb8; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_8806fb8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_94313cb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_94313cb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_9bfe701; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_9bfe701; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_9df135e; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_9df135e; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_b120a08; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_b120a08; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_b75e27c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_b75e27c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_b8cfcf; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_b8cfcf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_d5a0659; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_d5a0659; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_e7cccdf; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_e7cccdf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_ecf0c86; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_ecf0c86; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_fa63f27; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_fa63f27; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-11-22] (IBM Corp.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [118856 2015-12-01] (Toshiba Europe GmbH)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [290304 2015-10-30] (Microsoft Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [990656 2016-10-28] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-10-28] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-10-28] (McAfee, Inc.)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [87040 2015-12-16] (Microsoft Corporation)
 
U3 UnistoreSvc_1026d536; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1026d536; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_10b3b7a9; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_10b3b7a9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_117a9099; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_117a9099; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_12845f7c; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_12845f7c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_12fc6ab; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_12fc6ab; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_13f88757; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_13f88757; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1426f14; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1426f14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_15130bd9; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_15130bd9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_15953e28; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_15953e28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_15a1d8a5; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_15a1d8a5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_16a3476d; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_16a3476d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_17041484; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_17041484; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_172e3a14; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_172e3a14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1921c841; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1921c841; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1950c519; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1950c519; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1a4f6ebb; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1a4f6ebb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1a7f0a6a; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1a7f0a6a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1ae7c8d2; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1ae7c8d2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1b83de28; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1b83de28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1c8cb31a; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1c8cb31a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1cc41a23; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1cc41a23; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1cf07dac; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1cf07dac; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1d1fe8ed; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1d1fe8ed; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1ef542; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1ef542; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_20a9ab5; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_20a9ab5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_2d39e1c; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_2d39e1c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_315df53; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_315df53; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_354fb6c; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_354fb6c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3b5eb31; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3b5eb31; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3bd510b8; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3bd510b8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3dead5; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3dead5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3e124; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3e124; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_4085a; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_4085a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_44af1; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_44af1; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_451f5d5; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_451f5d5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_482f322; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_482f322; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_55b5c47; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_55b5c47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 UnistoreSvc_77b4cea; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R3 UnistoreSvc_77b4cea; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_79d8f4d; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_79d8f4d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_7cd198f; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_7cd198f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_8719761; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_8719761; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_8806fb8; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_8806fb8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_94313cb; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_94313cb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_9bfe701; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_9bfe701; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_9df135e; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_9df135e; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_b120a08; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_b120a08; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_b75e27c; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_b75e27c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_b8cfcf; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_b8cfcf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_d5a0659; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_d5a0659; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_e7cccdf; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_e7cccdf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_ecf0c86; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_ecf0c86; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_fa63f27; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_fa63f27; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1026d536; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1026d536; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_10b3b7a9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_10b3b7a9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_117a9099; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_117a9099; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_12845f7c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_12845f7c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_12fc6ab; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_12fc6ab; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_13f88757; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_13f88757; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1426f14; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1426f14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_15130bd9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_15130bd9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_15953e28; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_15953e28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_15a1d8a5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_15a1d8a5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_16a3476d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_16a3476d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_17041484; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_17041484; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_172e3a14; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_172e3a14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1921c841; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1921c841; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1950c519; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1950c519; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1a4f6ebb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1a4f6ebb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1a7f0a6a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1a7f0a6a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1ae7c8d2; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1ae7c8d2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1b83de28; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1b83de28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1c8cb31a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1c8cb31a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1cc41a23; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1cc41a23; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1cf07dac; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1cf07dac; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1d1fe8ed; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1d1fe8ed; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1ef542; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1ef542; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_20a9ab5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_20a9ab5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_2d39e1c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_2d39e1c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_315df53; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_315df53; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_354fb6c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_354fb6c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3b5eb31; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3b5eb31; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3bd510b8; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3bd510b8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3dead5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3dead5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3e124; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3e124; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_4085a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_4085a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_44af1; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_44af1; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_451f5d5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_451f5d5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_482f322; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_482f322; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_55b5c47; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_55b5c47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 UserDataSvc_77b4cea; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R3 UserDataSvc_77b4cea; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_79d8f4d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_79d8f4d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_7cd198f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_7cd198f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_8719761; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_8719761; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_8806fb8; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_8806fb8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_94313cb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_94313cb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_9bfe701; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_9bfe701; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_9df135e; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_9df135e; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_b120a08; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_b120a08; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_b75e27c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_b75e27c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_b8cfcf; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_b8cfcf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_d5a0659; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_d5a0659; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_e7cccdf; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_e7cccdf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_ecf0c86; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_ecf0c86; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_fa63f27; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_fa63f27; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [245760 2016-01-05] (Microsoft Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2015-10-30] (Intel(R) Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [165888 2015-10-30] (Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-07] (Malwarebytes)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-09-30] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-11-22] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [235688 2016-11-22] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [489704 2016-11-22] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [548008 2016-11-22] (IBM Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R3 RtkBtFilter2; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [65792 2015-05-29] (Realtek Microelectronics)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45056 2015-10-30] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-18 14:52 - 2016-12-18 14:53 - 00080521 _____ C:\Users\Peter\Desktop\FRST.txt
2016-12-18 14:50 - 2016-12-18 14:53 - 00000000 ____D C:\FRST
2016-12-18 14:22 - 2016-12-18 14:50 - 02193920 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2016-12-18 14:06 - 2016-12-18 14:06 - 00000000 ___HD C:\OneDriveTemp
2016-12-13 19:12 - 2016-12-13 19:12 - 00003274 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-10 14:47 - 2016-12-10 14:47 - 00002020 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-12-10 14:47 - 2016-12-10 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-11-19 14:37 - 2016-12-18 12:28 - 00000000 ____D C:\Users\Peter\AppData\LocalLow\Mozilla
2016-11-19 13:39 - 2016-12-17 01:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-18 14:29 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\sru
2016-12-18 14:12 - 2016-08-13 13:00 - 00000000 ____D C:\Users\Peter\AppData\Roaming\{2FCC1977-0A9E-7401-61A8-53D3BD7AAEED}
2016-12-18 14:08 - 2015-12-16 22:34 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-18 14:06 - 2014-01-19 22:05 - 00000000 __RDO C:\Users\Peter\SkyDrive
2016-12-18 13:32 - 2016-03-31 12:19 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2016-12-17 01:56 - 2013-05-12 00:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-14 14:10 - 2014-07-18 11:52 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
2016-12-14 03:08 - 2014-07-18 11:51 - 00000000 ____D C:\ProgramData\Skype
2016-12-14 03:07 - 2014-10-07 11:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-13 19:12 - 2015-12-16 22:56 - 00002374 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-12 21:48 - 2016-07-26 22:35 - 00000000 ____D C:\Program Files\TrueKey
2016-12-12 21:47 - 2016-07-26 22:47 - 00001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-12-12 21:46 - 2016-07-26 22:44 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-12-10 14:47 - 2015-11-21 11:44 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-12-09 08:48 - 2015-12-16 22:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-09 08:48 - 2015-10-30 06:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-12-09 00:50 - 2016-04-08 11:58 - 00002469 _____ C:\WINDOWS\setupact.log
2016-12-02 06:46 - 2015-11-27 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-12-01 17:19 - 2016-03-31 15:13 - 00178930 _____ C:\WINDOWS\PFRO.log
2016-11-29 10:12 - 2015-12-29 22:18 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-29 10:11 - 2015-01-09 08:03 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-27 13:16 - 2013-05-13 08:29 - 00000000 ____D C:\Users\Peter\Documents\Nut Vending
2016-11-22 22:20 - 2015-11-27 12:52 - 00489704 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2016-11-22 22:20 - 2015-11-27 12:52 - 00235688 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys

==================== Files in the root of some directories =======

2016-08-13 21:00 - 2016-08-23 19:00 - 0000139 _____ () C:\Users\Peter\AppData\Roaming\WB.CFG

Files to move or delete:
====================
C:\Windows\Tasks\{1352A79F-700E-126A-4275-4D8A80B43F7B}.job


Some files in TEMP:
====================
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll
C:\Users\Peter\AppData\Local\Temp\ICReinstall_JavaSetup.exe
C:\Users\Peter\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-28 12:08

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Peter (2016-12-18 14:54:49)
Running from C:\Users\Peter\Desktop
Windows 10 Home (X64) (2015-12-16 22:47:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2547263580-2819482140-900026014-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2547263580-2819482140-900026014-503 - Limited - Disabled)
Guest (S-1-5-21-2547263580-2819482140-900026014-501 - Limited - Disabled)
Peter (S-1-5-21-2547263580-2819482140-900026014-1001 - Administrator - Enabled) => C:\Users\Peter

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\Amazon Kindle) (Version: - Amazon)
Basic PAYE Tools (HKLM-x32\...\Basic PAYE Tools - Real Time Information) (Version: 16.1.16125.489 - HM Revenue & Customs)
Bing Search Engine (HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\bingeng) (Version: - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MX7600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX7600_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.9.108.1 - Intel Security)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.469.2 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Office on Demand Browser Add-ons (HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\Microsoft Office on Demand Browser Add-ons) (Version: 15.0.4481.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-GB)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MyDriveConnect 4.0.7.2442 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.7.2442 - TomTom)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.)
Rapport (x32 Version: 3.5.1609.107 - Trusteer) Hidden
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{15AF46DB-9EBA-4662-AA52-29EF23585035}) (Version: 3.2.0.23388 - Skype Technologies S.A.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.973 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.9.2 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.49.124 - Toshiba Corporation)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.107 - Trusteer)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (07/11/2012 2.3.13.3) (HKLM\...\57F58DC141BEB353704E041792E5B00606694FEA) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2547263580-2819482140-900026014-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

18-06-2016 00:40:31 Installed Rapport
26-07-2016 22:44:58 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
30-08-2016 06:31:18 Installed Rapport
30-09-2016 22:15:36 Installed Rapport
02-10-2016 16:50:48 Installed Java 7 Update 79 (64-bit)
17-10-2016 11:51:09 Installed Rapport

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2016-12-10 14:47 - 00000873 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00DC704E-B244-4D94-B1E5-13E39B7E6607} - no path
Task: {080DEAC5-B5FA-499C-8323-31984158CC78} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2015-12-01] (Toshiba Europe GmbH)
Task: {0E8CA952-866C-482D-8344-ADF95AC3505E} - System32\Tasks\{5968FEF2-3046-447C-9B18-A9B3723B1C17} => Firefox.exe http://ui.skype.com/ui/0/7.27.0.101/en/eula
Task: {10196AC6-B613-478F-BDA8-9ED2B97C3F0F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {110F8886-14C5-418B-9614-FBBB37A0568C} - System32\Tasks\{5BD0B9E8-5748-4023-88B4-BE04EFE2CD14} => Firefox.exe http://ui.skype.com/ui/0/7.27.0.101/en/eula
Task: {181EF958-CF2C-45C1-BFE2-0048458E3EFC} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {1A284414-C248-4CE3-ACEF-65D5BC079C48} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-10] (Adobe Systems Incorporated)
Task: {1F655AB3-C9F6-4ABB-90D8-B4129DD5C9C6} - System32\Tasks\{02246007-52EB-4DD7-BF26-3DEB3907F957} => Firefox.exe http://ui.skype.com/ui/0/7.27.0.101/en/eula
Task: {1F73C576-A6AC-4CE5-BB1C-53527E73B59D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {2300B6D1-D409-499E-92DF-030662B73A6B} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {26A69E30-D546-4E28-98C8-676AA80BAF42} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2E3F068A-DEC0-415D-88A3-7C6CA45D9686} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {317107BF-13F6-48B4-AA5A-BA0B03A02F4B} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {33046BDC-2974-457F-A198-055760713D46} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {3627755F-6629-4D94-850A-FBE43D28BEB8} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {3718733E-6FE4-4F0C-B2EF-D765D897C12E} - System32\Tasks\{3AC1A074-6422-42F3-82F7-B93625A1AA40} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {3D08EBE5-67E9-4F7D-8F10-C4FE36E88BA9} - System32\Tasks\{79AF3485-BCC9-4C80-9CA9-DA00687D01C2} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {3D598252-337A-4331-88B5-38FBE6364E3A} - System32\Tasks\{D0C0DCE2-994D-4C27-A7A5-A1F52DA3A38A} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {4208A7BF-D622-476E-A1A3-F9EB2719ECD4} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2015-12-07] (Microsoft Corporation)
Task: {449B876B-8EB6-412A-84DD-96F495BEE30D} - System32\Tasks\{81D2041E-9A36-401F-A634-8C949649BCAC} => Firefox.exe http://ui.skype.com/ui/0/7.27.0.101/en/privacy
Task: {4589E8AB-ED36-440E-B5F3-21ED5036E84E} - System32\Tasks\{DEB6FFDA-E8C3-4884-88CB-6855DDC08D83} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {45A1E736-EAAA-4735-ABBA-A9C5CF2BDAEF} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {49E7DF1C-BF9B-4DB4-8ED7-0CACCECD59C9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4A944005-EAD7-4E3D-A0CB-E36A03948234} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {4A9D6BBB-42AF-42B4-BF9C-42B347746988} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4C178459-F106-4189-890D-A3F8F1FFB532} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-10] (Adobe Systems Incorporated)
Task: {4E3CB8C2-8A0C-4570-A32E-7319C6E8E432} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {5106B0FE-812D-41FF-8DF9-EF43195BA9EF} - System32\Tasks\{911179E4-BBBE-404F-9338-C07A2B19B740} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {584339EB-B21B-4A89-97A6-6861597248F2} - System32\Tasks\{A8137378-B972-413D-B9D1-568E81934178} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {58ED16C2-DD92-4D83-BDC8-80026BD11104} - System32\Tasks\{536EB0B8-75C7-4012-8363-BBA8A0DE1C59} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {5CE6C9E7-90D0-43BC-B132-5D5B7DA639A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {5D59EE82-1103-48EC-9F58-9F8D3AB81C15} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {5F914E38-6C7C-4B0C-A61A-76CD8D073104} - System32\Tasks\{62A53D73-D39B-4CCB-9DA5-55424FE719ED} => Firefox.exe http://ui.skype.com/ui/0/7.27.0.101/en/eula
Task: {666DE4F6-95D7-490D-B521-E877927E00EC} - System32\Tasks\{3B834A7F-2C06-465C-92B1-2F65EC9F7EF8} => Firefox.exe http://ui.skype.com/ui/0/7.7.64.102/en/eula
Task: {66B70B75-1F2C-4EE8-8356-B1C4DA6E617A} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {697E18DD-943C-470A-B9E3-6E5DDCB42D05} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {6B696BCF-C866-41CA-B4E4-3D19FB1E9250} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\SpaceMan.exe [2015-10-30] (Microsoft Corporation)
Task: {71E53243-3A2D-47EE-9DAB-6D71B2366657} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {771F8CCC-6D16-465C-9C2D-9ED53F939C14} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {776B6C2F-D7C3-430A-AF27-D7A236914A7F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {77EA38EB-202C-4216-9375-4803B882E225} - no path
Task: {781ABAB8-C8B1-4E56-AA85-DC0AB34022EB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7AE1BCAC-061D-4672-BACB-88BC74CE1D7A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-10-30] (Microsoft Corporation)
Task: {7CE5D300-4547-4843-B18C-254A0251C66A} - System32\Tasks\{CC794D35-AEF3-45F7-89EA-8C535135FF02} => Firefox.exe http://ui.skype.com/ui/0/7.27.0.101/en/eula
Task: {7E14A3E3-9BB1-439E-97A9-A0B9FDC89D17} - System32\Tasks\{CD4DDCC9-4621-4626-9579-5EDC86E873DC} => Firefox.exe http://ui.skype.com/ui/0/7.7.64.102/en/eula
Task: {7FDF3429-1919-4F1A-AFFF-9ABE305446EA} - System32\Tasks\{B1DC7F8C-2D2D-46F0-9650-8F46456875CF} => Firefox.exe http://ui.skype.com/ui/0/7.27.0.101/en/abandoninstall?page=tsBing
Task: {810167F5-7706-48B8-A896-D404EDD68CFA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {860F596C-A1D8-4651-B747-D134041D80AD} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense => Rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
Task: {8A1454AF-17BF-47F3-ABBE-A17DD491851B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8C6091B1-7241-4286-95B3-C31F4018C755} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-14] (Microsoft Corporation)
Task: {8E7FBE49-FE36-49D7-B8ED-40945601C2E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {90D79106-3D12-40AF-A9BA-231F2327770C} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2015-10-30] (Microsoft Corporation)
Task: {9BB2CC05-5A78-4D17-85BE-4B63C2BCC1F5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9C24DA8B-ED1D-4B59-A0A5-B46B0FCA8822} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {9E0014E2-3AE5-49E0-9AC1-A648E956AD82} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {A483A62A-BEE2-43EF-B43D-C4B6555D6F1E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {A4CF301B-4DA5-4CE9-8E3D-CC0CE7C2A05E} - System32\Tasks\{1352A79F-700E-126A-4275-4D8A80B43F7B} => C:\Users\Peter\AppData\Local\{02FD3~1\SYNCVE~1.EXE [2013-05-02] ()
Task: {C6F06418-EC38-462C-BE0A-1BFB7B1777C5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C881A742-1A15-4EAC-96B9-9C6EA38AC7FA} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {CA4BE44E-107E-4B2D-91AF-FC3B077B02FC} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2015-10-30] (Microsoft Corporation)
Task: {DAE628AF-F608-4C8F-91EC-24011F5B9A8F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DD1CE511-3D95-4867-8974-E0CC0F4FAFDA} - System32\Tasks\{FA4B0EDC-DA71-453F-9863-5EA1FE7EEE52} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {E03596C8-B2A4-4553-B379-B678F0EBCA95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {E35C13D9-BF03-4B42-A2C9-D86C095ECDBE} - no path
Task: {E6CE264E-2650-4013-8471-CB598F9676B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {E8B3E936-2F69-4354-A53F-30EAC17A102B} - System32\Tasks\{1A588EAC-A80D-4CB9-A1A5-CEC0C3326624} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {F120A436-C215-4927-87AA-934387AF5782} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
Task: {F2D84C86-3EB6-4F91-B796-CD72733B9FEF} - System32\Tasks\{843F591F-2B29-40F4-96AF-23EE93C3EA0B} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {F4F71898-65EF-40CA-8CD5-CABE815AEFB9} - System32\Tasks\{881294A9-E327-451F-BCD0-743F5872871B} => Firefox.exe http://ui.skype.com/ui/0/7.27.0.101/en/privacy
Task: {F8F446F1-A967-4A8C-8848-257FA6C9653E} - System32\Tasks\{87F54A0E-57ED-488A-A5A5-4291488BB7EB} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {FECFA123-5B38-4C88-8162-ADE86E51EA40} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\{1352A79F-700E-126A-4275-4D8A80B43F7B}.job =>

==================== Loaded Modules (Whitelisted) ==============

2011-10-13 12:38 - 2011-10-13 12:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2015-07-02 09:32 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-07 13:09 - 2016-02-23 11:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-07 13:09 - 2016-02-23 11:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-13 19:10 - 2016-12-13 19:10 - 01678560 _____ () C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2015-10-28 20:51 - 2015-09-01 16:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-01-13 03:21 - 2016-01-05 01:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-18 01:06 - 2015-12-07 04:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-07 13:08 - 2016-02-23 08:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-31 14:15 - 2012-10-31 14:15 - 02565544 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
2012-07-18 17:38 - 2012-07-18 17:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 17:38 - 2012-07-18 17:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 18:13 - 2012-08-13 18:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2016-01-22 13:57 - 2016-01-22 13:58 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-13 03:21 - 2016-01-05 01:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-28 20:06 - 2016-01-16 05:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 20:06 - 2016-01-16 05:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-18 01:06 - 2015-12-07 04:59 - 03081568 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2015-12-18 01:06 - 2015-12-07 04:57 - 02394976 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2013-04-07 23:51 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2016-12-13 19:10 - 2016-12-13 19:10 - 01244376 _____ () C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
2016-02-22 19:51 - 2016-02-22 19:51 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2016-01-22 13:57 - 2016-01-22 13:58 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 13:57 - 2016-01-22 13:58 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-11-16 00:53 - 2016-11-08 20:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-16 00:53 - 2016-11-08 20:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\CCleaner:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\MyDrive Connect:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Realtek WLAN Driver:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Spotify:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Toshiba TEMPRO:Win32App_1
AlternateDataStreams: C:\Users\ADMINI~1\AppData\Local\Temp:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
AlternateDataStreams: C:\Users\Peter\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Peter\Downloads\Fw_ Croxley Common Moor - Rubbish disposal from newly created moorings..eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(10).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(11).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(12).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(13).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(3).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(4).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(5).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(6).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(7).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(8).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(9).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\webcompanion.com -> hxxp://webcompanion.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2547263580-2819482140-900026014-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\StartupApproved\Run: => "MyDriveConnect.exe"
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\StartupApproved\Run: => "Chromium"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{02240E31-A9EF-401B-BEFC-0128E9EFBC7B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F6907DAD-98D9-4915-BBF3-4D2BC0BE2943}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F802A3D1-724F-4704-B64E-2B229A5FD9D9}] => (Allow) C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\SkypeWebPlugin.exe
FirewallRules: [{377DBE71-3078-46B8-BD8C-3F75A6B4732A}] => (Allow) C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{6ADE9215-5CD2-4BC1-9C19-4D7533A3DA63}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{C1EC7BF0-6321-4584-A70F-98EE3F641E4B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{25E9AEEF-A088-4267-8ADE-67CA055D4045}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{CF05DA80-B4D1-4AA7-B0F4-26F84B326FCF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23885FF4-42B0-44DF-90F0-4873E12E4CB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2CE3DB85-0246-401A-B6ED-9A3EAC4FC1D9}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7C87D5D1-77E9-4424-8ABF-2FBACD40A313}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3535C0DD-73FA-4052-8F2E-22F4C0B82111}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2FC93910-CAC4-429D-A9FA-97FAFA44E658}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{BFAA1019-1D62-48AC-AE7E-2EEB8C410A22}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{8220DE34-A10F-412D-9BE2-F2B9C122B5F1}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{07E6D6A7-E7EF-4A4F-91A2-25057ED1E21F}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{21B98EFC-048E-4BE2-BC33-0890B808A00D}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{74E32F51-08BF-496A-A141-2D2EAF121968}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{ED275BE1-9260-49CD-8405-134CE78CD8F7}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{D288FF71-31C1-4DF5-AFC5-175747EFA260}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{B0278596-BE71-4AD6-9215-C8FA2C669134}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/07/2016 11:22:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 50.0.2.6177, time stamp: 0x583e5197
Faulting module name: mozglue.dll, version: 50.0.2.6177, time stamp: 0x583e4b91
Exception code: 0x80000003
Fault offset: 0x0000ed43
Faulting process ID: 0xc48
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report ID: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (12/06/2016 02:04:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK-PC)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/06/2016 02:04:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK-PC)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/06/2016 10:41:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK-PC)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/04/2016 09:39:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK-PC)
Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/04/2016 02:24:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK-PC)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/02/2016 06:46:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/02/2016 06:45:53 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\syswow64\MsiExec.exe -Embedding 9793CEAB37A45E2825ABCEBDF8798026 E Global\MSI0000; Description = Installed Rapport; Error = 0x81000101).

Error: (12/01/2016 05:21:57 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows log-on process has unexpectedly terminated.

Error: (11/30/2016 06:35:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rti.exe, version: 16.1.16125.489, time stamp: 0x49180193
Faulting module name: QtWebKit4.dll, version: 4.9.3.0, time stamp: 0x511017cc
Exception code: 0xc0000005
Fault offset: 0x00300dc7
Faulting process ID: 0x201c
Faulting application start time: 0xrti.exe0
Faulting application path: rti.exe1
Faulting module path: rti.exe2
Report ID: rti.exe3
Faulting package full name: rti.exe4
Faulting package-relative application ID: rti.exe5


System errors:
=============
Error: (12/18/2016 02:09:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/18/2016 02:07:04 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SIMON-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{368B7966-86B7-4CF5-84E2-6ADDC12ACE1A}.
The master browser is stopping or an election is being forced.

Error: (12/18/2016 01:34:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_731cb27 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/18/2016 01:34:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_731cb27 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/18/2016 01:34:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_731cb27 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/18/2016 01:34:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_731cb27 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/18/2016 01:34:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/18/2016 04:58:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_62fe528 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/18/2016 04:58:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_62fe528 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/18/2016 04:58:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_62fe528 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2016-12-06 10:57:24.057
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-06 10:57:24.041
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-06 10:57:23.983
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-27 12:38:37.988
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-11-16 03:38:32.499
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-16 03:38:32.481
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-16 03:38:32.461
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-16 03:38:31.397
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-16 03:38:31.282
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-14 01:47:51.144
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 70%
Total physical RAM: 3977.22 MB
Available physical RAM: 1159.13 MB
Total Virtual: 4681.22 MB
Available Virtual: 1414.15 MB

==================== Drives ================================

Drive c: (TI31061100A) (Fixed) (Total:453.13 GB) (Free:391.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.

redtarget.gif
Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

Already installed:
2.0 Threat Scan
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select [URL='https://www.techspot.com/guides/1718-run-as-administrator-explained/]Run As Administrator[/URL]
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V12.8.5.0 (x64) [Dec 12 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Peter [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 12/18/2016 16:05:18 (Duration : 01:24:45)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C} -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\WebBar -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-2547263580-2819482140-900026014-1001\Software\csastats -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-2547263580-2819482140-900026014-1001\Software\ProductSetup -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-2547263580-2819482140-900026014-1001\Software\csastats -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-2547263580-2819482140-900026014-1001\Software\ProductSetup -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564 -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2547263580-2819482140-900026014-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2547263580-2819482140-900026014-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://toshiba13.msn.com -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path|VT.Unknown] %WINDIR%\Tasks\{1352A79F-700E-126A-4275-4D8A80B43F7B}.job -- C:\Users\Peter\AppData\Local\{02FD3~1\SYNCVE~1.EXE (/Check) -> Deleted
[Suspicious.Path] \OneDrive Standalone Update Task v2 -- %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe -> Deleted

¤¤¤ Files : 2 ¤¤¤
[PUP][File] C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0f56j65c.default\searchplugins\yahoo! powered.xml -> Deleted
[PUP][File] C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0f56j65c.default\searchplugins\yahoo-lavasoft.xml -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP][Chrome:Addon] Default : MSN Homepage & Bing Search Engine [fcfenmboojpjinhpgggodefccipikbpd] -> Deleted
[PUP|PUM.NewTab][Firefox:Config] 0f56j65c.default : user_pref("browser.newtab.url", "http://searchinterneat-a.akamaihd.n...aUQ1ARBNBNARaB0tXUUEeGGlxR1dMZlBNJUtXFEo1RFRP"); -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABF050 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] Basic data partition | Offset (sectors): 923648 | Size: 260 MB
2 - [MAN-MOUNT] Basic data partition | Offset (sectors): 1456128 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1718272 | Size: 464003 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 951998464 | Size: 839 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 953716736 | Size: 11258 MB
User = LL1 ... OK
User = LL2 ... OK
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/19/16
Scan Time: 3:46 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.4.1269
Components Version: 1.0.39
Update Package Version: 1.0.788
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: WORK-PC\Peter

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 399437
Time Elapsed: 9 min, 37 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 3
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\04262113-2a31-48e1-b4bb-3b42174bea0f, Quarantined, [581], [336950],1.0.788
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\e24b7131-d039-43cb-9e6f-ad4be601ec1f, Quarantined, [581], [336950],1.0.788
PUP.Optional.WinYahoo, HKU\S-1-5-21-2547263580-2819482140-900026014-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}, Quarantined, [116], [254682],1.0.788

Registry Value: 3
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\04262113-2a31-48e1-b4bb-3b42174bea0f|DESCRIPTION, Quarantined, [581], [336950],1.0.788
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\e24b7131-d039-43cb-9e6f-ad4be601ec1f|DESCRIPTION, Quarantined, [581], [336950],1.0.788
PUP.Optional.WinYahoo, HKU\S-1-5-21-2547263580-2819482140-900026014-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, Quarantined, [116], [254682],1.0.788

Data Stream: 0
(No malicious items detected)

Folder: 85
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\abstractbutton\background, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\embedscript\background, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\thirdparty\background, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\uninstall\background, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\embedhtml\background, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\weather\css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\topapps\css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\weather\js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\weather\background, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\topapps\js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\generic\background, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\radio\css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\defaultSearch\foreground, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\defaultSearch\background, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\embedscript\html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\alert\background, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\flare\background, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\radio\js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\moviereviews\background, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\menu\background, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\topapps, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\link\background, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\weather, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\abstractbutton, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\embedhtml\html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\embedscript\js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\common, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\rss\js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\rss\background, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\radio, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\test, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\embedhtml\js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\embedscript, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\flare\icons, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\menu\images, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\rss, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\radio\radioWrapper, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\search\background, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\thirdparty, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\moviereviews\html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\embedhtml, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\menu\html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\radio\foreground, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\uninstall, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\radio\background, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\moviereviews\css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\menu\css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\moviereviews\js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\generic, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\menu\js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\weather, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\api\background, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\defaultSearch, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\supertab\html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\alert, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\flare, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\moviereviews, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\supertab\css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\search\html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\menu, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\link, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\supertab\js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\rss, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\api\window, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\radio\css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\supertab, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\search, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\radio, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\adapter, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\api, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\native\libs, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\_metadata, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\native, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\icons, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GLBHHKMMKPLKAPCGLKALFILELBOHHHBB, Quarantined, [343], [301931],1.0.788

File: 247
PUP.Optional.Yontoo, C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0F56J65C.DEFAULT\PREFS.JS, Replaced, [70], [302786],1.0.788
PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, Removal Failed, [70], [-1],0.0.0
PUP.Optional.Yontoo, C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0F56J65C.DEFAULT\PREFS.JS, Replaced, [70], [303302],1.0.788
PUP.Optional.DriverUpdate, C:\USERS\PETER\DOWNLOADS\DRIVERUPDATE-SETUP.EXE, Quarantined, [1208], [331447],1.0.788
PUP.Optional.InstallCore, C:\$RECYCLE.BIN\S-1-5-21-2547263580-2819482140-900026014-1001\$R8WQHRD.EXE, Quarantined, [8], [319692],1.0.788
PUP.Optional.BundleInstaller, C:\USERS\PETER\APPDATA\LOCAL\TEMP\ICREINSTALL_JAVASETUP.EXE, Quarantined, [38], [316221],1.0.788
PUP.Optional.Reimage, C:\USERS\PETER\DOWNLOADS\REIMAGEREPAIR.EXE, Quarantined, [1319], [331559],1.0.788
PUP.Optional.MindSpark, C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_listingsportal.dl.tb.ask.com_0.localstorage, Quarantined, [343], [240306],1.0.788
PUP.Optional.MindSpark, C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_glbhhkmmkplkapcglkalfilelbohhhbb_0.localstorage, Quarantined, [343], [240348],1.0.788
PUP.Optional.SearchForFirefox, C:\USERS\PETER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0F56J65C.DEFAULT\EXTENSIONS\{DE71F09A-3342-48C5-95C1-4B0F17567554}.XPI, Quarantined, [1217], [323071],1.0.788
PUP.Optional.MindSpark, C:\USERS\PETER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GLBHHKMMKPLKAPCGLKALFILELBOHHHBB\12.41.9.65148_0\MANIFEST.JSON, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\adapter\adapterUtil.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\adapter\widget-adapter.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\abstractbutton\background\abstractButton.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\alert\background\alertButton.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\embedhtml\background\embedHtmlWidget.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\embedhtml\html\embedHtmlTemplate.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\embedhtml\js\embedHtmlUI.js, Quarantined, [343], [301931],1.0.788
 
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\embedscript\background\embedScriptWidget.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\embedscript\html\embedScriptTemplate.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\embedscript\js\embedScriptUI.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\flare\background\FlareWidget.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\flare\icons\Icon_Flare_blue.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\flare\icons\Icon_Flare_pink.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\flare\icons\Thumbs.db, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\generic\background\GenericWidget.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\link\background\linkButton.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\menu\background\menuButton.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\menu\css\menuframe.css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\menu\html\menuframe.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\menu\images\right_arrow.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\menu\images\right_arrow_white.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\menu\js\jquery-1.7.1.min.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\menu\js\menuframe.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\menu\js\query-string.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\menu\js\underscore-1.3.1.min.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\menu\README.txt, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\rss\background\RssWidget.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\thirdparty\background\thirdPartyWidget.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\uninstall\background\uninstallButton.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\components\weather\background\weatherButton.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\js\bs.30.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\js\common.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\js\dynamic.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\js\enableDetect.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\js\eventListening.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\js\global.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\js\jquery-1.7.1.min.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\js\list-interaction.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\js\messageEventListener.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\js\navRedirector.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\js\paramReplacer.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\js\PartnerId.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\js\set.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\js\underscore-1.3.1.min.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\js\underscore-1.5.2.min.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\js\unifiedLogging.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\common\common.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\common\eventListening.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\common\list-interaction.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\common\set.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\radio\css\radio-widget.css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\radio\js\radio-custom.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\radio\js\radio-parser.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\radio\js\radio-widget.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\radio\radio-widget.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\rss\js\rss-widget.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\rss\rssWidget.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\test\invalid.json, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\test\jquery.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\test\qunit.css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\test\qunit.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\test\resource.json, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\test\resource.xml, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\test\testWidget.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\test\testWidget.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\topapps\css\widget.css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\topapps\js\topapps-config.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\topapps\js\widget.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\topapps\widget.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\weather\css\weatherButton.css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\weather\js\weather.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widgets\weather\weatherButton.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\common\widget-api\widget-context-1.0.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\api\background\ApiBasedWidget.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\api\background\widget-api-impl.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\api\window\hiddenWidgetWindow.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\api\window\hiddenWidgetWindow.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\api\window\hiddenWidgetWindowInit.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\api\window\widgetWindow.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\api\window\widgetWindow.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\defaultSearch\background\updateSearch.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\defaultSearch\background\updateSearchPromptBg.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\defaultSearch\foreground\07_buttons2.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\defaultSearch\foreground\08_buttons2.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\defaultSearch\foreground\defaultSearchModal.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\defaultSearch\foreground\tvf_btn_ok.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\defaultSearch\foreground\tvf_restart_icon.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\moviereviews\background\MovieReviewsWidget.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\moviereviews\css\movieReviews.css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\moviereviews\html\movieReviews.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\moviereviews\js\movieReviews.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\radio\background\RadioWidget.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\radio\css\toolbar-item.css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\radio\foreground\button.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\radio\radioWrapper\radioWrapper.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\radio\radioWrapper\radioWrapper.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\search\background\searchBox.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\search\html\searchSuggestions.css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\search\html\searchSuggestions.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\search\html\searchSuggestions.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\search\html\searchSuggestionsInit.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\supertab\css\supertab.css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\supertab\html\supertab.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\supertab\js\newtabfork.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\supertab\js\reporting.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\supertab\js\srchsugg.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\supertab\js\supertab.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\supertab\js\unifiedLogging.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\components\supertab\js\__utm.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\icons\arrowSprite.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\icons\icon128.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\icons\icon16.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\icons\icon19disabled.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\icons\icon19on.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\icons\icon48.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\icons\tb_icon_search_disappearing_ask.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\229243356.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\229243369.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\229243391.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\229243397.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\229243403.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\229243408.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\229243412.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\229243442.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\229243459.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\down_arrow.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\IDR_PRODUCT_LOGO_16.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\IDR_WEBSTORE_ICON.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\magnifying_glass.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\RadioPlayerSprite.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\search_button.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\tvf_icon_guide.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\tvf_logo.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\images\wrench.png, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\chromeUtils.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\companionSWUtils.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\exeManager.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\exeManagerNMD.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\exePackageManager.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\focusManager.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\globalBlacklistManager.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\messaging.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\mutation_summary-min.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\mutation_summary.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\nativeMessagingDispatcher.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\newTabInfo.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\newTabInitialize.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\options.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\readLocalStorage.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\reservespacefortoolbar.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\reservespaceifenabled.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\scriptInjector.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\searchContext.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\settingsOverrides.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\toolbarCookieParser.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\toolbarPreinit.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\underscore-1.3.1.min.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\URILoaderContentScript.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\webTooltabAPI.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\Widget.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\widgetContentScriptInjectee.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\widgetFactory.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\js\widgetWindowManager.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\native\libs\jquery-1.7.1.min.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\native\libs\jquery-1.9.1.min.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\native\libs\underscore-1.5.2.min.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\native\cache.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\native\ce.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\native\debug.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\native\ss.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\activePing.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\buttonLogger.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\competitorDnsList.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\console.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\FFPreferencesPersister.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\httpTransport.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\HttpURL.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\internationalSearch.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\LocalStoragePersister.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\MindsparkGlobal.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\MindsparkGlobal.unitTest.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\MindsparkGlobalNotes.txt, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\rsvp-latest.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\searchSuggestLocale.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\testHttpTransport.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\unifiedLogger.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\unifiedLogging.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\universalConsole.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\shared\utils.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\_metadata\computed_hashes.json, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\_metadata\verified_contents.json, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\spent.css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\bg.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\buildVars, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\buildVars.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\companionSW.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\config.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\contentScript.css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\contentScript.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\debug.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\debug.jade, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\extension_toolbar_api.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\initWidgetWindow.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\newTabContentScript.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\options.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\spent.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\spent.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\spent2.css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\spent2.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\spentJ.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\spentK.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\spentK.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\startup.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\stub.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\stubby.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\superFrame.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\toolbar.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\toolbar.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\toolbarUI.css, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\toolbarUI.html, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\toolbarUI.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\url.js, Quarantined, [343], [301931],1.0.788
PUP.Optional.MindSpark, C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb\12.41.9.65148_0\webtooltab.cs.js, Quarantined, [343], [301931],1.0.788

Physical Sector: 0
(No malicious items detected)


(end)
 
# AdwCleaner v6.041 - Logfile created 19/12/2016 at 16:38:13
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-18.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Peter - WORK-PC
# Running from : C:\Users\Peter\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\Application Data\lavasoft\web companion


***** [ Files ] *****

[-] File deleted: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[-] File deleted: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[-] File deleted: C:\Users\Public\Desktop\eBay.lnk
[-] File deleted: C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
[-] File deleted: C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.reimageplus.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\deals-way.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\shopper.deals-way.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\deals-way.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\shopper.deals-way.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\reimageplus.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.reimageplus.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\deals-way.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\shopper.deals-way.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\deals-way.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\shopper.deals-way.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.search.defaultenginename" - "Yahoo! Powered"
[-] Chrome preferences cleaned: "browser.search.selectedEngine" - "Yahoo! Powered"
[-] [C:\Users\Peter\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Deleted: yahoo! powered
[-] [C:\Users\Peter\AppData\Local\Chromium\User Data\Default] [startup_urls] Deleted: hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_popjar_16_32_ssg02&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0CtDyDtDyByEtDtDyBtCyByBtCtA0BtN0D0Tzu0StCyCzzyCtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0EzytDyC0E0EtDtGyD0FtB0FtG0DtCyDzztGyC0FtCtBtGtByC0CyCyBzyzyyDzy0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0AtDzztA0DtC0BtGtAzz0FtBtGyEyBtAtBtGzy0D0AyEtG0CyDtB0F0F0EyC0CyC0FtB0B2QtN0A0LzuyE%26cr%3D1517793009%26a%3Dwnf_popjar_16_32_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
[-] [C:\Users\Peter\AppData\Local\Chromium\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\Peter\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wnf_popjar_16_32_ssg02&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyB0CtDyDtDyByEtDtDyBtCyByBtCtA0BtN0D0Tzu0StCyCzzyCtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyD0EzytDyC0E0EtDtGyD0FtB0FtG0DtCyDzztGyC0FtCtBtGtByC0CyCyBzyzyyDzy0F0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0F0AtDzztA0DtC0BtGtAzz0FtBtGyEyBtAtBtGzy0D0AyEtG0CyDtB0F0F0EyC0CyC0FtB0B2QtN0A0LzuyE%26cr%3D1517793009%26a%3Dwnf_popjar_16_32_ssg02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
[-] [C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com
[-] [C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [10725 Bytes] - [19/12/2016 16:38:13]
C:\AdwCleaner\AdwCleaner[S0].txt - [9735 Bytes] - [19/12/2016 16:34:40]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10872 Bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Peter (Administrator) on 19/12/2016 at 17:07:42.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BCC2C1F3-CA8A-4078-8ED8-7C9C554515B6} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/12/2016 at 17:11:34.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Computer seems better already and good to see nothing major found as of yet. Appreciate all your help!
 
Cool :)

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Peter (administrator) on WORK-PC (19-12-2016 20:59:53)
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter (Available Profiles: Peter)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(© 2015 Microsoft Corporation) C:\Users\Peter\AppData\Local\Microsoft\BingSvc\BingSvc.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13261456 2012-11-29] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565544 2012-10-31] ()
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2172816 2012-10-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-12-18] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7152640 2012-12-05] (Pegatron Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1199576 2013-01-30] (Spotify Ltd)
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [1958248 2015-11-20] (TomTom)
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\Run: [BingSvc] => C:\Users\Peter\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-20] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\Run: [Chromium] => c:\users\peter\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\RunOnce: [Uninstall C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{142be7b7-461e-4339-9693-8a23183302ac}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{368b7966-86b7-4cf5-84e2-6addc12ace1a}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\S-1-5-21-2547263580-2819482140-900026014-1001 -> DefaultScope {BCC2C1F3-CA8A-4078-8ED8-7C9C554515B6} URL =
SearchScopes: HKU\S-1-5-21-2547263580-2819482140-900026014-1001 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-00777ad5&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-10-02] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-10-02] (Oracle Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2016-10-02] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2016-10-02] (Oracle Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security)
Toolbar: HKU\S-1-5-21-2547263580-2819482140-900026014-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-07-02] (Microsoft Corporation)
Handler-x32: osf-roaming - {C57E9882-B128-4E07-BA2D-FF83B8989C76} - C:\Users\Peter\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-05-11] (Microsoft Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2015-10-30] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2015-10-30] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0f56j65c.default
FF SearchEngineOrder.3: Bing
FF Keyword.URL: user_pref("keyword.URL", true);
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-10] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-10-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-10-02] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin64.dll [2014-11-03] (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-10] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2016-10-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2016-10-02] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-02] (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin.dll [2014-11-03] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2547263580-2819482140-900026014-1001: @microsoft.com/Office on Demand;version=1 -> C:\Users\Peter\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll [2012-11-10] (Microsoft Corporation)
FF Extension: Bing Search - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0f56j65c.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-01-20]
FF Extension: NewTabTV Extension - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0f56j65c.default\Extensions\NewTabTV-the-extension@mozilla.com.xpi [2015-09-12]
FF Extension: Search Powered by Yahoo Engine - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0f56j65c.default\Extensions\{176c8b66-7fc3-4af5-a86b-d0207c456b14}.xpi [2016-10-02]
FF Extension: Generous Deal - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0f56j65c.default\Extensions\{6a3cec1b-b44c-4a51-8da6-4a3d012319bd}.xpi [2016-03-25]
FF Extension: Adblock Plus - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0f56j65c.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-02]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-11-19]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-19]
CHR Extension: (Google Docs) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-03]
CHR Extension: (Google Drive) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-03]
CHR Extension: (Rapport) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-12-26]
CHR Extension: (InboxAce) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlijlfhiafecphlajcellfblbfelapo [2015-11-23]
CHR Extension: (YouTube) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-03]
CHR Extension: (Google Search) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-03]
CHR Extension: (Google Sheets) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-19]
CHR Extension: (Google Docs Offline) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-12]
CHR Extension: (ListingsPortal) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\glbhhkmmkplkapcglkalfilelbohhhbb [2016-12-19]
CHR Extension: (Skype) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-22]
CHR Extension: (CouponXplorer) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\magdmbkcibdnnfmnamahibddledomccn [2015-11-23]
CHR Extension: (InboxAce) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\milikiamccfkhchpiiigkebcobekbiln [2015-11-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-08]
CHR Extension: (Gmail) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-03]
CHR Extension: (Chrome Media Router) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-26]
CHR HKU\S-1-5-21-2547263580-2819482140-900026014-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52736 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1026d536; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1026d536; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_10b3b7a9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_10b3b7a9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_117a9099; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_117a9099; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_12845f7c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_12845f7c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_12fc6ab; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_12fc6ab; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_13f88757; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_13f88757; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1426f14; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1426f14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_15130bd9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_15130bd9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_15953e28; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_15953e28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_15a1d8a5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_15a1d8a5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_16a3476d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_16a3476d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_17041484; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_17041484; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_172e3a14; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_172e3a14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1921c841; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1921c841; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1950c519; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1950c519; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1a4f6ebb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1a4f6ebb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1a7f0a6a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1a7f0a6a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1ae7c8d2; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1ae7c8d2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1b83de28; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1b83de28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1c8cb31a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1c8cb31a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1cc41a23; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1cc41a23; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1cf07dac; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1cf07dac; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1d1fe8ed; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1d1fe8ed; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1ef542; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_1ef542; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_20a9ab5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_20a9ab5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S3 MessagingService_2407b3; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 MessagingService_2407b3; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_2d39e1c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_2d39e1c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_315df53; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_315df53; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_354fb6c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_354fb6c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3b5eb31; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3b5eb31; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3bd510b8; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3bd510b8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3dead5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3dead5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3e124; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_3e124; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_4085a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_4085a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_44af1; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_44af1; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_451f5d5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_451f5d5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_482f322; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_482f322; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_55b5c47; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_55b5c47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_79d8f4d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_79d8f4d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_7cd198f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_7cd198f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_8719761; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_8719761; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_8806fb8; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_8806fb8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_94313cb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_94313cb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_9bfe701; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_9bfe701; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_9df135e; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_9df135e; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_b120a08; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_b120a08; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_b75e27c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_b75e27c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_b8cfcf; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_b8cfcf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_d5a0659; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_d5a0659; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_e7cccdf; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_e7cccdf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_ecf0c86; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_ecf0c86; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 MessagingService_fa63f27; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 MessagingService_fa63f27; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1026d536; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1026d536; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_10b3b7a9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_10b3b7a9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_117a9099; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_117a9099; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_12845f7c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_12845f7c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_12fc6ab; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_12fc6ab; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_13f88757; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_13f88757; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1426f14; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1426f14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_15130bd9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_15130bd9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_15953e28; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_15953e28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_15a1d8a5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_15a1d8a5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_16a3476d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_16a3476d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_17041484; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_17041484; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_172e3a14; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_172e3a14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1921c841; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1921c841; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1950c519; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1950c519; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1a4f6ebb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1a4f6ebb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1a7f0a6a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1a7f0a6a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1ae7c8d2; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1ae7c8d2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1b83de28; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1b83de28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1c8cb31a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1c8cb31a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1cc41a23; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1cc41a23; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1cf07dac; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1cf07dac; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1d1fe8ed; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1d1fe8ed; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1ef542; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_1ef542; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_20a9ab5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_20a9ab5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
S2 OneSyncSvc_2407b3; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S2 OneSyncSvc_2407b3; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_2d39e1c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_2d39e1c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_315df53; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_315df53; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_354fb6c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_354fb6c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3b5eb31; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3b5eb31; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3bd510b8; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3bd510b8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3dead5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3dead5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3e124; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_3e124; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_4085a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_4085a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_44af1; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_44af1; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_451f5d5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_451f5d5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_482f322; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_482f322; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_55b5c47; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_55b5c47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_79d8f4d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_79d8f4d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_7cd198f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_7cd198f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_8719761; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_8719761; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_8806fb8; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_8806fb8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_94313cb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_94313cb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_9bfe701; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_9bfe701; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_9df135e; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_9df135e; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_b120a08; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_b120a08; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_b75e27c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_b75e27c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_b8cfcf; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_b8cfcf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_d5a0659; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_d5a0659; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_e7cccdf; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_e7cccdf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_ecf0c86; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_ecf0c86; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_fa63f27; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U2 OneSyncSvc_fa63f27; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1026d536; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1026d536; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_10b3b7a9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_10b3b7a9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_117a9099; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_117a9099; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_12845f7c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_12845f7c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_12fc6ab; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_12fc6ab; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_13f88757; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_13f88757; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1426f14; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1426f14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_15130bd9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_15130bd9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_15953e28; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_15953e28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_15a1d8a5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_15a1d8a5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_16a3476d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_16a3476d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_17041484; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_17041484; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_172e3a14; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_172e3a14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1921c841; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1921c841; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1950c519; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1950c519; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1a4f6ebb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1a4f6ebb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1a7f0a6a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1a7f0a6a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1ae7c8d2; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1ae7c8d2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1b83de28; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1b83de28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1c8cb31a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1c8cb31a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1cc41a23; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1cc41a23; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1cf07dac; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1cf07dac; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1d1fe8ed; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1d1fe8ed; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1ef542; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_1ef542; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_20a9ab5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_20a9ab5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
 
S3 PimIndexMaintenanceSvc_2407b3; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_2407b3; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_2d39e1c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_2d39e1c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_315df53; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_315df53; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_354fb6c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_354fb6c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3b5eb31; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3b5eb31; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3bd510b8; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3bd510b8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3dead5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3dead5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3e124; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_3e124; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_4085a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_4085a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_44af1; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_44af1; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_451f5d5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_451f5d5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_482f322; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_482f322; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_55b5c47; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_55b5c47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_79d8f4d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_79d8f4d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_7cd198f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_7cd198f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_8719761; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_8719761; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_8806fb8; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_8806fb8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_94313cb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_94313cb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_9bfe701; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_9bfe701; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_9df135e; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_9df135e; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_b120a08; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_b120a08; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_b75e27c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_b75e27c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_b8cfcf; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_b8cfcf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_d5a0659; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_d5a0659; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_e7cccdf; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_e7cccdf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_ecf0c86; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_ecf0c86; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_fa63f27; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_fa63f27; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-11-22] (IBM Corp.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-12-05] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [118856 2015-12-01] (Toshiba Europe GmbH)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [290304 2015-10-30] (Microsoft Corporation)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [990656 2016-10-28] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-10-28] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-10-28] (McAfee, Inc.)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [87040 2015-12-16] (Microsoft Corporation)
U3 UnistoreSvc_1026d536; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1026d536; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_10b3b7a9; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_10b3b7a9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_117a9099; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_117a9099; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_12845f7c; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_12845f7c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_12fc6ab; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_12fc6ab; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_13f88757; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_13f88757; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1426f14; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1426f14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_15130bd9; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_15130bd9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_15953e28; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_15953e28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_15a1d8a5; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_15a1d8a5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_16a3476d; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_16a3476d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_17041484; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_17041484; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_172e3a14; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_172e3a14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1921c841; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1921c841; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1950c519; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1950c519; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1a4f6ebb; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1a4f6ebb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1a7f0a6a; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1a7f0a6a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1ae7c8d2; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1ae7c8d2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1b83de28; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1b83de28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1c8cb31a; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1c8cb31a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1cc41a23; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1cc41a23; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1cf07dac; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1cf07dac; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1d1fe8ed; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1d1fe8ed; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1ef542; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_1ef542; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_20a9ab5; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_20a9ab5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 UnistoreSvc_2407b3; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R3 UnistoreSvc_2407b3; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_2d39e1c; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_2d39e1c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_315df53; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_315df53; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_354fb6c; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_354fb6c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3b5eb31; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3b5eb31; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3bd510b8; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3bd510b8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3dead5; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3dead5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3e124; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_3e124; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_4085a; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_4085a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_44af1; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_44af1; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_451f5d5; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_451f5d5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_482f322; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_482f322; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_55b5c47; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_55b5c47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_79d8f4d; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_79d8f4d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_7cd198f; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_7cd198f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_8719761; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_8719761; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_8806fb8; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_8806fb8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_94313cb; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_94313cb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_9bfe701; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_9bfe701; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_9df135e; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_9df135e; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_b120a08; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_b120a08; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_b75e27c; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_b75e27c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_b8cfcf; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_b8cfcf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_d5a0659; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_d5a0659; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_e7cccdf; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_e7cccdf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_ecf0c86; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_ecf0c86; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_fa63f27; C:\WINDOWS\System32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UnistoreSvc_fa63f27; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1026d536; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1026d536; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_10b3b7a9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_10b3b7a9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_117a9099; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_117a9099; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_12845f7c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_12845f7c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_12fc6ab; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_12fc6ab; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_13f88757; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_13f88757; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1426f14; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1426f14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_15130bd9; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_15130bd9; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_15953e28; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_15953e28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_15a1d8a5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_15a1d8a5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_16a3476d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_16a3476d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_17041484; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_17041484; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_172e3a14; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_172e3a14; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1921c841; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1921c841; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1950c519; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1950c519; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1a4f6ebb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1a4f6ebb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1a7f0a6a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1a7f0a6a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1ae7c8d2; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1ae7c8d2; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1b83de28; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1b83de28; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1c8cb31a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1c8cb31a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1cc41a23; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1cc41a23; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1cf07dac; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1cf07dac; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1d1fe8ed; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1d1fe8ed; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1ef542; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_1ef542; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_20a9ab5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_20a9ab5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 UserDataSvc_2407b3; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
R3 UserDataSvc_2407b3; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_2d39e1c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_2d39e1c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_315df53; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_315df53; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_354fb6c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_354fb6c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3b5eb31; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3b5eb31; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3bd510b8; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3bd510b8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3dead5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3dead5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3e124; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_3e124; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_4085a; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_4085a; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_44af1; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_44af1; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_451f5d5; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_451f5d5; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_482f322; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_482f322; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_55b5c47; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_55b5c47; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_79d8f4d; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_79d8f4d; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_7cd198f; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_7cd198f; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_8719761; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_8719761; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_8806fb8; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_8806fb8; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_94313cb; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_94313cb; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_9bfe701; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_9bfe701; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_9df135e; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_9df135e; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_b120a08; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_b120a08; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_b75e27c; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_b75e27c; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_b8cfcf; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_b8cfcf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_d5a0659; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_d5a0659; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_e7cccdf; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_e7cccdf; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_ecf0c86; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_ecf0c86; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_fa63f27; C:\WINDOWS\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
U3 UserDataSvc_fa63f27; C:\WINDOWS\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]


===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows (R) Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [245760 2016-01-05] (Microsoft Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2016-11-29] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2015-10-30] (Intel(R) Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [165888 2015-10-30] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-19] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2016-12-19] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2016-12-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-19] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2016-12-19] (Malwarebytes)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-09-30] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-11-22] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [235688 2016-11-22] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [489704 2016-11-22] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [548008 2016-11-22] (IBM Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R3 RtkBtFilter2; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [65792 2015-05-29] (Realtek Microelectronics)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45056 2015-10-30] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-19 21:00 - 2016-12-19 21:00 - 00000000 ___HD C:\OneDriveTemp
2016-12-19 17:11 - 2016-12-19 17:11 - 00000679 _____ C:\Users\Peter\Desktop\JRT.txt
2016-12-19 16:27 - 2016-12-19 16:38 - 00000000 ____D C:\AdwCleaner
2016-12-19 16:11 - 2016-12-19 16:14 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-12-19 15:44 - 2016-12-19 17:16 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2016-12-19 15:44 - 2016-12-19 17:16 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-19 15:44 - 2016-12-19 17:16 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-19 15:43 - 2016-12-19 17:16 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-19 15:43 - 2016-12-19 15:43 - 00001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-19 15:43 - 2016-12-19 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-19 15:43 - 2016-12-19 15:43 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-19 15:43 - 2016-11-29 06:27 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-18 18:38 - 2016-12-18 18:40 - 00003480 _____ C:\Users\Peter\Desktop\New Text Document.txt
2016-12-18 16:05 - 2016-12-18 16:05 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-12-18 15:37 - 2016-12-18 15:37 - 00000910 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-12-18 15:37 - 2016-12-18 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-12-18 15:36 - 2016-12-18 18:40 - 00000000 ____D C:\ProgramData\RogueKiller
2016-12-18 15:36 - 2016-12-18 15:37 - 00000000 ____D C:\Program Files\RogueKiller
2016-12-18 15:34 - 2016-12-19 17:07 - 01663040 _____ (Malwarebytes) C:\Users\Peter\Downloads\JRT.exe
2016-12-18 15:34 - 2016-12-19 16:27 - 03977168 _____ C:\Users\Peter\Downloads\AdwCleaner.exe
2016-12-18 15:33 - 2016-12-19 15:42 - 51969976 _____ (Malwarebytes ) C:\Users\Peter\Downloads\mb3-setup-consumer-3.0.4.1269.exe
2016-12-18 15:26 - 2016-12-18 15:36 - 34211496 _____ (Adlice Software ) C:\Users\Peter\Downloads\setup.exe
2016-12-18 14:54 - 2016-12-18 14:55 - 00046189 _____ C:\Users\Peter\Desktop\Addition.txt
2016-12-18 14:52 - 2016-12-19 21:01 - 00075964 _____ C:\Users\Peter\Desktop\FRST.txt
2016-12-18 14:50 - 2016-12-19 21:00 - 00000000 ____D C:\FRST
2016-12-18 14:22 - 2016-12-18 14:50 - 02193920 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2016-11-19 14:37 - 2016-12-19 14:55 - 00000000 ____D C:\Users\Peter\AppData\LocalLow\Mozilla
2016-11-19 13:39 - 2016-12-18 18:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-19 21:00 - 2014-01-19 22:05 - 00000000 __RDO C:\Users\Peter\SkyDrive
2016-12-19 20:59 - 2016-03-31 12:19 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2016-12-19 20:50 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\sru
2016-12-19 20:48 - 2015-12-16 22:34 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-19 17:16 - 2015-11-21 20:16 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-19 17:15 - 2015-12-16 22:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-19 17:14 - 2016-03-31 15:13 - 00180128 _____ C:\WINDOWS\PFRO.log
2016-12-19 17:14 - 2015-10-30 06:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-12-19 16:36 - 2016-07-26 22:47 - 00000000 ____D C:\Users\Peter\AppData\Local\tkdata
2016-12-19 15:43 - 2015-11-21 20:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-19 14:55 - 2014-07-18 11:52 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Skype
2016-12-18 20:11 - 2013-06-30 22:01 - 00002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-18 20:11 - 2013-06-30 22:01 - 00002231 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-18 19:54 - 2013-06-30 22:00 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-18 19:54 - 2013-06-30 22:00 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-18 18:41 - 2016-07-26 22:44 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-12-18 18:41 - 2016-07-26 22:35 - 00000000 ____D C:\Program Files\TrueKey
2016-12-18 18:41 - 2013-05-12 00:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-18 17:28 - 2013-08-22 15:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-12-18 14:12 - 2016-08-13 13:00 - 00000000 ____D C:\Users\Peter\AppData\Roaming\{2FCC1977-0A9E-7401-61A8-53D3BD7AAEED}
2016-12-14 03:08 - 2014-07-18 11:51 - 00000000 ____D C:\ProgramData\Skype
2016-12-14 03:07 - 2014-10-07 11:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-13 19:12 - 2015-12-16 22:56 - 00002374 _____ C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-12 21:47 - 2016-07-26 22:47 - 00001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-12-09 00:50 - 2016-04-08 11:58 - 00002469 _____ C:\WINDOWS\setupact.log
2016-12-02 06:46 - 2015-11-27 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-11-29 10:12 - 2015-12-29 22:18 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-29 10:11 - 2015-01-09 08:03 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-27 13:16 - 2013-05-13 08:29 - 00000000 ____D C:\Users\Peter\Documents\Nut Vending
2016-11-22 22:20 - 2015-11-27 12:52 - 00489704 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2016-11-22 22:20 - 2015-11-27 12:52 - 00235688 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys

==================== Files in the root of some directories =======

2016-08-13 21:00 - 2016-08-23 19:00 - 0000139 _____ () C:\Users\Peter\AppData\Roaming\WB.CFG

Some files in TEMP:
====================
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll
C:\Users\Peter\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Peter\AppData\Local\Temp\libeay32.dll
C:\Users\Peter\AppData\Local\Temp\msvcr120.dll
C:\Users\Peter\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Peter\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-28 12:08

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Peter (2016-12-19 21:02:25)
Running from C:\Users\Peter\Desktop
Windows 10 Home (X64) (2015-12-16 22:47:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2547263580-2819482140-900026014-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2547263580-2819482140-900026014-503 - Limited - Disabled)
Guest (S-1-5-21-2547263580-2819482140-900026014-501 - Limited - Disabled)
Peter (S-1-5-21-2547263580-2819482140-900026014-1001 - Administrator - Enabled) => C:\Users\Peter

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\Amazon Kindle) (Version: - Amazon)
Basic PAYE Tools (HKLM-x32\...\Basic PAYE Tools - Real Time Information) (Version: 16.1.16125.489 - HM Revenue & Customs)
Bing Search Engine (HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\bingeng) (Version: - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.32(T) - TOSHIBA CORPORATION)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MX7600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX7600_series) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41663) (Version: 3.8.0.41663.61 - Intel)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.9.108.1 - Intel Security)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Malwarebytes version 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Office on Demand Browser Add-ons (HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\Microsoft Office on Demand Browser Add-ons) (Version: 15.0.4481.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-GB)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MyDriveConnect 4.0.7.2442 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.7.2442 - TomTom)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Premium Sound HD (HKLM\...\{000A208E-1050-4181-AC37-E13DA9254B73}) (Version: 1.12.6000 - DTS, Inc.)
Rapport (x32 Version: 3.5.1609.107 - Trusteer) Hidden
Realtek Bluetooth Filter Driver Package (HKLM-x32\...\InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}) (Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6794 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
RogueKiller version 12.8.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.5.0 - Adlice Software)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{15AF46DB-9EBA-4662-AA52-29EF23585035}) (Version: 3.2.0.23388 - Skype Technologies S.A.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6626.6410 - Toshiba Corporation)
TOSHIBA Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.10 - TOSHIBA)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 2.00.973 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.1.54043006 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0015 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{F76F5214-83A8-4030-80C9-1EF57391D72A}) (Version: 4.9.2 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.49.124 - Toshiba Corporation)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.107 - Trusteer)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (07/11/2012 2.3.13.3) (HKLM\...\57F58DC141BEB353704E041792E5B00606694FEA) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2547263580-2819482140-900026014-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

26-07-2016 22:44:58 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
30-08-2016 06:31:18 Installed Rapport
30-09-2016 22:15:36 Installed Rapport
02-10-2016 16:50:48 Installed Java 7 Update 79 (64-bit)
17-10-2016 11:51:09 Installed Rapport
19-12-2016 17:07:44 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2016-12-19 17:06 - 00000846 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00DC704E-B244-4D94-B1E5-13E39B7E6607} - no path
Task: {080DEAC5-B5FA-499C-8323-31984158CC78} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2015-12-01] (Toshiba Europe GmbH)
Task: {0E8CA952-866C-482D-8344-ADF95AC3505E} - System32\Tasks\{5968FEF2-3046-447C-9B18-A9B3723B1C17} => Firefox.exe http://ui.skype.com/ui/0/7.27.0.101/en/eula
Task: {10196AC6-B613-478F-BDA8-9ED2B97C3F0F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {110F8886-14C5-418B-9614-FBBB37A0568C} - System32\Tasks\{5BD0B9E8-5748-4023-88B4-BE04EFE2CD14} => Firefox.exe http://ui.skype.com/ui/0/7.27.0.101/en/eula
Task: {181EF958-CF2C-45C1-BFE2-0048458E3EFC} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {1A284414-C248-4CE3-ACEF-65D5BC079C48} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-10] (Adobe Systems Incorporated)
Task: {1F655AB3-C9F6-4ABB-90D8-B4129DD5C9C6} - System32\Tasks\{02246007-52EB-4DD7-BF26-3DEB3907F957} => Firefox.exe http://ui.skype.com/ui/0/7.27.0.101/en/eula
Task: {1F73C576-A6AC-4CE5-BB1C-53527E73B59D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {2300B6D1-D409-499E-92DF-030662B73A6B} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {26A69E30-D546-4E28-98C8-676AA80BAF42} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2E3F068A-DEC0-415D-88A3-7C6CA45D9686} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {317107BF-13F6-48B4-AA5A-BA0B03A02F4B} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {33046BDC-2974-457F-A198-055760713D46} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {3627755F-6629-4D94-850A-FBE43D28BEB8} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {3718733E-6FE4-4F0C-B2EF-D765D897C12E} - System32\Tasks\{3AC1A074-6422-42F3-82F7-B93625A1AA40} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {3D08EBE5-67E9-4F7D-8F10-C4FE36E88BA9} - System32\Tasks\{79AF3485-BCC9-4C80-9CA9-DA00687D01C2} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {3D598252-337A-4331-88B5-38FBE6364E3A} - System32\Tasks\{D0C0DCE2-994D-4C27-A7A5-A1F52DA3A38A} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {4208A7BF-D622-476E-A1A3-F9EB2719ECD4} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2015-12-07] (Microsoft Corporation)
Task: {449B876B-8EB6-412A-84DD-96F495BEE30D} - System32\Tasks\{81D2041E-9A36-401F-A634-8C949649BCAC} => Firefox.exe http://ui.skype.com/ui/0/7.27.0.101/en/privacy
Task: {4589E8AB-ED36-440E-B5F3-21ED5036E84E} - System32\Tasks\{DEB6FFDA-E8C3-4884-88CB-6855DDC08D83} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {45A1E736-EAAA-4735-ABBA-A9C5CF2BDAEF} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {49E7DF1C-BF9B-4DB4-8ED7-0CACCECD59C9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4A944005-EAD7-4E3D-A0CB-E36A03948234} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {4A9D6BBB-42AF-42B4-BF9C-42B347746988} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4C178459-F106-4189-890D-A3F8F1FFB532} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-10] (Adobe Systems Incorporated)
Task: {4E3CB8C2-8A0C-4570-A32E-7319C6E8E432} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {5106B0FE-812D-41FF-8DF9-EF43195BA9EF} - System32\Tasks\{911179E4-BBBE-404F-9338-C07A2B19B740} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {584339EB-B21B-4A89-97A6-6861597248F2} - System32\Tasks\{A8137378-B972-413D-B9D1-568E81934178} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {58ED16C2-DD92-4D83-BDC8-80026BD11104} - System32\Tasks\{536EB0B8-75C7-4012-8363-BBA8A0DE1C59} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {5CE6C9E7-90D0-43BC-B132-5D5B7DA639A8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {5D59EE82-1103-48EC-9F58-9F8D3AB81C15} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {5F914E38-6C7C-4B0C-A61A-76CD8D073104} - System32\Tasks\{62A53D73-D39B-4CCB-9DA5-55424FE719ED} => Firefox.exe http://ui.skype.com/ui/0/7.27.0.101/en/eula
Task: {666DE4F6-95D7-490D-B521-E877927E00EC} - System32\Tasks\{3B834A7F-2C06-465C-92B1-2F65EC9F7EF8} => Firefox.exe http://ui.skype.com/ui/0/7.7.64.102/en/eula
Task: {697E18DD-943C-470A-B9E3-6E5DDCB42D05} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {6B696BCF-C866-41CA-B4E4-3D19FB1E9250} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\SpaceMan.exe [2015-10-30] (Microsoft Corporation)
Task: {71E53243-3A2D-47EE-9DAB-6D71B2366657} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {771F8CCC-6D16-465C-9C2D-9ED53F939C14} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe
Task: {776B6C2F-D7C3-430A-AF27-D7A236914A7F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {77EA38EB-202C-4216-9375-4803B882E225} - no path
Task: {781ABAB8-C8B1-4E56-AA85-DC0AB34022EB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7AE1BCAC-061D-4672-BACB-88BC74CE1D7A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-10-30] (Microsoft Corporation)
Task: {7CE5D300-4547-4843-B18C-254A0251C66A} - System32\Tasks\{CC794D35-AEF3-45F7-89EA-8C535135FF02} => Firefox.exe http://ui.skype.com/ui/0/7.27.0.101/en/eula
Task: {7E14A3E3-9BB1-439E-97A9-A0B9FDC89D17} - System32\Tasks\{CD4DDCC9-4621-4626-9579-5EDC86E873DC} => Firefox.exe http://ui.skype.com/ui/0/7.7.64.102/en/eula
Task: {7FDF3429-1919-4F1A-AFFF-9ABE305446EA} - System32\Tasks\{B1DC7F8C-2D2D-46F0-9650-8F46456875CF} => Firefox.exe http://ui.skype.com/ui/0/7.27.0.101/en/abandoninstall?page=tsBing
Task: {810167F5-7706-48B8-A896-D404EDD68CFA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {860F596C-A1D8-4651-B747-D134041D80AD} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense => Rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
Task: {8A1454AF-17BF-47F3-ABBE-A17DD491851B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8C6091B1-7241-4286-95B3-C31F4018C755} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-14] (Microsoft Corporation)
Task: {8E7FBE49-FE36-49D7-B8ED-40945601C2E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {90D79106-3D12-40AF-A9BA-231F2327770C} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2015-10-30] (Microsoft Corporation)
Task: {9BB2CC05-5A78-4D17-85BE-4B63C2BCC1F5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {9E0014E2-3AE5-49E0-9AC1-A648E956AD82} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {A483A62A-BEE2-43EF-B43D-C4B6555D6F1E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {C6F06418-EC38-462C-BE0A-1BFB7B1777C5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C881A742-1A15-4EAC-96B9-9C6EA38AC7FA} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {CA4BE44E-107E-4B2D-91AF-FC3B077B02FC} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2015-10-30] (Microsoft Corporation)
Task: {DAE628AF-F608-4C8F-91EC-24011F5B9A8F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DD1CE511-3D95-4867-8974-E0CC0F4FAFDA} - System32\Tasks\{FA4B0EDC-DA71-453F-9863-5EA1FE7EEE52} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {E03596C8-B2A4-4553-B379-B678F0EBCA95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {E35C13D9-BF03-4B42-A2C9-D86C095ECDBE} - no path
Task: {E6CE264E-2650-4013-8471-CB598F9676B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {E8B3E936-2F69-4354-A53F-30EAC17A102B} - System32\Tasks\{1A588EAC-A80D-4CB9-A1A5-CEC0C3326624} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {F120A436-C215-4927-87AA-934387AF5782} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
Task: {F2D84C86-3EB6-4F91-B796-CD72733B9FEF} - System32\Tasks\{843F591F-2B29-40F4-96AF-23EE93C3EA0B} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {F4F71898-65EF-40CA-8CD5-CABE815AEFB9} - System32\Tasks\{881294A9-E327-451F-BCD0-743F5872871B} => Firefox.exe http://ui.skype.com/ui/0/7.27.0.101/en/privacy
Task: {F8F446F1-A967-4A8C-8848-257FA6C9653E} - System32\Tasks\{87F54A0E-57ED-488A-A5A5-4291488BB7EB} => Firefox.exe http://ui.skype.com/ui/0/7.12.64.101/en/abandoninstall?page=tsProgressBar
Task: {FECFA123-5B38-4C88-8162-ADE86E51EA40} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2011-10-13 12:38 - 2011-10-13 12:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2016-12-19 15:43 - 2016-11-29 06:27 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-12-19 15:43 - 2016-11-29 06:27 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-19 15:43 - 2016-11-29 06:27 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2015-07-02 09:32 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-07 13:09 - 2016-02-23 11:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-07 13:09 - 2016-02-23 11:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-13 19:10 - 2016-12-13 19:10 - 01678560 _____ () C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2015-10-28 20:51 - 2015-09-01 16:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-01-13 03:21 - 2016-01-05 01:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-22 13:57 - 2016-01-22 13:58 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 01:06 - 2015-12-07 04:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-07 13:08 - 2016-02-23 08:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 03:21 - 2016-01-05 01:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-28 20:06 - 2016-01-16 05:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 20:06 - 2016-01-16 05:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-31 14:15 - 2012-10-31 14:15 - 02565544 _____ () C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
2012-07-18 17:38 - 2012-07-18 17:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 17:38 - 2012-07-18 17:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 18:13 - 2012-08-13 18:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2013-04-07 23:51 - 2012-06-25 09:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2016-12-13 19:10 - 2016-12-13 19:10 - 01244376 _____ () C:\Users\Peter\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
2016-02-22 19:51 - 2016-02-22 19:51 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2016-02-22 19:49 - 2016-02-22 19:49 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2016-01-22 13:57 - 2016-01-22 13:58 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 13:57 - 2016-01-22 13:58 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\MyDrive Connect:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Realtek WLAN Driver:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Spotify:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Toshiba TEMPRO:Win32App_1
AlternateDataStreams: C:\Users\ADMINI~1\AppData\Local\Temp:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
AlternateDataStreams: C:\Users\Peter\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Peter\Downloads\Fw_ Croxley Common Moor - Rubbish disposal from newly created moorings..eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(10).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(11).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(12).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(13).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(3).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(4).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(5).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(6).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(7).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(8).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(9).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\localhost -> localhost


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2547263580-2819482140-900026014-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\StartupApproved\Run: => "MyDriveConnect.exe"
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\...\StartupApproved\Run: => "Chromium"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{02240E31-A9EF-401B-BEFC-0128E9EFBC7B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F6907DAD-98D9-4915-BBF3-4D2BC0BE2943}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F802A3D1-724F-4704-B64E-2B229A5FD9D9}] => (Allow) C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\SkypeWebPlugin.exe
FirewallRules: [{377DBE71-3078-46B8-BD8C-3F75A6B4732A}] => (Allow) C:\Users\Peter\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{6ADE9215-5CD2-4BC1-9C19-4D7533A3DA63}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{C1EC7BF0-6321-4584-A70F-98EE3F641E4B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{25E9AEEF-A088-4267-8ADE-67CA055D4045}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{CF05DA80-B4D1-4AA7-B0F4-26F84B326FCF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23885FF4-42B0-44DF-90F0-4873E12E4CB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2CE3DB85-0246-401A-B6ED-9A3EAC4FC1D9}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7C87D5D1-77E9-4424-8ABF-2FBACD40A313}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3535C0DD-73FA-4052-8F2E-22F4C0B82111}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2FC93910-CAC4-429D-A9FA-97FAFA44E658}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{BFAA1019-1D62-48AC-AE7E-2EEB8C410A22}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{8220DE34-A10F-412D-9BE2-F2B9C122B5F1}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{07E6D6A7-E7EF-4A4F-91A2-25057ED1E21F}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [{21B98EFC-048E-4BE2-BC33-0890B808A00D}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{74E32F51-08BF-496A-A141-2D2EAF121968}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{ED275BE1-9260-49CD-8405-134CE78CD8F7}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{D288FF71-31C1-4DF5-AFC5-175747EFA260}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{8EDF27BD-617B-4E1E-A0DE-12D8F689EBAB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2016 05:08:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/19/2016 04:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK-PC)
Description: Activation of application Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/18/2016 05:33:06 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: 0x80041033

Error: (12/07/2016 11:22:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 50.0.2.6177, time stamp: 0x583e5197
Faulting module name: mozglue.dll, version: 50.0.2.6177, time stamp: 0x583e4b91
Exception code: 0x80000003
Fault offset: 0x0000ed43
Faulting process ID: 0xc48
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report ID: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (12/06/2016 02:04:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK-PC)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/06/2016 02:04:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK-PC)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/06/2016 10:41:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK-PC)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/04/2016 09:39:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK-PC)
Description: Activation of application Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/04/2016 02:24:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WORK-PC)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/02/2016 06:46:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (12/19/2016 09:02:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/19/2016 05:25:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_77a5c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/19/2016 05:25:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_77a5c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/19/2016 05:25:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_77a5c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/19/2016 05:25:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_77a5c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/19/2016 05:25:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/19/2016 05:23:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/19/2016 05:23:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{3185A766-B338-11E4-A71E-12E3F512A338}{7006698D-2974-4091-A424-85DD0B909E23}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/19/2016 05:15:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The InstallerService service failed to start due to the following error:
%%2

Error: (12/19/2016 05:15:05 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service start-up. Additional Data: Error Value: 2147942402.


CodeIntegrity:
===================================
Date: 2016-12-19 16:32:27.484
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-19 16:32:27.461
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-19 16:32:27.427
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-19 16:32:27.135
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-19 16:32:27.110
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-19 16:32:27.071
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-19 16:32:26.778
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-19 16:32:26.755
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-19 16:32:26.721
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-19 16:32:26.439
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 47%
Total physical RAM: 3977.22 MB
Available physical RAM: 2074.91 MB
Total Virtual: 4681.22 MB
Available Virtual: 2769.2 MB

==================== Drives ================================

Drive c: (TI31061100A) (Fixed) (Total:453.13 GB) (Free:392.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    4.8 KB · Views: 1
Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Peter (2016-12-20 09:20:08) Run:1
Running from C:\Users\Peter\Desktop
Loaded Profiles: Peter & (Available Profiles: Peter)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2547263580-2819482140-900026014-1001 -> DefaultScope {BCC2C1F3-CA8A-4078-8ED8-7C9C554515B6} URL =
Toolbar: HKU\S-1-5-21-2547263580-2819482140-900026014-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
2016-08-13 21:00 - 2016-08-23 19:00 - 0000139 _____ () C:\Users\Peter\AppData\Roaming\WB.CFG
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll
C:\Users\Peter\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Peter\AppData\Local\Temp\libeay32.dll
C:\Users\Peter\AppData\Local\Temp\msvcr120.dll
C:\Users\Peter\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Peter\AppData\Local\Temp\sqlite3.dll
Task: {10196AC6-B613-478F-BDA8-9ED2B97C3F0F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {26A69E30-D546-4E28-98C8-676AA80BAF42} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {49E7DF1C-BF9B-4DB4-8ED7-0CACCECD59C9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4A9D6BBB-42AF-42B4-BF9C-42B347746988} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {776B6C2F-D7C3-430A-AF27-D7A236914A7F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {77EA38EB-202C-4216-9375-4803B882E225} - no path
Task: {781ABAB8-C8B1-4E56-AA85-DC0AB34022EB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {810167F5-7706-48B8-A896-D404EDD68CFA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8A1454AF-17BF-47F3-ABBE-A17DD491851B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9BB2CC05-5A78-4D17-85BE-4B63C2BCC1F5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C6F06418-EC38-462C-BE0A-1BFB7B1777C5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DAE628AF-F608-4C8F-91EC-24011F5B9A8F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E35C13D9-BF03-4B42-A2C9-D86C095ECDBE} - no path
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\MyDrive Connect:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Realtek WLAN Driver:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Spotify:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Toshiba TEMPRO:Win32App_1
AlternateDataStreams: C:\Users\ADMINI~1\AppData\Local\Temp:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
AlternateDataStreams: C:\Users\Peter\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Peter\Downloads\Fw_ Croxley Common Moor - Rubbish disposal from newly created moorings..eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(10).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(11).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(12).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(13).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(3).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(4).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(5).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(6).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(7).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(8).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters(9).eml:OECustomProperty
AlternateDataStreams: C:\Users\Peter\Downloads\RE Byewaters.eml:OECustomProperty

*****************

"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2547263580-2819482140-900026014-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => value removed successfully
HKCR\CLSID\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => key not found.
"HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
InstallerService => service removed successfully
C:\Users\Peter\AppData\Roaming\WB.CFG => moved successfully
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationCore.dll => moved successfully
C:\Users\ADMINI~1\AppData\Local\Temp\PresentationFramework.dll => moved successfully
C:\Users\ADMINI~1\AppData\Local\Temp\ReachFramework.dll => moved successfully
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationProvider.dll => moved successfully
C:\Users\ADMINI~1\AppData\Local\Temp\UIAutomationTypes.dll => moved successfully
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsBase.dll => moved successfully
C:\Users\ADMINI~1\AppData\Local\Temp\WindowsFormsIntegration.dll => moved successfully
C:\Users\Peter\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\Peter\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\Peter\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\Peter\AppData\Local\Temp\SkypeSetup.exe => moved successfully
C:\Users\Peter\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10196AC6-B613-478F-BDA8-9ED2B97C3F0F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10196AC6-B613-478F-BDA8-9ED2B97C3F0F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26A69E30-D546-4E28-98C8-676AA80BAF42}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26A69E30-D546-4E28-98C8-676AA80BAF42}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49E7DF1C-BF9B-4DB4-8ED7-0CACCECD59C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49E7DF1C-BF9B-4DB4-8ED7-0CACCECD59C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A9D6BBB-42AF-42B4-BF9C-42B347746988}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A9D6BBB-42AF-42B4-BF9C-42B347746988}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{776B6C2F-D7C3-430A-AF27-D7A236914A7F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{776B6C2F-D7C3-430A-AF27-D7A236914A7F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77EA38EB-202C-4216-9375-4803B882E225}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77EA38EB-202C-4216-9375-4803B882E225}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{781ABAB8-C8B1-4E56-AA85-DC0AB34022EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{781ABAB8-C8B1-4E56-AA85-DC0AB34022EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{810167F5-7706-48B8-A896-D404EDD68CFA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{810167F5-7706-48B8-A896-D404EDD68CFA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8A1454AF-17BF-47F3-ABBE-A17DD491851B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A1454AF-17BF-47F3-ABBE-A17DD491851B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BB2CC05-5A78-4D17-85BE-4B63C2BCC1F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BB2CC05-5A78-4D17-85BE-4B63C2BCC1F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6F06418-EC38-462C-BE0A-1BFB7B1777C5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6F06418-EC38-462C-BE0A-1BFB7B1777C5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DAE628AF-F608-4C8F-91EC-24011F5B9A8F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAE628AF-F608-4C8F-91EC-24011F5B9A8F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E35C13D9-BF03-4B42-A2C9-D86C095ECDBE}" => key removed successfully
C:\Program Files\Microsoft Office 15 => ":Win32App_1" ADS removed successfully.
C:\Program Files\Microsoft Silverlight => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\MyDrive Connect => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Realtek WLAN Driver => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Spotify => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Toshiba TEMPRO => ":Win32App_1" ADS removed successfully.
C:\Users\ADMINI~1\AppData\Local\Temp => ":Win32App_1" ADS removed successfully.
C:\ProgramData\regid.1991-06.com.microsoft => ":Win32App_1" ADS removed successfully.
"C:\Users\Peter\SkyDrive" => ":ms-properties" ADS not found.
C:\Users\Peter\Downloads\Fw_ Croxley Common Moor - Rubbish disposal from newly created moorings..eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Peter\Downloads\RE Byewaters(1).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Peter\Downloads\RE Byewaters(10).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Peter\Downloads\RE Byewaters(11).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Peter\Downloads\RE Byewaters(12).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Peter\Downloads\RE Byewaters(13).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Peter\Downloads\RE Byewaters(2).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Peter\Downloads\RE Byewaters(3).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Peter\Downloads\RE Byewaters(4).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Peter\Downloads\RE Byewaters(5).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Peter\Downloads\RE Byewaters(6).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Peter\Downloads\RE Byewaters(7).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Peter\Downloads\RE Byewaters(8).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Peter\Downloads\RE Byewaters(9).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Peter\Downloads\RE Byewaters.eml => ":OECustomProperty" ADS removed successfully.

==== End of Fixlog 09:20:15 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 45
Java version 32-bit out of Date!
Adobe Flash Player 23.0.0.207
Mozilla Firefox (50.1.0)
Google Chrome (55.0.2883.87)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 27-01-2016
Ran by Peter (administrator) on 23-12-2016 at 12:44:34
Running from "C:\Users\Peter\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
For some reason Sophos would not complete the scan. The progress bar would go no further than about 5% or so and it was doing that for a good 4+ hours. Any suggestions?
 
Yes. Try this..

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Under "ESET Online Scanner" click on "Scan now" button.
  • It'll download small file "esetonlinescanner_enu.exe".
  • Double click on downloaded file.
  • Click on Accept button.
  • Checkmark "Disable detection of potentially unwanted applications".
  • Click Scan
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
 
Status
Not open for further replies.

Similar threads

D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
406
Fastturtle
F
E
Another day, another FBI takedown of routers infected by malware
Replies
7
Views
226
p51d007
p51d007
Cal Jeffrey
Hackers used Ars Technica and Vimeo to deliver malware using obfuscated binary instructions...
Replies
0
Views
134
Cal Jeffrey
Cal Jeffrey

Latest posts

Back