Page 1 of 4 123 ... LastLast
Results 1 to 10 of 35
  1. #1
    Member Steph's Avatar
    Join Date
    Nov 2004
    Location
    London, UK
    Posts
    954
    Points
    60

    Default FileHippo - how to uninstall?

    I've been using FileHippo Update Checker for some time and found it useful but recently it's been freezing and generally not working properly (v.1040) so I'd like to uninstall it and then reinstall. However, I can't see it listed in Control Panel/Programs and nor is it listed as an add-on in Firefox. Does anyone have any ideas where it might be or how to uninstall it please?

    Thank you

    Steph
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi Steph, (waves)

    Good to see you!!

    Look in programs and Features for FileHippo App Manager instead of Unchecky.

    You should also be able to find the uninstaller located in C:\Program Files (x86)\FileHippo.com

    Let me know what you find.

    I see that there is a Beta version available for download. I tend to steer clear of Beta versions till they have the bugs worked out of them.

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. The Following 2 Users Say Thank You to DonnaB For This Useful Post:


  4. #3
    Member Steph's Avatar
    Join Date
    Nov 2004
    Location
    London, UK
    Posts
    954
    Points
    60

    Default

    Hi Donna (*waves right back*) - thanks for replying, good to see you too!

    FileHippo isn't listed in Programs & Features (what's Unchecky by the way?) I looked in C:\Program Files (x86)\FileHippo.com as you suggested and the only program in the FileHippo folder is UpdateChecker.exe.config.

    Unless I'm being particularly dense I can't see any way to uninstall it anywhere - any other ideas please?

    Thank you

    Steph
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

  5. #4
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi Steph,

    FileHippo isn't listed in Programs & Features (what's Unchecky by the way?)
    Ugh... I'm sorry. I meant Updater Checker not Unchecky which is software that I recommend for those who are click happy and tend to allow prechecked bundled software to install along side intended software they want installed.

    Seems that Update Checker is now FileHippo's App Manager. See here. That's the only link I could find that explains why I am redirected to FileHippo's App Manager when I click on the Update Checker link. It appears that Update Checker has been renamed. I'll see what I can find out about that.

    If you would like to download the Farbar Recovery Scan Tool from the instructions below, I can get a better picture as to why it is not being displayed in your Programs and Features list. We could also uninstall with FRST if needed.

    Please download Farbar Recovery Scan Tool and save it to your desktop. <<< Very Important!

    Note: You will need to run the version compatible with your system. If you are not sure which version (32 or 64-bit) applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    • Make sure that FRST is on the desktop of the infected system
    • Right click and choose Run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates a second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  6. The Following User Says Thank You to DonnaB For This Useful Post:


  7. #5
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi again Steph,

    Looks like FileHippo's Update Checker was renamed to FileHippo's App Manager back in September of 2014. You'll find the change log here. Installing FileHippo's App Manager (the new version) should write over the old version. If you still have issues with it freezing and not working properly, uninstalling FileHippo App Manager from Programs and Features should remove the program including the older/outdated files and folders that are causing the issues. You could then reinstall as you wish, otherwise, the FRST logs could display where the old files and folders are so they could be removed and you could reinstall for a fresh clean install that has no issues.

    Have a nice day!

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  8. The Following User Says Thank You to DonnaB For This Useful Post:


  9. #6
    Member Steph's Avatar
    Join Date
    Nov 2004
    Location
    London, UK
    Posts
    954
    Points
    60

    Default

    Hi Donna, thanks for both your replies

    I tried running FRST as per your instructions but my a-v kept moving it to quarantine and wouldn't let me run it! I did restore it and try again (three times) but it just wouldn't let me run the program at all, so I gave up on that suggestion as I couldn't see how to override the quarantine. Any idea how to override it - as you say in your second post, FRST would then display where the old FileHippo data is stored so it can be deleted?

    Otherwise, did you mean that installing the newer version would automatically overwrite any older versions and the newer version would then appear in Programs and Features? Have I got this right?

    Thanks for your help as always and sorry to be so dense!

    Steph
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

  10. #7
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi Steph,

    You'll probably have to temporarily disable your AV. I have seen this happen a few times. Which one do you have installed? I can contact Farbar and let him know the AV won't allow the program to run and in turn he can contact the AV company and notify them this is happening so they can include the exception in an update.

    Otherwise, did you mean that installing the newer version would automatically overwrite any older versions and the newer version would then appear in Programs and Features? Have I got this right?
    Yes, you've got that right. The newer version should over write the older version in the same way that any other software application overwrites the older version when updated. That should display the newer version in Programs and Features.

    Not dense at all, Steph. I have always admired the way you think things through clearly before taking any action. I wish more people were as cautious as you.

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  11. #8
    Member Steph's Avatar
    Join Date
    Nov 2004
    Location
    London, UK
    Posts
    954
    Points
    60

    Default

    Hi again Donna, apologies for the delay in replying, it's been a manic day.

    you think things through clearly before taking any action
    Hmm, I'm not so sure everyone would agree with you on that one!

    OK, so the older version I want to uninstall is v.1.040 which is on my PC, but as detailed in my original post, I can't find where to uninstall it from. I then realised I had the newer app version you described installed on my laptop (v. 1.47.0.103, which is the last non-beta version released) so found that and downloaded it to the PC, where it installed over the older version and then appeared in the Programs list, as you said. I then uninstalled it from there, except it only uninstalled the newer app version I'd just installed and it left the older version intact - and still no hint of where to uninstall it from!

    I disabled a-v as you suggested (it's Bullguard, by the way), ran FRST and the two scans you asked for are below. Thanks for your help, with any luck you'll be able to find where FileHippo has hidden itself so it can be weeded out

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
    Ran by CHARLIE ADMIN (administrator) on CHARLIE1-PC (23-02-2016 22:12:33)
    Running from C:\Users\Charlie\Desktop
    Loaded Profiles: Charlie & CHARLIE ADMIN (Available Profiles: Charlie & CHARLIE ADMIN)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
    (Mega System Technologies, Inc.) C:\Program Files (x86)\Megatec\UPSilon 2000\Monw32.exe
    (Mega System Technologies, Inc.) C:\Program Files (x86)\Megatec\UPSilon 2000\RupsMon.exe
    () C:\Program Files (x86)\Megatec\UPSilon 2000\UPSOW.exe
    (Mega Corp.) C:\Program Files (x86)\Megatec\UPSilon 2000\usbmate.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    Failed to access process -> FRST64.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1337360 2016-02-04] (BullGuard Ltd.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-606865524-3492198832-1852018503-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
    ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-02-03] (BullGuard Ltd.)
    ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-02-03] (BullGuard Ltd.)
    ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-02-03] (BullGuard Ltd.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rupsmon Daemon.lnk [2013-11-18]
    ShortcutTarget: Rupsmon Daemon.lnk -> C:\Program Files (x86)\Megatec\UPSilon 2000\Monw32.exe (Mega System Technologies, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{FB26EB1E-93E7-466A-B8B2-663CB977F0CB}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKU\S-1-5-21-606865524-3492198832-1852018503-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpage.com/
    HKU\S-1-5-21-606865524-3492198832-1852018503-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/
    HKU\S-1-5-21-606865524-3492198832-1852018503-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/
    BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2013-11-28] (CANON INC.)
    BHO: Do Not Track Me -> {6E45F3E8-2683-4824-A6BE-08108022FB36} -> C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll [2013-11-12] (Abine Inc)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
    BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2013-11-28] (CANON INC.)
    BHO-x32: Do Not Track Me -> {6E45F3E8-2683-4824-A6BE-08108022FB36} -> C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll [2013-11-12] (Abine Inc)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: IXQUICKTB Class -> {C5CAA6CD-8EE4-40a3-92E0-385561406C50} -> C:\Program Files (x86)\Ixquick Toolbar\ix_quick.dll [2007-04-26] (IE Toolbar)
    BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
    Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2013-11-28] (CANON INC.)
    Toolbar: HKLM-x32 - Ixquick Toolbar - {70F241F6-52AB-4D45-993E-C1C09920095B} - C:\Program Files (x86)\Ixquick Toolbar\ix_quick.dll [2007-04-26] (IE Toolbar)
    Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2013-11-28] (CANON INC.)
    Toolbar: HKU\S-1-5-21-606865524-3492198832-1852018503-1000 -> No Name - {70F241F6-52AB-4D45-993E-C1C09920095B} - No File

    FireFox:
    ========
    FF ProfilePath: C:\Users\CHARLIE ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\uoishu41.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-11] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-11] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
    FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard
    FF Extension: BullGuard Safe Browsing - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard [2014-08-08] [not signed]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1359888 2016-02-03] (BullGuard Ltd.)
    R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [673296 2016-02-03] (BullGuard Ltd.)
    R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [177168 2016-02-03] (BullGuard Ltd.)
    R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [476176 2016-02-03] (BullGuard Ltd.)
    R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [802832 2016-02-03] (BullGuard Ltd.)
    R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [782352 2016-02-09] (BullGuard Ltd.)
    R2 BsMain; c:\program files\bullguard ltd\bullguard\bsmain.dll [606224 2016-02-03] (BullGuard Ltd.)
    R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [310288 2016-02-03] (BullGuard Ltd.)
    R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [398864 2016-02-23] (BullGuard Ltd.)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 Rupsmon; C:\Program Files (x86)\Megatec\UPSilon 2000\RupsMon.exe [204800 2011-03-22] (Mega System Technologies, Inc.) [File not signed]
    R2 USBMate; C:\Program Files (x86)\Megatec\UPSilon 2000\USBMate.exe [106552 2010-12-16] (Mega Corp.) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [52912 2015-06-17] (Agnitum Ltd.)
    R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [465072 2015-06-17] (Agnitum Ltd.)
    R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117184 2014-06-18] (BullGuard Ltd.)
    R3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [33968 2015-10-15] (BullGuard Ltd.)
    R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [76728 2015-10-15] (BullGuard Ltd.)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
    R2 MegaCom; C:\Windows\System32\DRIVERS\megabatteryX64.sys [19008 2010-01-27] (Mega System Technologies,Inc)
    R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [325488 2015-08-24] (BullGuard Ltd.)
    R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [26776 2015-08-24] (BullGuard Ltd.)
    U5 terminpt; C:\Windows\System32\Drivers\terminpt.sys [29696 2012-08-23] (Microsoft Corporation) [File not signed]
    R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [477272 2015-10-15] (BitDefender S.R.L.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-23 22:12 - 2016-02-23 22:12 - 00011534 _____ C:\Users\Charlie\Desktop\FRST.txt
    2016-02-23 21:58 - 2016-02-23 21:58 - 02371072 _____ (Farbar) C:\Users\Charlie\Desktop\FRST64.exe
    2016-02-23 21:35 - 2016-02-23 21:35 - 00002048 _____ C:\Users\CHARLIE ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FILEHIPPO APP MANAGER.LNK
    2016-02-23 21:35 - 2016-02-23 21:35 - 00002018 _____ C:\Users\CHARLIE ADMIN\Desktop\FILEHIPPO APP MANAGER.LNK
    2016-02-23 21:32 - 2016-02-23 21:32 - 00000000 ____D C:\ProgramData\IsolatedStorage
    2016-02-23 09:48 - 2016-02-23 09:48 - 00169904 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll.PendingBullGuardUpdate
    2016-02-23 09:48 - 2016-02-23 09:48 - 00148256 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll.PendingBullGuardUpdate
    2016-02-23 09:48 - 2016-02-23 09:48 - 00076816 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll.PendingBullGuardUpdate
    2016-02-23 09:48 - 2016-02-23 09:48 - 00061968 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll.PendingBullGuardUpdate
    2016-02-22 21:16 - 2016-02-23 22:12 - 00000000 ____D C:\FRST
    2016-02-11 09:04 - 2016-02-06 10:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-02-11 09:04 - 2016-02-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-02-11 09:04 - 2016-02-06 10:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-02-11 09:04 - 2016-02-06 10:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-02-11 09:04 - 2016-02-06 10:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-02-11 09:04 - 2016-02-06 10:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-02-11 09:04 - 2016-02-06 09:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-02-11 09:04 - 2016-02-06 09:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-02-11 09:04 - 2016-02-06 09:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-02-11 09:04 - 2016-02-06 09:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-02-11 09:04 - 2016-02-06 09:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-02-11 09:04 - 2016-02-06 09:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-02-11 09:04 - 2016-02-06 09:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-02-11 09:04 - 2016-02-06 08:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-02-11 09:04 - 2016-01-22 20:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-02-11 09:04 - 2016-01-22 20:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-02-11 09:04 - 2016-01-22 06:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2016-02-11 09:04 - 2016-01-22 06:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2016-02-11 09:04 - 2016-01-22 06:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-02-11 09:04 - 2016-01-22 06:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-02-11 09:04 - 2016-01-22 06:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2016-02-11 09:04 - 2016-01-22 06:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2016-02-11 09:04 - 2016-01-22 06:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-02-11 09:04 - 2016-01-22 06:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2016-02-11 09:04 - 2016-01-22 06:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-02-11 09:04 - 2016-01-22 06:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-02-11 09:04 - 2016-01-22 06:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2016-02-11 09:04 - 2016-01-22 06:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2016-02-11 09:04 - 2016-01-22 06:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2016-02-11 09:04 - 2016-01-22 06:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-02-11 09:04 - 2016-01-22 06:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2016-02-11 09:04 - 2016-01-22 06:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2016-02-11 09:04 - 2016-01-22 06:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2016-02-11 09:04 - 2016-01-22 06:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-02-11 09:04 - 2016-01-22 06:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-02-11 09:04 - 2016-01-22 06:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-02-11 09:04 - 2016-01-22 06:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-02-11 09:04 - 2016-01-22 06:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-02-11 09:04 - 2016-01-22 06:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-02-11 09:04 - 2016-01-22 06:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2016-02-11 09:04 - 2016-01-22 06:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-02-11 09:04 - 2016-01-22 05:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-02-11 09:04 - 2016-01-22 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-02-11 09:04 - 2016-01-22 05:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-02-11 09:04 - 2016-01-22 05:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-02-11 09:04 - 2016-01-22 05:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-02-11 09:04 - 2016-01-22 05:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-02-11 09:04 - 2016-01-22 05:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-02-11 09:04 - 2016-01-22 05:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-02-11 09:04 - 2016-01-22 05:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2016-02-11 09:04 - 2016-01-22 05:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-02-11 09:04 - 2016-01-22 05:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-02-11 09:04 - 2016-01-22 05:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-02-11 09:04 - 2016-01-22 05:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-02-11 09:04 - 2016-01-22 05:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-02-11 09:04 - 2016-01-22 05:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-02-11 09:04 - 2016-01-22 05:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-02-11 09:04 - 2016-01-22 05:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-02-11 09:04 - 2016-01-22 05:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-02-11 09:04 - 2016-01-22 05:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-02-11 09:04 - 2016-01-22 05:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-02-11 09:04 - 2016-01-22 05:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-02-11 09:04 - 2016-01-22 05:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-02-11 09:04 - 2016-01-22 05:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-02-11 09:04 - 2016-01-22 05:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-02-11 09:04 - 2016-01-22 05:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-02-11 09:02 - 2016-01-22 06:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-02-11 09:02 - 2016-01-22 06:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-02-11 09:02 - 2016-01-22 06:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-02-11 09:02 - 2016-01-22 06:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-02-11 09:02 - 2016-01-22 06:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-02-11 09:02 - 2016-01-22 06:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2016-02-11 09:02 - 2016-01-22 06:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2016-02-11 09:02 - 2016-01-22 06:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2016-02-11 09:02 - 2016-01-22 06:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-02-11 09:02 - 2016-01-22 06:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-02-11 09:02 - 2016-01-22 06:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-02-11 09:02 - 2016-01-22 06:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-02-11 09:02 - 2016-01-22 06:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-02-11 09:02 - 2016-01-22 06:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2016-02-11 09:02 - 2016-01-22 06:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-02-11 09:02 - 2016-01-22 06:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-02-11 09:02 - 2016-01-22 06:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-02-11 09:02 - 2016-01-22 06:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
    2016-02-11 09:02 - 2016-01-22 06:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
    2016-02-11 09:02 - 2016-01-22 06:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2016-02-11 09:02 - 2016-01-22 06:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-02-11 09:02 - 2016-01-22 06:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-02-11 09:02 - 2016-01-22 06:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
    2016-02-11 09:02 - 2016-01-22 06:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-02-11 09:02 - 2016-01-22 06:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-02-11 09:02 - 2016-01-22 06:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-02-11 09:02 - 2016-01-22 06:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2016-02-11 09:02 - 2016-01-22 06:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-02-11 09:02 - 2016-01-22 06:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-02-11 09:02 - 2016-01-22 06:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2016-02-11 09:02 - 2016-01-22 06:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2016-02-11 09:02 - 2016-01-22 06:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-02-11 09:02 - 2016-01-22 06:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-02-11 09:02 - 2016-01-22 06:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 06:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-02-11 09:02 - 2016-01-22 06:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2016-02-11 09:02 - 2016-01-22 06:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-02-11 09:02 - 2016-01-22 06:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-02-11 09:02 - 2016-01-22 06:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-02-11 09:02 - 2016-01-22 06:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-02-11 09:02 - 2016-01-22 06:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-02-11 09:02 - 2016-01-22 06:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-02-11 09:02 - 2016-01-22 06:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2016-02-11 09:02 - 2016-01-22 06:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-02-11 09:02 - 2016-01-22 06:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-02-11 09:02 - 2016-01-22 06:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
    2016-02-11 09:02 - 2016-01-22 06:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
    2016-02-11 09:02 - 2016-01-22 06:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-02-11 09:02 - 2016-01-22 06:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-02-11 09:02 - 2016-01-22 06:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-02-11 09:02 - 2016-01-22 06:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
    2016-02-11 09:02 - 2016-01-22 06:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-02-11 09:02 - 2016-01-22 06:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
    2016-02-11 09:02 - 2016-01-22 06:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-02-11 09:02 - 2016-01-22 05:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2016-02-11 09:02 - 2016-01-22 05:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-02-11 09:02 - 2016-01-22 05:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-02-11 09:02 - 2016-01-22 04:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-02-11 09:02 - 2016-01-22 04:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-02-11 09:02 - 2016-01-22 04:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-02-11 09:02 - 2016-01-22 04:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-02-11 09:02 - 2016-01-22 04:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-02-11 09:02 - 2016-01-22 04:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2016-02-11 09:02 - 2016-01-22 04:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2016-02-11 09:02 - 2016-01-22 04:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2016-02-11 09:02 - 2016-01-22 04:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2016-02-11 09:02 - 2016-01-22 04:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-02-11 09:02 - 2016-01-22 04:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 04:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 04:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-22 04:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-02-11 09:02 - 2016-01-16 19:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2016-02-11 09:02 - 2016-01-16 18:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2016-02-11 09:02 - 2016-01-07 17:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-02-11 09:02 - 2016-01-07 17:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2016-02-11 09:02 - 2016-01-06 19:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2016-02-11 09:02 - 2016-01-06 19:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2016-02-11 09:02 - 2016-01-06 18:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2016-02-05 08:07 - 2016-02-05 08:07 - 00000000 ____D C:\Users\Public\Foxit Software
    2016-02-05 08:07 - 2016-02-05 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
    2016-02-04 08:10 - 2016-02-04 08:10 - 00000000 ____D C:\Windows\System32\Tasks\BullGuard
    2016-02-03 13:33 - 2016-02-03 13:33 - 00169120 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
    2016-02-03 13:33 - 2016-02-03 13:33 - 00147496 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
    2016-02-03 13:33 - 2016-02-03 13:33 - 00076568 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
    2016-02-03 13:33 - 2016-02-03 13:33 - 00061720 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
    2016-01-24 09:17 - 2015-12-11 18:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-01-24 09:17 - 2015-12-08 21:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2016-01-24 09:17 - 2015-12-08 21:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2016-01-24 09:17 - 2015-12-08 21:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
    2016-01-24 09:17 - 2015-12-08 21:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
    2016-01-24 09:17 - 2015-12-08 21:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
    2016-01-24 09:17 - 2015-12-08 21:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
    2016-01-24 09:17 - 2015-12-08 21:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
    2016-01-24 09:17 - 2015-12-08 21:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
    2016-01-24 09:17 - 2015-12-08 21:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
    2016-01-24 09:17 - 2015-12-08 21:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
    2016-01-24 09:17 - 2015-12-08 21:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
    2016-01-24 09:17 - 2015-12-08 21:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
    2016-01-24 09:17 - 2015-12-08 21:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2016-01-24 09:17 - 2015-12-08 21:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2016-01-24 09:17 - 2015-12-08 21:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
    2016-01-24 09:17 - 2015-12-08 21:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
    2016-01-24 09:17 - 2015-12-08 21:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
    2016-01-24 09:17 - 2015-12-08 21:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2016-01-24 09:17 - 2015-12-08 21:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2016-01-24 09:17 - 2015-12-08 21:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2016-01-24 09:17 - 2015-12-08 21:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
    2016-01-24 09:17 - 2015-12-08 21:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2016-01-24 09:17 - 2015-12-08 21:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
    2016-01-24 09:17 - 2015-12-08 21:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
    2016-01-24 09:17 - 2015-12-08 21:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
    2016-01-24 09:17 - 2015-12-08 21:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
    2016-01-24 09:17 - 2015-12-08 21:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
    2016-01-24 09:17 - 2015-12-08 21:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
    2016-01-24 09:17 - 2015-12-08 21:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2016-01-24 09:17 - 2015-12-08 21:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
    2016-01-24 09:17 - 2015-12-08 21:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
    2016-01-24 09:17 - 2015-12-08 21:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
    2016-01-24 09:17 - 2015-12-08 21:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2016-01-24 09:17 - 2015-12-08 21:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2016-01-24 09:17 - 2015-12-08 21:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
    2016-01-24 09:17 - 2015-12-08 21:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2016-01-24 09:17 - 2015-12-08 19:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2016-01-24 09:17 - 2015-12-08 19:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2016-01-24 09:17 - 2015-12-08 19:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2016-01-24 09:17 - 2015-12-08 19:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
    2016-01-24 09:17 - 2015-12-08 19:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
    2016-01-24 09:17 - 2015-12-08 19:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
    2016-01-24 09:17 - 2015-12-08 19:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2016-01-24 09:17 - 2015-12-08 19:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2016-01-24 09:17 - 2015-12-08 19:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2016-01-24 09:17 - 2015-12-08 19:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
    2016-01-24 09:17 - 2015-12-08 19:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2016-01-24 09:17 - 2015-12-08 19:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
    2016-01-24 09:17 - 2015-12-08 19:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2016-01-24 09:17 - 2015-12-08 19:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
    2016-01-24 09:17 - 2015-12-08 19:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
    2016-01-24 09:17 - 2015-12-08 19:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
    2016-01-24 09:17 - 2015-12-08 19:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2016-01-24 09:17 - 2015-12-08 19:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
    2016-01-24 09:17 - 2015-12-08 19:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
    2016-01-24 09:17 - 2015-12-08 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2016-01-24 09:17 - 2015-12-08 19:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2016-01-24 09:17 - 2015-12-08 18:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
    2016-01-24 09:17 - 2015-12-08 18:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
    2016-01-24 09:17 - 2015-12-08 18:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
    2016-01-24 09:17 - 2015-11-16 20:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2016-01-24 09:17 - 2015-11-13 23:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
    2016-01-24 09:17 - 2015-11-13 23:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
    2016-01-24 09:17 - 2015-11-13 23:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
    2016-01-24 09:17 - 2015-11-13 22:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
    2016-01-24 09:17 - 2015-11-13 22:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
    2016-01-24 09:17 - 2015-11-13 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
    2016-01-24 09:16 - 2015-12-08 21:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2016-01-24 09:16 - 2015-12-08 19:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-23 22:11 - 2013-06-05 14:42 - 00000000 ____D C:\ProgramData\BullGuard
    2016-02-23 22:07 - 2009-07-14 05:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-02-23 22:07 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
    2016-02-23 21:35 - 2014-01-13 10:25 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
    2016-02-23 21:32 - 2014-10-27 18:20 - 00064024 _____ C:\Users\CHARLIE ADMIN\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-02-23 07:43 - 2009-07-14 04:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-02-23 07:43 - 2009-07-14 04:45 - 00028928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-02-23 07:35 - 2013-11-08 11:20 - 00000356 _____ C:\Windows\system32\config\afw_hm.conf
    2016-02-23 07:35 - 2013-11-08 11:20 - 00000004 _____ C:\Windows\system32\config\afw_db.conf
    2016-02-23 07:35 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-02-22 22:50 - 2014-03-07 09:17 - 00000000 ____D C:\Users\Charlie\AppData\Local\DoNotTrackPlus
    2016-02-21 10:43 - 2014-12-04 22:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-02-21 10:41 - 2013-11-08 11:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-02-11 11:40 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
    2016-02-11 09:13 - 2009-07-14 04:45 - 00294496 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-02-11 09:12 - 2011-04-12 08:28 - 00000000 ____D C:\Program Files\Windows Journal
    2016-02-11 09:11 - 2013-10-31 14:44 - 00000000 ____D C:\Windows\system32\MRT
    2016-02-11 09:08 - 2013-06-05 13:32 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-02-11 08:23 - 2014-06-14 08:39 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-02-11 08:23 - 2014-06-14 08:39 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-11 08:23 - 2013-11-09 18:37 - 00000000 ____D C:\Users\Charlie\AppData\Local\Adobe
    2016-02-11 08:22 - 2014-09-24 08:34 - 00000000 ____D C:\Users\CHARLIE ADMIN\AppData\Local\Adobe
    2016-02-05 08:07 - 2013-11-08 13:22 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\Foxit Software
    2016-01-24 10:07 - 2013-11-13 11:19 - 00000000 ____D C:\Program Files\Adblock Plus for IE
    2016-01-24 10:06 - 2013-11-13 11:19 - 00000000 ____D C:\Users\Charlie\AppData\LocalLow\Adblock Plus for IE

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-18 10:43

    ==================== End of FRST.txt ============================




    Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
    Ran by CHARLIE ADMIN (2016-02-23 22:12:44)
    Running from C:\Users\Charlie\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2013-11-08 11:21:03)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-606865524-3492198832-1852018503-500 - Administrator - Disabled)
    Charlie (S-1-5-21-606865524-3492198832-1852018503-1000 - Limited - Enabled) => C:\Users\Charlie
    CHARLIE ADMIN (S-1-5-21-606865524-3492198832-1852018503-1003 - Administrator - Enabled) => C:\Users\CHARLIE ADMIN
    Guest (S-1-5-21-606865524-3492198832-1852018503-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-606865524-3492198832-1852018503-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: BullGuard Antivirus (Disabled - Out of date) {EDBB5818-2352-E06B-028A-4E6873B92CC5}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: BullGuard Antispyware (Disabled - Out of date) {56DAB9FC-0568-EFE5-383A-751A083E6678}
    FW: BullGuard Firewall (Enabled) {D580D93D-693D-E133-29D5-E75D8D6A6BBE}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
    Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
    Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
    BullGuard (HKLM\...\BullGuard) (Version: 16.0 - BullGuard Ltd.)
    Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)
    Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
    Canon MG2500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2500_series) (Version: 1.00 - Canon Inc.)
    Canon MG2500 series On-screen Manual (HKLM-x32\...\Canon MG2500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
    Canon MG2500 series User Registration (HKLM-x32\...\Canon MG2500 series User Registration) (Version: - *Canon Inc.)
    Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
    Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
    Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
    Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Do Not Track Me Add-on 2.2.9.1112 (HKLM-x32\...\Do Not Track Me Add-on_is1) (Version: 2.2.9.1112 - Abine Inc)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
    Ixquick Toolbar (HKLM-x32\...\IXQUICKTB.IXQUICKTBToolbar) (Version: - )
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
    OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TL-WN881ND Driver (HKLM-x32\...\{B512F025-E992-44D0-B1F4-D6E1D3339C80}) (Version: 1.0.0 - TP-LINK)
    UPSilon 2000 (HKLM-x32\...\{E592E668-89A9-4098-B70C-0C2D59FB15CA}) (Version: 3.00 - Megatec)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {70F7C5B0-8478-4E5C-80ED-6B3A84D7D8DD} - System32\Tasks\BullGuard\BullGuardUpdate2 => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2016-02-03] (BullGuard Ltd.)
    Task: {B6493117-B4D5-4361-A214-FB3B1F781CDE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-02-03 15:33 - 2016-02-03 13:33 - 00727320 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
    2016-02-03 15:33 - 2016-02-03 13:33 - 00083736 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
    2016-02-03 15:33 - 2016-02-03 13:33 - 00644888 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
    2016-02-03 15:33 - 2016-02-03 13:33 - 00644888 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
    2016-02-03 15:33 - 2016-02-03 13:33 - 00083736 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
    2012-12-14 01:42 - 2012-12-14 01:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2016-02-03 15:33 - 2016-02-03 13:33 - 00727320 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
    2013-11-18 13:01 - 2011-03-07 22:09 - 00032768 _____ () C:\Program Files (x86)\Megatec\UPSilon 2000\UPSOW.exe
    2016-02-03 15:33 - 2016-02-03 13:33 - 00064792 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-606865524-3492198832-1852018503-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    HKU\S-1-5-21-606865524-3492198832-1852018503-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\CHARLIE ADMIN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{0916C2F9-2B1A-48A0-8605-E2EC45EAEB5A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{34F5220E-60AE-4A92-B474-0FA85507BA66}] => (Allow) LPort=2869
    FirewallRules: [{2500B4BF-0D01-44B3-B97C-BF86F528E0A5}] => (Allow) LPort=1900
    FirewallRules: [{0E74E2BF-269D-46FF-A19E-5E11D2F54052}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{D86B6FFF-4A52-4ABE-AE1D-A221B6053666}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{659DA7B4-E089-40C4-AE36-912C8A6D44E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{04D3A1FF-F46D-4783-93CA-22B4981D3ACF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Restore Points =========================

    24-01-2016 09:19:06 Windows Update
    24-01-2016 09:59:26 Installed Adblock Plus for IE (32-bit and 64-bit)
    31-01-2016 11:10:27 Scheduled Checkpoint
    08-02-2016 00:00:03 Scheduled Checkpoint
    11-02-2016 09:04:48 Windows Update
    18-02-2016 10:50:15 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name: TP-LINK 300Mbps Wireless N Adapter
    Description: TP-LINK 300Mbps Wireless N Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: TP-LINK
    Service: athr
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/23/2016 10:01:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 21.2.2016.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: a94

    Start Time: 01d16e8567264df5

    Termination Time: 60000

    Application Path: C:\Users\Charlie\Desktop\FRST64.exe

    Report Id: b4a99325-da78-11e5-bcda-08606ee7faa3

    Error: (02/23/2016 09:59:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program FRST64.exe version 21.2.2016.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1090

    Start Time: 01d16e8552825766

    Termination Time: 2

    Application Path: C:\Users\Charlie\Desktop\FRST64.exe

    Report Id: 9bdcc548-da78-11e5-bcda-08606ee7faa3

    Error: (02/23/2016 07:37:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/22/2016 08:23:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/21/2016 10:45:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/21/2016 10:42:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/21/2016 09:39:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/20/2016 08:18:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/19/2016 05:13:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (02/18/2016 09:05:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (02/23/2016 10:05:47 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk5\DR5.

    Error: (02/23/2016 10:05:45 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk5\DR5.

    Error: (02/23/2016 07:35:19 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 00:10:12 on ‎23/‎02/‎2016 was unexpected.

    Error: (02/22/2016 08:27:38 AM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

    Error: (02/22/2016 08:21:49 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 23:43:15 on ‎21/‎02/‎2016 was unexpected.

    Error: (02/21/2016 10:43:21 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 10:42:07 on ‎21/‎02/‎2016 was unexpected.

    Error: (02/21/2016 10:40:13 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 10:39:26 on ‎21/‎02/‎2016 was unexpected.

    Error: (02/21/2016 09:37:32 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 23:29:30 on ‎20/‎02/‎2016 was unexpected.

    Error: (02/20/2016 08:16:21 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 22:29:06 on ‎19/‎02/‎2016 was unexpected.

    Error: (02/19/2016 05:12:13 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 23:11:02 on ‎18/‎02/‎2016 was unexpected.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
    Percentage of memory in use: 24%
    Total physical RAM: 8070.57 MB
    Available physical RAM: 6060.76 MB
    Total Virtual: 16139.36 MB
    Available Virtual: 13877.53 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.66 GB) (Free:416.89 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B19CFAED)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

  12. #9
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi Steph,

    Thank you for the logs...

    I found a leftover driver from BitDefender. See below:

    R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [477272 2015-10-15] (BitDefender S.R.L.)

    If you feel comfortable doing so, follow that path into your C:\ drive then right click and delete that file. If you are not comfortable doing so, I can include it in a fix script for FRST to delete for you.

    I asked Joe (zep516) to have a look at your log to see if I overlooked anything. I really was hoping that UpdateChecker would be found in the Addition.txt and that it would be hidden, but it's not there and the only thing I see is that folder ...

    C:\Program Files (x86)\FileHippo.com < this one

    Before I choose to delete the folder Joe suggested that I have you run the following program first to see if it silently running someplace other than where it should be. Please do as follows:

    Download Silent Runners
    1. Unzip/extract the file to its own folder > C:\Silent Runners.
    2. Right-click (to run as Administrator) the SilentRunners.vbs inside the folder or on your desktop to start.
    3. A message box will appear asking if you want to skip the supplemental searches.
    4. Press "Yes" to skip [default] or "No" to include them.
    5. Another message box will appear saying: "Silent Runners has started.
    6. A message box like this will appear when its done.

      "The tool will scan your system and create a log by default, in the same directory as the script or one your desktop. The log is named "Startup Programs (ComputerName) date/timestamp.txt".
    7. When finished, the next message to appear will say: "All Done! the results are in the file..." (it will provide the full path location of the log.)
    8. Copy & paste the log in your next reply.


    Note: If you have a script blocking program you may get a warning asking if you want to allow the script to run. Some will say "malicious script warning" or something to that effect. There is nothing malicious about this script, you can click to allow it to execute.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  13. The Following User Says Thank You to DonnaB For This Useful Post:


  14. #10
    Member Steph's Avatar
    Join Date
    Nov 2004
    Location
    London, UK
    Posts
    954
    Points
    60

    Default

    Hi again Donna (and Joe, of course!) *waves* Thank you both for your time on this

    SilentRunner scan results below, as instructed.

    I followed the path and found the Trufos.sys file but it didn't show the numbers in brackets after the file name that you noted so I would feel more comfortable if you included it in a fix script - thank you.

    Donna, truly, I take my hat off to you, this stuff is utterly incomprehensible to me



    "Silent Runners.vbs", revision 69.2, Silent Runners - Adware? Disinfect, don't reformat!
    Operating System: Microsoft Windows 7 Home Premium Service Pack 1 (64-bit)
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    CCleaner Monitoring = "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [Piriform Ltd]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
    HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation]
    Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation]
    BullGuard = "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot [BullGuard Ltd.]

    HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\

    {66C64F22-FC60-4E6C-A6B5-F0D580E680CE}\(Default) = Enable TLS1.1 and 1.2
    \StubPath = C:\Windows\System32\ie4uinit.exe -EnableTLS [MS]

    {6BF52A52-394A-11d3-B153-00C04F79FAA6}\(Default) = Microsoft Windows Media Player
    \StubPath = C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI [MS]

    {7D715857-A67C-4C2F-A929-038448584D63}\(Default) = Disable SSL3
    \StubPath = C:\Windows\System32\ie4uinit.exe -DisableSSL3 [MS]

    {89820200-ECBD-11cf-8B85-00AA005B4340}\(Default) = Windows Desktop Update
    \StubPath = regsvr32.exe /s /n /i:U shell32.dll [MS]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\

    {6BF52A52-394A-11d3-B153-00C04F79FAA6}\(Default) = Microsoft Windows Media Player
    \StubPath = C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI [MS]

    {89820200-ECBD-11cf-8B85-00AA005B4340}\(Default) = Windows Desktop Update
    \StubPath = regsvr32.exe /s /n /i:U shell32.dll [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\(Default) = Canon Easy-WebPrint EX BHO
    -> {HKLM...CLSID} = Canon Easy-WebPrint EX BHO
    \InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [CANON INC.]
    -> {HKLM...Wow...CLSID} = Canon Easy-WebPrint EX BHO
    \InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [CANON INC.]

    {6E45F3E8-2683-4824-A6BE-08108022FB36}\(Default) = (no title provided)
    -> {HKLM...CLSID} = Do Not Track Me
    \InProcServer32\(Default) = C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll [Abine Inc]
    -> {HKLM...Wow...CLSID} = Do Not Track Me
    \InProcServer32\(Default) = C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll [Abine Inc]

    {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
    -> {HKLM...CLSID} = Windows Live ID Sign-in Helper
    \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
    -> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
    \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

    {FFCB3198-32F3-4E8B-9539-4324694ED664}\(Default) = (no title provided)
    -> {HKLM...CLSID} = Adblock Plus for IE Browser Helper Object
    \InProcServer32\(Default) = C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [Eyeo GmbH]
    -> {HKLM...Wow...CLSID} = Adblock Plus for IE Browser Helper Object
    \InProcServer32\(Default) = C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [Eyeo GmbH]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\(Default) = Canon Easy-WebPrint EX BHO
    -> {HKLM...CLSID} = Canon Easy-WebPrint EX BHO
    \InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [CANON INC.]
    -> {HKLM...Wow...CLSID} = Canon Easy-WebPrint EX BHO
    \InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [CANON INC.]

    {6E45F3E8-2683-4824-A6BE-08108022FB36}\(Default) = (no title provided)
    -> {HKLM...CLSID} = Do Not Track Me
    \InProcServer32\(Default) = C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll [Abine Inc]
    -> {HKLM...Wow...CLSID} = Do Not Track Me
    \InProcServer32\(Default) = C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll [Abine Inc]

    {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
    -> {HKLM...CLSID} = Windows Live ID Sign-in Helper
    \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
    -> {HKLM...Wow...CLSID} = Windows Live ID Sign-in Helper
    \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

    {C5CAA6CD-8EE4-40a3-92E0-385561406C50}\(Default) = IXQUICKTB
    -> {HKLM...Wow...CLSID} = IXQUICKTB Class
    \InProcServer32\(Default) = C:\PROGRA~2\IXQUIC~1\ix_quick.dll [IE Toolbar]

    {FFCB3198-32F3-4E8B-9539-4324694ED664}\(Default) = (no title provided)
    -> {HKLM...CLSID} = Adblock Plus for IE Browser Helper Object
    \InProcServer32\(Default) = C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [Eyeo GmbH]
    -> {HKLM...Wow...CLSID} = Adblock Plus for IE Browser Helper Object
    \InProcServer32\(Default) = C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [Eyeo GmbH]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

    BackupOverlayErr\(Default) = {8749448C-D907-45BF-A842-4D3898894AC8}
    -> {HKLM...CLSID} = BackupOverlayErr Class
    \InProcServer32\(Default) = C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [BullGuard Ltd.]

    BackupOverlayInProgress\(Default) = {3FFBF330-7839-476B-BE14-2C8597CE11B6}
    -> {HKLM...CLSID} = BackupOverlayInProgress Class
    \InProcServer32\(Default) = C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [BullGuard Ltd.]

    BackupOverlaySynced\(Default) = {C62CF4DB-48CB-4B03-BFD0-30A29125FA49}
    -> {HKLM...CLSID} = BackupOverlaySynced Class
    \InProcServer32\(Default) = C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [BullGuard Ltd.]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    {AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice Property Handler
    -> {HKLM...CLSID} = OpenOffice Property Handler
    \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll [Apache Software Foundation]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    {AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice Property Handler
    -> {HKLM...Wow...CLSID} = OpenOffice Property Handler
    \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl.dll [Apache Software Foundation]

    {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice Column Handler
    -> {HKLM...Wow...CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

    {087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice Infotip Handler
    -> {HKLM...Wow...CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

    {63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice Property Sheet Handler
    -> {HKLM...Wow...CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

    {3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice Thumbnail Viewer
    -> {HKLM...Wow...CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

    Foxit_ConvertToPDF_Reader\(Default) = {A94757A0-0226-426F-B4F1-4DF381C630D3}
    -> {HKLM...CLSID} = ConvertToPDF Class
    \InProcServer32\(Default) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [Foxit Software Inc.]

    {F4BF1657-195F-4A0F-ACA2-9AE99D65BC0E}\(Default) = (no title provided)
    -> {HKLM...CLSID} = BgShellExt Class
    \InProcServer32\(Default) = C:\Program Files\BullGuard Ltd\BullGuard\BgShellExt.dll [BullGuard Ltd.]

    HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

    BackupCopyHook\(Default) = {9458E603-FF43-4134-9036-04B4C71791E3}
    -> {HKLM...CLSID} = BackupCopyHook Class
    \InProcServer32\(Default) = C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [BullGuard Ltd.]

    HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

    igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
    -> {HKLM...CLSID} = GraphicsShellExt Class
    \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]

    HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

    {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice Column Handler
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll [Apache Software Foundation]
    -> {HKLM...Wow...CLSID} = (no title provided)
    \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

    bgshellext\(Default) = {F4BF1657-195F-4A0F-ACA2-9AE99D65BC0E}
    -> {HKLM...CLSID} = BgShellExt Class
    \InProcServer32\(Default) = C:\Program Files\BullGuard Ltd\BullGuard\BgShellExt.dll [BullGuard Ltd.]


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    Wallpaper = C:\Users\CHARLIE ADMIN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg


    Windows Portable Device AutoPlay Handlers
    -----------------------------------------

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

    MSPlayCDAudioOnArrival\
    Provider = @wmploc.dll,-6502
    InvokeProgID = WMP.AudioCD
    InvokeVerb = play
    HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

    MSPlayDVDMovieOnArrival\
    Provider = @wmploc.dll,-6502
    InvokeProgID = WMP.DVD
    InvokeVerb = play
    HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /deviceVD "%L" [MS]

    MSPlaySuperVideoCDMovieOnArrival\
    Provider = @wmploc.dll,-6502
    InvokeProgID = WMP.VCD
    InvokeVerb = play
    HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

    MSPlayVideoCDMovieOnArrival\
    Provider = @wmploc.dll,-6502
    InvokeProgID = WMP.VCD
    InvokeVerb = play
    HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

    MSWMPBurnCDOnArrival\
    Provider = @wmploc.dll,-6502
    InvokeProgID = WMP.BurnCD
    InvokeVerb = Burn
    HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

    WIA_{5C48BF96-0ADA-4D18-8C4C-3F73E00F6FAA}\
    Provider = Foxit Reader
    CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
    InitCmdLine = /WiaCmd;C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe /Scan %1 /Event %2;
    -> {HKLM...CLSID} = WPDShextAutoplay
    \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]


    Startup items in "CHARLIE ADMIN" & "All Users" startup folders:
    ---------------------------------------------------------------

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++}
    Rupsmon Daemon -> shortcut to: C:\Program Files (x86)\Megatec\UPSilon 2000\Monw32.exe [Mega System Technologies, Inc.]


    Non-disabled Scheduled Tasks: {++}
    -----------------------------

    C:\Windows\System32\Tasks
    CCleanerSkipUAC -> launches: "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) [Piriform Ltd]
    CreateChoiceProcessTask -> launches: C:\Windows\System32\browserchoice.exe /launch [MS]

    C:\Windows\System32\Tasks\BullGuard
    BullGuardUpdate2 -> launches: c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [BullGuard Ltd.]

    C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
    AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
    -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
    \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
    -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
    \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
    AitAgent -> launches: aitagent [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
    Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
    UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
    SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
    -> {HKLM...CLSID} = Certificate Services Client Task Handler
    \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
    -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
    \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
    UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
    -> {HKLM...CLSID} = Certificate Services Client Task Handler
    \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
    -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
    \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
    Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
    KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
    -> {HKLM...CLSID} = KernelCeipCustomHandler
    \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
    UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
    -> {HKLM...CLSID} = UsbCeip
    \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
    -> {HKLM...Wow...CLSID} = UsbCeip
    \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
    ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
    Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
    -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
    \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Location
    Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
    WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
    -> {HKLM...CLSID} = WinSAT Task Manger Task
    \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
    -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
    \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
    ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
    ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
    DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
    ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
    InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
    mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
    mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS]
    MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
    ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
    OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
    OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
    PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
    PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
    PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
    PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
    PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
    RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
    ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
    SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
    StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
    UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
    CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
    -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
    \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
    DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
    -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
    \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
    HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
    -> {HKLM...CLSID} = HotStart User Agent
    \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\MUI
    LPRemove -> launches: %windir%\system32\lpremove.exe [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
    SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
    -> {HKLM...CLSID} = Microsoft PlaySoundService Class
    \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
    -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
    \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
    GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

    C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
    AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\RAC
    RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
    -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
    \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
    -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
    \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Ras
    MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
    -> {HKLM...CLSID} = RasMobilityManager
    \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Registry
    RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
    -> {HKLM...CLSID} = RegistryIdleBackupHandler
    \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
    RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
    GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
    -> {HKLM...CLSID} = GadgetsManager Class
    \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
    SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
    Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
    -> {HKLM...CLSID} = RunTask
    \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
    -> {HKLM...Wow...CLSID} = RunTask
    \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
    IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
    IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
    MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
    -> {HKLM...CLSID} = MsCtfMonitor task handler
    \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
    -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
    \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
    SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
    UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\WDI
    ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
    -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
    \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
    -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
    \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
    ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
    ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
    QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
    BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
    UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
    ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
    CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
    -> {HKLM...CLSID} = Wininet Cache task object
    \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
    -> {HKLM...Wow...CLSID} = Wininet Cache task object
    \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

    C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
    Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
    -> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater
    \InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
    000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
    000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
    000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
    000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
    000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
    000000000007\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
    000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
    000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
    000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
    000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
    000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
    000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
    000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
    000000000007\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
    000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]

    Transport Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 10

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 10


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
    {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} = Canon Easy-WebPrint EX
    -> {HKLM...CLSID} = Canon Easy-WebPrint EX
    \InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [CANON INC.]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
    {70F241F6-52AB-4D45-993E-C1C09920095B} = (no title provided)
    -> {HKLM...Wow...CLSID} = Ixquick Toolbar
    \InProcServer32\(Default) = C:\Program Files (x86)\Ixquick Toolbar\ix_quick.dll [IE Toolbar]

    {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} = Canon Easy-WebPrint EX
    -> {HKLM...Wow...CLSID} = Canon Easy-WebPrint EX
    \InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.]

    Explorer Bars

    HKLM\SOFTWARE\Classes\CLSID\{21347690-EC41-4F9A-8887-1F4AEE672439}\(Default) = Canon Easy-WebPrint EX
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [CANON INC.]

    HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{21347690-EC41-4F9A-8887-1F4AEE672439}\(Default) = Canon Easy-WebPrint EX
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [CANON INC.]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {27FD17FB-CF63-486B-B2BE-8D8781CBEA01}\
    ButtonText = Report to BullGuard
    CLSIDExtension = {27FD17FB-CF63-486b-B2BE-8D8781CBEA01}
    -> {HKLM...CLSID} = BGIEToolbarButton Class
    \InProcServer32\(Default) = C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll [BullGuard Ltd.]

    {6E45F3E8-2683-4824-A6BE-08108022FB36}\
    ButtonText = Do Not Track Me (c) Abine
    CLSIDExtension = {23249465-AA46-4DED-BD4B-8EFB20F968FE}
    -> {HKLM...CLSID} = BandButton Class
    \InProcServer32\(Default) = C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll [Abine Inc]

    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
    {27FD17FB-CF63-486B-B2BE-8D8781CBEA01}\
    ButtonText = Report to BullGuard
    CLSIDExtension = {27FD17FB-CF63-486b-B2BE-8D8781CBEA01}
    -> {HKLM...Wow...CLSID} = BGIEToolbarButton Class
    \InProcServer32\(Default) = C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIE.dll [BullGuard Ltd.]

    {6E45F3E8-2683-4824-A6BE-08108022FB36}\
    ButtonText = Do Not Track Me (c) Abine
    CLSIDExtension = {23249465-AA46-4DED-BD4B-8EFB20F968FE}
    -> {HKLM...Wow...CLSID} = BandButton Class
    \InProcServer32\(Default) = C:\Program Files (x86)\DoNotTrackPlus\IE\DNTPAddon.dll [Abine Inc]


    Miscellaneous IE Hijack Points
    ------------------------------

    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
    <<H>> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    BullGuard backup service, BsBackup, C:\Windows\System32\SvcHost.exe -k BullGuard_Backup {C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [BullGuard Ltd.]}
    BullGuard Behavioural Detection, BsBhvScan, C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [BullGuard Ltd.]
    BullGuard CODS service, BsCache, C:\Windows\System32\SvcHost.exe -k BullGuard_Cache {C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [BullGuard Ltd.]}
    BullGuard e-mail monitoring service, BsMailProxy, C:\Windows\System32\SvcHost.exe -k BullGuard_Proxy {c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [BullGuard Ltd.]}
    BullGuard firewall service, BsFire, C:\Windows\System32\SvcHost.exe -k BullGuard {c:\program files\bullguard ltd\bullguard\BsFire.dll [BullGuard Ltd.]}
    BullGuard main service, BsMain, C:\Windows\System32\SvcHost.exe -k BullGuard_Main {c:\program files\bullguard ltd\bullguard\bsmain.dll [BullGuard Ltd.]}
    BullGuard on-access service, BsFileScan, C:\Windows\System32\SvcHost.exe -k BullGuard {c:\program files\bullguard ltd\bullguard\BsFileScan.dll [BullGuard Ltd.]}
    BullGuard scanning service, BsScanner, C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [BullGuard Ltd.]
    BullGuard update service, BsUpdate, C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [BullGuard Ltd.]
    UPS Auto-Protect, Rupsmon, C:\Program Files (x86)\Megatec\UPSilon 2000\RupsMon.exe [Mega System Technologies, Inc.]
    USB UPS of Megatec, USBMate, C:\Program Files (x86)\Megatec\UPSilon 2000\USBMate.exe [Mega Corp.]
    Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]


    Safe Mode Drivers & Services (subkey name, subkey default value):
    -----------------------------------------------------------------

    HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

    <<!>> BsMain, Service
    <<!>> BsScanner, Service

    HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

    <<!>> BsMain, Service
    <<!>> BsScanner, Service
    <<!>> BsUpdate, Service


    Print Monitors:
    ---------------

    HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
    Canon BJ Language Monitor MG2500 series\Driver = CNMLMBX.DLL [CANON INC.]
    Canon BJ Language Monitor MP480 series\Driver = CNMLM9F.DLL [CANON INC.]


    ---------- (launch time: 2016-02-24 08:18:13)
    <<!>>: Suspicious data at a malware launch point.
    <<H>>: Suspicious data at a browser hijack point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    ---------- (total run time: 42 seconds, including 18 seconds for message boxes)
    Today is the dawn of another error ...



    Intel Core i3-3240 @ 3.4GHz;
    RAM 8.0 GB;
    Windows 7 Home Prem SP1 64 bit
    Firefox; IE11

Page 1 of 4 123 ... LastLast