Installation issues

January 11, 2017, 9:33 am

≫ Next: CLAMPI VIRUS SCARE,SCAM, or WHAT!!!!

≪ Previous: Crashes especially on restarting windows 10 from desktop

I installed Spybot, but when it was through with the installation and got to the portion of updates for downloading a windows-10-installer of some kind, the update hung up and after trying stopping/restarting the update and rebooting my computer and still having no effect I uninstalled. But a post-Windows 10 installer popped up the next time I restarted, long story short now that I've tried just to uninstall Spybot S&D everytime that I restarted my computer afterwards the Windows 10 post installer pops up. I settled on just having it installed but not running and removed it from windows startup, but it keeps adding itself. Anyone know what to do? :sad:

↧

CLAMPI VIRUS SCARE,SCAM, or WHAT!!!!

January 11, 2017, 9:41 am

≫ Next: Live Protection Question

≪ Previous: Installation issues

what am I dealing with , if I suspect an infection/ data compromised, on one of my computers....and would a SPYBOT scan give me any alerts to such a problem????? THANKS IN ADVANCE

↧

Live Protection Question

January 11, 2017, 11:22 am

≫ Next: Manual Removal Guide for Ad.BrowseSmart

≪ Previous: CLAMPI VIRUS SCARE,SCAM, or WHAT!!!!

or the admin at hand...i noticed this thread as i was looking for the problem i'm having and it appears this thread is about what i'd be looking for, but i see no replies from the poster as though it was resolved. if i may pick up where this stopped? or if not direct me to start a new thread please.
i purchased spybot home ver. 2.4.40.0/start center 2.4.40.0.130 in december 2016 i believe, i run windows 10, and firefox ver. 50.0. i am including a screenshot of the activity as it happens once i click on a link usually. it appears in the bottom right corner just above the task bar. usually, or it seems to be getting worse in time, the link loading won't open. not as in a time out but it just doesn't load all the page or is blank. this started about 4-5 days ago. troubleshooting with help i was directed that a driver in spybot failed or was missing to uninstall and upon rebooting and reinstalling it would load the driver. another option was to open immunization and select "undo" which i did. as i was closing spybot i got the "runtime error 216 at 5003A116" prompt. i closed it and continued to see the scan window pop up still. i started to do this and not knowing what to do i'd rather ask, do i do the uninstall and reboot then reinstall or??? thank you!

rb

edit: i also noticed in the top right spybot window that live coverage was partial with an orange flag, then below that was internet protection is off. is this because i deactivated live? or? all it shows in the internet pretection tab is about proxies.
------------------------------------------------------------

Admin Edit: Split off from https://forums.spybot.info/showthrea...ive-Protection

Attached Images

1Untitled.jpg (94.1 KB)
scan.jpg (37.1 KB)

↧

Manual Removal Guide for Ad.BrowseSmart

January 13, 2017, 6:30 am

≫ Next: Google Pixel

≪ Previous: Live Protection Question

The following instructions have been created to help you to get rid of "Ad.BrowseSmart" manually.
Use this guide at your own risk; software should... Continue reading →
The post Manual Removal Guide for Ad.BrowseSmart appeared first on Spybot Anti-malware and Antivirus.

More...

↧

Google Pixel

January 15, 2017, 4:42 pm

≫ Next: Update Error - same here

≪ Previous: Manual Removal Guide for Ad.BrowseSmart

I purchased Spybot, Home Edition and use Google Chrome as my web browser, can I sync Spybot, with my Google Pixel and get real time protection?

↧

Update Error - same here

January 15, 2017, 4:53 pm

≫ Next: Spybot fails to update

≪ Previous: Google Pixel

Split from: https://forums.spybot.info/showthrea...ht=#post474012

Quote:

Originally Posted by Gooboy911

I have been trying to install the free version, since last night. I complete the update, and when I try to scan my system I am redirected to the update. Again, I try to update, but the update states that I am updated. I uninstalled/re-installed... Now, when I try to update the below is what I am getting. The update has been stuck on that process for almost 3 hours. I went ahead and stopped. I snipped a view for your review.

Capture.PNG

I just installed the free version, and have been having the same problem as the original poster. When I start a scan, it says "Missing Signatures". When I Update, I get:

"[00:17.793] [.] Trying to retrieve update info file from http://updates3.safer-networking.org/spybotsd2.uid...
[00:18.795] [-] Did not retrieved update info file (attempt 3 of 3).
[00:19.797] [.] Info file part done.
[00:19.800] [+] The antispyware signatures are up to date.
[00:19.801]"

I am running Windows 10 on a PC. I have tried running everything as Administrator (which hasn't helped). Is there some setting I have to change, or is this happening because I had to re-install SpyBot after an older version mysteriously disappeared from my PC?

↧

Spybot fails to update

January 15, 2017, 8:05 pm

≫ Next: PC Cleaner & other stuff

≪ Previous: Update Error - same here

It started doing so, then w/out asking, it rebooted my system, & then after that it said it was DL'ing updates, & it was taking an eternity on CABLE INTERNET, & it said it was DL'ing the latest installer-even though I already HAD the latest one. So, I closed it out & kept trying w/out success. So, I closed it out DL'd the latest one AGAIN! Installed it & the damn thing will NOT update at all now, saying it failed! It just says an error occurred, but doesn't say what! Not very helpful at all! & even when I click on "SH0ow Details., it looks as though all but one update Dl'd & installed successfully. Now, it finally updated, but WHY all the probs? Oh & one more thingm why does it not support other browsers besides M$ I.E.?

↧

PC Cleaner & other stuff

January 16, 2017, 12:19 pm

≫ Next: I'm back and need help

≪ Previous: Spybot fails to update

Hi everyone,

Happy New Year!

Against my better judgement I downloaded a "game" for my son. Roblox - registered & downloaded a game that he wanted to play (he's 9) which in turn downloaded a whole load of stuff I didn't want. PC Cleaner, Chrimine Browser, Avast Malware Security and a couple of other bits which I can't seem to find.

I've uninstalled the Avast & Chrimine Borwser but can't uninstall PC Cleaner - keep getting error message to say that it doesn't exist, although I keep getting security messages & program opening asking me to run a scan.

I can't use chrome which is the main browser I was using - now using Edge as chrome won't even open - has an extension added to Chrome, think it was the Avast one. Sorry I'm not much help, but I didn't see all the programs that were popping up.

Thank in advance.

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by HP (administrator) on HP-PC (16-01-2017 17:55:32)
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available Profiles: HP & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Users\HP\AppData\Roaming\Event Monitor\em.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn64.exe
(VoiceFive, Inc.) C:\Program Files (x86)\PremierOpinion\pmropn32.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391832 2014-08-14] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-25] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26287016 2017-01-06] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-855933916-2125327620-179708743-1000\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-855933916-2125327620-179708743-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9539800 2016-12-15] (Piriform Ltd)
HKU\S-1-5-21-855933916-2125327620-179708743-1000\...\Run: [Chromium] => c:\users\hp\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-11-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a8c22286-6a91-4942-a71a-578e3d25f0e2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bitmontr_17_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzztD0CtCyC0E0EtDtC0CzytDyByBtDtAtN0D0Tzu0StCzzyEtBtN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBzyzyzytByDtDyBtGyCyEtCyCtGyBtAzy0CtGyBtDyByCtG0C0AyB0FyE0A0CtDtAyCzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0C0FtC0E0D0F0CtGzzyDyByCtGyE0E0CyCtGzzzyyDzztG0BzztBtB0CzyyDyB0A0DyE0E2QtN0A0LzutB%26cr%3D1878678671%26a%3Dwbf_bitmontr_17_03%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bitmontr_17_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzztD0CtCyC0E0EtDtC0CzytDyByBtDtAtN0D0Tzu0StCzzyEtBtN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBzyzyzytByDtDyBtGyCyEtCyCtGyBtAzy0CtGyBtDyByCtG0C0AyB0FyE0A0CtDtAyCzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0C0FtC0E0D0F0CtGzzyDyByCtGyE0E0CyCtGzzzyyDzztG0BzztBtB0CzyyDyB0A0DyE0E2QtN0A0LzutB%26cr%3D1878678671%26a%3Dwbf_bitmontr_17_03%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKU\S-1-5-21-855933916-2125327620-179708743-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bitmontr_17_03&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzztD0CtCyC0E0EtDtC0CzytDyByBtDtAtN0D0Tzu0StCzzyEtBtN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBzyzyzytByDtDyBtGyCyEtCyCtGyBtAzy0CtGyBtDyByCtG0C0AyB0FyE0A0CtDtAyCzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0C0FtC0E0D0F0CtGzzyDyByCtGyE0E0CyCtGzzzyyDzztG0BzztBtB0CzyyDyB0A0DyE0E2QtN0A0LzutB%26cr%3D1878678671%26a%3Dwbf_bitmontr_17_03%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bitmontr_17_03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzztD0CtCyC0E0EtDtC0CzytDyByBtDtAtN0D0Tzu0StCzzyEtBtN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBzyzyzytByDtDyBtGyCyEtCyCtGyBtAzy0CtGyBtDyByCtG0C0AyB0FyE0A0CtDtAyCzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0C0FtC0E0D0F0CtGzzyDyByCtGyE0E0CyCtGzzzyyDzztG0BzztBtB0CzyyDyB0A0DyE0E2QtN0A0LzutB%26cr%3D1878678671%26a%3Dwbf_bitmontr_17_03%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bitmontr_17_03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzztD0CtCyC0E0EtDtC0CzytDyByBtDtAtN0D0Tzu0StCzzyEtBtN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBzyzyzytByDtDyBtGyCyEtCyCtGyBtAzy0CtGyBtDyByCtG0C0AyB0FyE0A0CtDtAyCzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0C0FtC0E0D0F0CtGzzyDyByCtGyE0E0CyCtGzzzyyDzztG0BzztBtB0CzyyDyB0A0DyE0E2QtN0A0LzutB%26cr%3D1878678671%26a%3Dwbf_bitmontr_17_03%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bitmontr_17_03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzztD0CtCyC0E0EtDtC0CzytDyByBtDtAtN0D0Tzu0StCzzyEtBtN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBzyzyzytByDtDyBtGyCyEtCyCtGyBtAzy0CtGyBtDyByCtG0C0AyB0FyE0A0CtDtAyCzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0C0FtC0E0D0F0CtGzzyDyByCtGyE0E0CyCtGzzzyyDzztG0BzztBtB0CzyyDyB0A0DyE0E2QtN0A0LzutB%26cr%3D1878678671%26a%3Dwbf_bitmontr_17_03%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bitmontr_17_03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzztD0CtCyC0E0EtDtC0CzytDyByBtDtAtN0D0Tzu0StCzzyEtBtN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBzyzyzytByDtDyBtGyCyEtCyCtGyBtAzy0CtGyBtDyByCtG0C0AyB0FyE0A0CtDtAyCzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0C0FtC0E0D0F0CtGzzyDyByCtGyE0E0CyCtGzzzyyDzztG0BzztBtB0CzyyDyB0A0DyE0E2QtN0A0LzutB%26cr%3D1878678671%26a%3Dwbf_bitmontr_17_03%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-855933916-2125327620-179708743-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bitmontr_17_03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzztD0CtCyC0E0EtDtC0CzytDyByBtDtAtN0D0Tzu0StCzzyEtBtN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBzyzyzytByDtDyBtGyCyEtCyCtGyBtAzy0CtGyBtDyByCtG0C0AyB0FyE0A0CtDtAyCzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0C0FtC0E0D0F0CtGzzyDyByCtGyE0E0CyCtGzzzyyDzztG0BzztBtB0CzyyDyB0A0DyE0E2QtN0A0LzutB%26cr%3D1878678671%26a%3Dwbf_bitmontr_17_03%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-855933916-2125327620-179708743-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bitmontr_17_03&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuzztD0CtCyC0E0EtDtC0CzytDyByBtDtAtN0D0Tzu0StCzzyEtBtN1L2XzutAtFtByDtFtCtFtCtDzztN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyBzyzyzytByDtDyBtGyCyEtCyCtGyBtAzy0CtGyBtDyByCtG0C0AyB0FyE0A0CtDtAyCzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0C0C0FtC0E0D0F0CtGzzyDyByCtGyE0E0CyCtGzzzyyDzztG0BzztBtB0CzyyDyB0A0DyE0E2QtN0A0LzutB%26cr%3D1878678671%26a%3Dwbf_bitmontr_17_03%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\PremierOpinion\firefox
FF Extension: (PremierOpinion) - C:\Program Files (x86)\PremierOpinion\firefox [2017-01-16] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default [2017-01-16]
CHR Extension: (Google Slides) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-10]
CHR Extension: (Google Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-10]
CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-10]
CHR Extension: (Rapport) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-06-23]
CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-10]
CHR Extension: (Games Of Grandeur Advertising) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cljgbpicfdlpggcgpjpoemnmilpoaclj [2017-01-14]
CHR Extension: (Adobe Acrobat) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-16]
CHR Extension: (Google Sheets) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-10]
CHR Extension: (Google Docs Offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-11]
CHR Extension: (PremierOpinion) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle [2017-01-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-10]
CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-10]
CHR Extension: (Chrome Media Router) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-855933916-2125327620-179708743-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-855933916-2125327620-179708743-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkndcbhcgphcfkkddanakjiepeknbgle] - C:\Program Files (x86)\PremierOpinion\pmcm.crx [2017-01-16]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-02] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51504 2017-01-06] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe [205760 2016-09-23] (VoiceFive, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-11-22] (IBM Corp.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-18] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c63x64.sys [452432 2012-12-05] (Intel Corporation)
R3 IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [58880 2008-07-31] (Infineon Technologies AG)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-09-16] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-11-22] (IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [235688 2016-11-22] (IBM Corp.)
S3 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [489704 2016-11-22] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [548008 2016-11-22] (IBM Corp.)
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [14368 1999-10-11] () [File not signed]
R3 Serenum; C:\WINDOWS\system32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows (R) Win 7 DDK provider)
R3 Serial; C:\WINDOWS\system32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-04] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U0 aswVmm; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-16 17:55 - 2017-01-16 17:56 - 00025528 _____ C:\Users\HP\Desktop\FRST.txt
2017-01-16 17:54 - 2017-01-16 17:55 - 00000000 ____D C:\FRST
2017-01-16 17:53 - 2017-01-16 17:54 - 02419200 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2017-01-16 17:53 - 2017-01-16 17:53 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-HP-PC-Windows-10-Pro-(64-bit).dat
2017-01-16 17:53 - 2017-01-16 17:53 - 00000000 ____D C:\RegBackup
2017-01-16 17:52 - 2017-01-16 17:52 - 00017967 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2017-01-16 17:52 - 2017-01-16 17:52 - 00002308 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2017-01-16 17:52 - 2017-01-16 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-01-16 17:52 - 2017-01-16 17:52 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-01-16 17:51 - 2017-01-16 17:52 - 05766144 _____ (Tweaking.com) C:\Users\HP\Desktop\tweaking.com_registry_backup_setup.exe
2017-01-16 14:31 - 2017-01-16 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion
2017-01-16 14:14 - 2017-01-16 14:14 - 00000000 ____D C:\Users\HP\AppData\Local\Roblox
2017-01-16 14:12 - 2017-01-16 14:48 - 00003184 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus
2017-01-16 14:12 - 2017-01-16 14:26 - 00000292 _____ C:\WINDOWS\Tasks\PC Clean Plus_UPDATES.job
2017-01-16 14:12 - 2017-01-16 14:26 - 00000284 _____ C:\WINDOWS\Tasks\PC Clean Plus_DEFAULT.job
2017-01-16 14:12 - 2017-01-16 14:12 - 00003254 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_DEFAULT
2017-01-16 14:12 - 2017-01-16 14:12 - 00003080 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_UPDATES
2017-01-16 14:10 - 2017-01-16 17:22 - 00000000 ____D C:\Program Files (x86)\PremierOpinion
2017-01-16 14:10 - 2016-09-23 21:48 - 01177024 _____ (VoiceFive, Inc.) C:\WINDOWS\system32\pmls64.dll
2017-01-16 14:10 - 2016-09-23 21:48 - 00782272 _____ (VoiceFive, Inc.) C:\WINDOWS\SysWOW64\pmls.dll
2017-01-16 14:09 - 2017-01-16 14:14 - 00000096 _____ C:\Users\HP\AppData\LocalLow\rbxcsettings.rbx
2017-01-16 14:09 - 2017-01-16 14:09 - 00000000 ____D C:\ProgramData\Roblox
2017-01-16 14:09 - 2017-01-16 14:09 - 00000000 ____D C:\Program Files (x86)\Roblox
2017-01-16 14:08 - 2017-01-16 14:08 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-16 14:08 - 2017-01-16 14:08 - 00000000 ____D C:\Program Files\AVAST Software
2017-01-16 14:07 - 2017-01-16 15:06 - 00000000 ____D C:\Users\HP\AppData\Roaming\PC Clean Plus
2017-01-16 14:07 - 2017-01-16 14:29 - 00003100 _____ C:\WINDOWS\System32\Tasks\RunAtStartup
2017-01-16 14:07 - 2017-01-16 14:29 - 00000000 ____D C:\Users\HP\AppData\Roaming\Event Monitor
2017-01-16 14:07 - 2017-01-16 14:23 - 00000000 ____D C:\Program Files (x86)\PC Clean Plus
2017-01-16 14:07 - 2017-01-16 14:07 - 00826936 _____ (ROBLOX Corporation) C:\Users\HP\Downloads\_RobloxPlayerLauncher.exe
2017-01-16 14:07 - 2017-01-16 14:07 - 00001126 _____ C:\Users\Public\Desktop\PC Clean Plus.lnk
2017-01-16 14:07 - 2017-01-16 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Clean Plus
2017-01-16 14:06 - 2017-01-16 14:06 - 01268328 _____ ( ) C:\Users\HP\RobloxPlayerLauncher.exe
2017-01-16 07:33 - 2017-01-16 07:33 - 00000000 ____D C:\Users\HP\AppData\Local\ElevatedDiagnostics
2017-01-15 17:21 - 2017-01-15 17:21 - 00002844 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-01-15 17:21 - 2017-01-15 17:21 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-15 17:21 - 2017-01-15 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-15 17:21 - 2017-01-15 17:21 - 00000000 ____D C:\Program Files\CCleaner
2017-01-15 17:19 - 2017-01-15 17:20 - 09204168 _____ (Piriform Ltd) C:\Users\HP\ccsetup_525.exe
2017-01-15 15:55 - 1999-10-11 20:50 - 00014368 ____R C:\WINDOWS\SysWOW64\Drivers\SECDRV.SYS
2017-01-15 15:20 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
2017-01-11 17:41 - 2017-01-11 17:41 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-01-10 21:12 - 2016-12-21 07:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 21:12 - 2016-12-21 07:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 21:12 - 2016-12-21 07:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 21:12 - 2016-12-21 06:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 21:12 - 2016-12-21 04:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 21:12 - 2016-12-21 04:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 21:12 - 2016-12-21 04:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 21:12 - 2016-12-21 04:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 21:12 - 2016-12-14 04:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 21:12 - 2016-12-14 04:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 21:11 - 2016-12-21 08:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 21:11 - 2016-12-21 08:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 21:11 - 2016-12-21 08:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 21:11 - 2016-12-21 07:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 21:11 - 2016-12-21 07:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 21:11 - 2016-12-21 07:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-10 21:11 - 2016-12-21 07:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 21:11 - 2016-12-21 07:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 21:11 - 2016-12-21 07:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 21:11 - 2016-12-21 07:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 21:11 - 2016-12-21 07:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 21:11 - 2016-12-21 07:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 21:11 - 2016-12-21 07:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 21:11 - 2016-12-21 07:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 21:11 - 2016-12-21 07:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 21:11 - 2016-12-21 07:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 21:11 - 2016-12-21 07:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 21:11 - 2016-12-21 07:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 21:11 - 2016-12-21 07:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 21:11 - 2016-12-21 07:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 21:11 - 2016-12-21 07:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 21:11 - 2016-12-21 07:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 21:11 - 2016-12-21 07:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 21:11 - 2016-12-21 07:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 21:11 - 2016-12-21 07:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 21:11 - 2016-12-21 07:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 21:11 - 2016-12-21 07:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 21:11 - 2016-12-21 07:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 21:11 - 2016-12-21 07:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 21:11 - 2016-12-21 07:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 21:11 - 2016-12-21 07:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 21:11 - 2016-12-21 07:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 21:11 - 2016-12-21 07:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 21:11 - 2016-12-21 07:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 21:11 - 2016-12-21 07:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 21:11 - 2016-12-21 07:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 21:11 - 2016-12-21 07:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 21:11 - 2016-12-21 06:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 21:11 - 2016-12-21 06:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 21:11 - 2016-12-21 06:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 21:11 - 2016-12-21 06:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 21:11 - 2016-12-21 06:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 21:11 - 2016-12-21 06:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 21:11 - 2016-12-21 06:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 21:11 - 2016-12-21 06:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 21:11 - 2016-12-21 06:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 21:11 - 2016-12-21 06:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 21:11 - 2016-12-21 06:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 21:11 - 2016-12-21 06:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 21:11 - 2016-12-21 06:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 21:11 - 2016-12-21 06:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 21:11 - 2016-12-21 06:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 21:11 - 2016-12-21 06:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 21:11 - 2016-12-21 06:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 21:11 - 2016-12-21 06:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 21:11 - 2016-12-21 06:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 21:11 - 2016-12-21 05:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 21:11 - 2016-12-21 05:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 21:11 - 2016-12-21 05:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-10 21:11 - 2016-12-21 05:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 21:11 - 2016-12-21 05:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 21:11 - 2016-12-21 05:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 21:11 - 2016-12-21 05:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 21:11 - 2016-12-21 05:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 21:11 - 2016-12-21 05:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 21:11 - 2016-12-21 05:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 21:11 - 2016-12-21 04:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 21:11 - 2016-12-21 04:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 21:11 - 2016-12-21 04:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 21:11 - 2016-12-21 04:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 21:11 - 2016-12-21 04:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 21:11 - 2016-12-21 04:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 21:11 - 2016-12-21 04:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 21:11 - 2016-12-21 04:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 21:11 - 2016-12-21 04:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 21:11 - 2016-12-21 04:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 21:11 - 2016-12-21 04:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 21:11 - 2016-12-21 04:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 21:11 - 2016-12-21 04:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 21:11 - 2016-12-21 04:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 21:11 - 2016-12-21 04:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 21:11 - 2016-12-21 04:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 21:11 - 2016-12-21 04:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 21:11 - 2016-12-21 04:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 21:11 - 2016-12-21 04:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 21:11 - 2016-12-21 04:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 21:11 - 2016-12-21 04:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 21:11 - 2016-12-21 04:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 21:11 - 2016-12-21 04:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 21:11 - 2016-12-21 04:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 21:11 - 2016-12-14 05:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 21:11 - 2016-12-14 05:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 21:11 - 2016-12-14 05:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 21:11 - 2016-12-14 05:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-10 21:11 - 2016-12-14 05:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-10 21:11 - 2016-12-14 05:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-10 21:11 - 2016-12-14 05:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 21:11 - 2016-12-14 05:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-10 21:11 - 2016-12-14 05:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-10 21:11 - 2016-12-14 05:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-10 21:11 - 2016-12-14 05:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-10 21:11 - 2016-12-14 05:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-10 21:11 - 2016-12-14 05:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-10 21:11 - 2016-12-14 05:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-10 21:11 - 2016-12-14 05:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-10 21:11 - 2016-12-14 05:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-10 21:11 - 2016-12-14 05:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-10 21:11 - 2016-12-14 05:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-10 21:11 - 2016-12-14 05:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-10 21:11 - 2016-12-14 05:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-10 21:11 - 2016-12-14 05:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-10 21:11 - 2016-12-14 05:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 21:11 - 2016-12-14 05:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 21:11 - 2016-12-14 05:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 21:11 - 2016-12-14 05:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 21:11 - 2016-12-14 05:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 21:11 - 2016-12-14 05:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 21:11 - 2016-12-14 05:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 21:11 - 2016-12-14 05:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 21:11 - 2016-12-14 05:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 21:11 - 2016-12-14 05:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 21:11 - 2016-12-14 05:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 21:11 - 2016-12-14 05:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 21:11 - 2016-12-14 05:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 21:11 - 2016-12-14 05:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 21:11 - 2016-12-14 04:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 21:11 - 2016-12-14 04:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 21:11 - 2016-12-14 04:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 21:11 - 2016-12-14 04:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 21:11 - 2016-12-14 04:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 21:11 - 2016-12-14 04:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 21:11 - 2016-12-14 04:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 21:11 - 2016-12-14 04:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 21:11 - 2016-12-14 04:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 21:11 - 2016-12-14 04:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 21:11 - 2016-12-14 04:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 21:11 - 2016-12-14 04:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 21:11 - 2016-12-14 04:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 21:11 - 2016-12-14 04:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 21:11 - 2016-12-14 04:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 21:11 - 2016-12-14 04:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 21:11 - 2016-12-14 04:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 21:11 - 2016-12-14 04:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 21:11 - 2016-12-14 04:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 21:11 - 2016-12-14 04:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 21:11 - 2016-12-14 04:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 21:11 - 2016-12-14 04:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 21:11 - 2016-12-14 04:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 21:11 - 2016-12-14 04:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 21:11 - 2016-12-14 04:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 21:11 - 2016-12-14 04:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 21:11 - 2016-12-14 04:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 21:11 - 2016-12-14 04:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 21:11 - 2016-12-14 04:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 21:11 - 2016-12-14 04:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 21:11 - 2016-12-14 04:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 21:11 - 2016-12-14 04:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 21:11 - 2016-12-14 04:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 21:11 - 2016-12-14 04:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 21:11 - 2016-12-14 04:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 21:11 - 2016-12-14 04:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 21:11 - 2016-12-14 04:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 21:11 - 2016-12-14 04:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 21:11 - 2016-12-14 04:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 21:11 - 2016-12-14 04:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 21:11 - 2016-12-14 04:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 21:11 - 2016-12-14 04:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 21:11 - 2016-12-14 04:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 21:11 - 2016-12-14 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 21:11 - 2016-11-02 12:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 21:11 - 2016-11-02 11:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 21:11 - 2016-11-02 10:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 21:11 - 2016-11-02 10:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 21:11 - 2016-11-02 10:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 21:11 - 2016-08-02 04:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 18:24 - 2017-01-10 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-06 00:04 - 2017-01-06 00:04 - 00051504 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-05 23:48 - 2017-01-05 23:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-05 23:48 - 2017-01-05 23:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-05 23:48 - 2017-01-05 23:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-12-22 22:44 - 2016-12-22 22:44 - 00000000 ____D C:\Users\HP\AppData\Roaming\Nero
2016-12-20 19:15 - 2017-01-16 07:33 - 00004009 _____ C:\WINDOWS\setupact.log
2016-12-20 19:15 - 2016-12-20 19:15 - 00000000 _____ C:\WINDOWS\setuperr.log
2016-12-18 14:10 - 2016-12-18 14:10 - 00011834 _____ C:\Users\HP\Documents\cjujphg[iyttu=y-ti,u;iou.docx
2016-12-18 13:50 - 2016-12-18 13:50 - 00380186 _____ C:\Users\HP\Downloads\heathens lyrics - Google Search.html
2016-12-18 13:50 - 2016-12-18 13:50 - 00000000 ____D C:\Users\HP\Downloads\heathens lyrics - Google Search_files

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-16 17:45 - 2016-09-25 03:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-16 14:28 - 2016-08-02 15:50 - 00000000 ___RD C:\Users\HP\Dropbox
2017-01-16 14:26 - 2016-09-25 03:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-16 14:25 - 2016-07-16 06:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-01-16 14:25 - 2016-06-10 20:59 - 00000000 ____D C:\Users\HP\Documents\Outlook Files
2017-01-16 14:06 - 2016-09-25 03:11 - 00000000 ____D C:\Users\HP
2017-01-16 07:35 - 2016-09-25 03:10 - 01151302 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-15 20:47 - 2016-06-10 17:39 - 00000000 ____D C:\Users\HP\AppData\Local\Packages
2017-01-15 16:20 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-15 16:18 - 2016-06-10 19:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-15 16:01 - 2016-07-01 09:06 - 00000332 _____ C:\WINDOWS\Tasks\HPCeeScheduleForHP.job
2017-01-15 12:04 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-14 11:29 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-13 16:50 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-13 10:24 - 2016-09-25 03:28 - 00003212 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForHP
2017-01-13 08:04 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-11 22:53 - 2016-06-06 14:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-11 22:52 - 2016-09-25 03:28 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 17:41 - 2016-09-25 03:11 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-10 22:10 - 2016-04-27 06:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-10 22:07 - 2016-12-13 22:18 - 00360624 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-10 22:03 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-10 22:03 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-10 22:03 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-10 22:03 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-10 22:03 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-10 22:03 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-10 21:24 - 2016-06-06 11:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 21:22 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-10 21:22 - 2016-06-06 11:01 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 18:24 - 2016-08-02 15:44 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-02 23:27 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-22 23:13 - 2016-07-16 11:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-22 23:13 - 2016-07-16 11:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-20 17:31 - 2016-07-16 11:47 - 00000000 __RSD C:\WINDOWS\assembly

==================== Files in the root of some directories =======

2016-06-23 20:26 - 2016-06-23 20:26 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\HP\affinity-photo-public-beta.exe
C:\Users\HP\ccsetup_525.exe
C:\Users\HP\RobloxPlayerLauncher.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-13 08:00

==================== End of FRST.txt ============================

Add:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017
Ran by HP (16-01-2017 17:56:40)
Running from C:\Users\HP\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-25 03:32:11)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-855933916-2125327620-179708743-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-855933916-2125327620-179708743-503 - Limited - Disabled)
Guest (S-1-5-21-855933916-2125327620-179708743-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-855933916-2125327620-179708743-1004 - Limited - Enabled)
HP (S-1-5-21-855933916-2125327620-179708743-1000 - Administrator - Enabled) => C:\Users\HP

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 17.4.33 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5510 series Basic Device Software (HKLM\...\{CFF43B48-42A1-4967-9506-7E341BBD075F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510 series Product Improvement Study (HKLM\...\{CBB98874-7884-4CC1-A78C-CB53C62BC77B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.50.9 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.32.203 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.3 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-855933916-2125327620-179708743-1000\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PC Clean Plus (HKLM-x32\...\PC Clean Plus_is1) (Version: 3.6 - Jawego Partners LLC)
PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.337.388 - VoiceFive, Inc.) <==== ATTENTION
Rapport (x32 Version: 3.5.1609.107 - Trusteer) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7324 - Realtek Semiconductor Corp.)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.107 - Trusteer)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-855933916-2125327620-179708743-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\HP\AppData\Local\Roblox\Versions\version-ecedadb4b6824712\RobloxProxy64.dll (ROBLOX Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0878878A-E4F2-4D87-84C7-CD622EBA7618} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0A542BDF-A9BF-400E-8D70-0BC23D50A796} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1C116BD3-9EBE-4CC6-9D39-1138F5CE993C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-29] (Microsoft Corporation)
Task: {21151B3A-EF90-42A8-A4CF-94BA15DA0D8E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {2672EA29-F9B7-4343-BD9A-B69C583F4C6A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {2FF05939-086D-4E8E-BDE7-54AEA0CF0C37} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {30C1BAB9-5BA3-428A-A379-021EE6B9294D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {3685A230-094B-4DD7-9B0D-7CEE39A0B6A3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3949ACC8-BB0D-4210-9BCB-F8512AB24471} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {3E642271-3ECF-4D3F-A334-C5C43EBD729A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {431EA375-B6E2-4760-ADE9-9367BDE7C073} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {46223E18-0C90-4384-800B-0BECF82FA474} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {4ADDB36B-12A2-4E18-ACFF-A5D38909C47F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {4C2E8F3F-40E1-4A36-8A60-3BD086DA0AE7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4DD1D69F-8022-4AA0-8A91-70EC10B21EE7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5817D37A-36EF-49A2-B19C-9151AB34B187} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {581E8B1B-450A-4199-A16D-1CBE91881259} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {5A59EA29-2F1A-4952-8F3D-D435D3F3D88C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5BCA3438-01AE-466D-845E-2F1EA50283D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-06] (Adobe Systems Incorporated)
Task: {5CAA10E2-05C3-45D2-B37B-A8E3FEE9CFBF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5FF156FD-D532-4E03-9E35-F8357924B83A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {6CFF19DD-9794-4785-9712-B8AAA8FB2F07} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-02] (Dropbox, Inc.)
Task: {70D94007-7DAD-4FA2-81B0-4573F4D7AF75} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {76C8A237-44BF-45A3-B3A3-045864304C29} - System32\Tasks\PC Clean Plus_DEFAULT => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe [2017-01-05] (PC Clean Plus)
Task: {7D7E05F5-53C1-4377-A341-C799565C28B1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-02] (Dropbox, Inc.)
Task: {7F64106E-1696-4B9D-B271-641258B54242} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {80383ECA-94A8-4A94-8F5E-2970C3579E67} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {806425EE-FF22-4DC5-B7B5-F0E636E7302D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {810B1061-3DB2-49AC-869A-5345DDD8F11C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8146A7B6-35C9-464F-8D48-DCEE7730F019} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {852E38D5-B369-45B3-AC72-97925EA139E5} - System32\Tasks\PC Clean Plus => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe [2017-01-05] (PC Clean Plus)
Task: {8CA742D1-980E-44F5-92DE-2D3ADB45BE0B} - System32\Tasks\RunAtStartup => C:\Users\HP\AppData\Roaming\Event Monitor\em.exe [2017-01-05] ()
Task: {91AB6DEA-9B66-4906-9BAB-C9F4B8414C2B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {981E5E53-0D4A-4DAA-AABF-ECD643C416E1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9AE6DF68-47B4-4E23-BE54-92C690646CF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {9AFAF7E5-E522-4463-9379-833A382F649D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {ABE28BC2-AE99-4CC4-85D8-11CD1B12DA95} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AEDBB68B-FC96-4BB8-BB1F-FC7D3FF7BC86} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {B1304CD4-9457-42C2-9F1B-F4C8D70D27D8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B1B957A9-E162-4545-BC07-5E3475B3A249} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {B86E917D-044D-4644-BB2A-A30B40B3E286} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B9669E6B-4866-41C3-BDB9-96A45B5CC494} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BE26BA91-6AFC-4F50-BD64-40F111591C50} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {C1DD3743-4490-495B-B4F5-746C27066B3B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-15] (Piriform Ltd)
Task: {C628F646-5F3D-4345-A4AF-E75B5E4BC98D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C899E7BF-7A48-4F38-8C88-2D151F711A4A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-10] (Google Inc.)
Task: {CBE48DA1-FCEF-478C-B395-8760C8F73936} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
Task: {CD93E86B-05EE-4944-BE92-0A3BC5FB74BA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D1F8DA46-EFDB-4419-934D-4F8777E951ED} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D4DD4BAC-0E24-4BF8-ADCD-C1F37D921D1B} - System32\Tasks\PC Clean Plus_UPDATES => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe [2017-01-05] (PC Clean Plus)
Task: {D6346319-92C5-492C-AEA6-38A65C30C252} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D803F45F-65D6-4ABA-B138-33BED822C66E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {DCEE6B48-3C14-432B-80A6-EB199AB1C951} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {DD488CD4-F876-417A-BCC5-C0981FBF5E92} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E1AA3A5B-222F-46C9-965A-D39C5836513F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E5B874F2-B9F3-4429-BEC5-791ED73DD251} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E5FDF2B6-345B-4D92-BAAD-985511217051} - System32\Tasks\HPCeeScheduleForHP => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {EA6DF4DA-DB95-4274-8DF0-2ECF10E8A322} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {ED19F0A8-D91D-4618-9C73-EB9CAA1F51D9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {ED2B6D77-9840-4539-A4B4-45903E49A788} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F15ABA04-F1E4-4075-8E66-BCEAB5FE063C} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F1CFB8A9-0900-46A7-AA5B-146935FE40B5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {F4F51B72-0B5C-462F-AF19-6AE97E86AABF} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F576A97F-2019-431B-B6A0-A7AE83DA48F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {FADD8E0C-63AC-4E7B-9D2D-ACE0EAC81653} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-10] (Google Inc.)
Task: {FEDD3735-5B57-4F73-B492-D2A15912F854} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForHP.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\PC Clean Plus_DEFAULT.job => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe
Task: C:\WINDOWS\Tasks\PC Clean Plus_UPDATES.job => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 19:01 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 19:01 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-13 18:12 - 2016-12-13 18:12 - 01678560 _____ () C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2017-01-16 14:07 - 2017-01-05 18:45 - 03292608 _____ () C:\Users\HP\AppData\Roaming\Event Monitor\em.exe
2016-09-25 11:56 - 2016-09-25 11:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 21:11 - 2016-12-21 07:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 21:11 - 2016-12-21 06:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 21:11 - 2016-12-21 06:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 21:11 - 2016-12-21 06:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 21:11 - 2016-12-21 06:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 21:11 - 2016-12-21 06:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 21:11 - 2016-12-21 06:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-12-14 06:28 - 2016-12-14 06:30 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 06:28 - 2016-12-14 06:30 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 06:28 - 2016-12-14 06:30 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 06:28 - 2016-12-14 06:30 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2016-11-23 15:14 - 2016-11-23 15:15 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-23 15:14 - 2016-11-23 15:15 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-10 20:24 - 2016-06-10 20:24 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-23 15:14 - 2016-11-23 15:15 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-23 15:14 - 2016-11-23 15:15 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2016-12-13 18:12 - 2016-12-13 18:12 - 01244376 _____ () C:\Users\HP\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
2016-08-02 15:47 - 2016-12-08 01:00 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-01-10 18:24 - 2016-12-08 01:00 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-01-10 18:24 - 2016-12-08 01:01 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-01-10 18:24 - 2016-12-08 01:00 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-08-02 15:47 - 2016-12-08 01:04 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-08-02 15:47 - 2016-12-08 01:00 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-08-02 15:47 - 2016-12-08 01:04 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-02 15:47 - 2016-12-08 01:00 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-08-02 15:47 - 2017-01-06 00:04 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-08-02 15:47 - 2016-12-08 01:00 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-01-10 18:24 - 2017-01-06 00:03 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-08-02 15:47 - 2016-12-08 01:01 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-01-10 18:24 - 2017-01-06 00:03 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-01-10 18:24 - 2017-01-06 00:03 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-08-05 17:16 - 2017-01-06 00:04 - 00021328 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-01-10 18:24 - 2017-01-06 00:04 - 00052032 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-01-10 18:24 - 2017-01-06 00:04 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-01-10 18:24 - 2016-12-08 01:00 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-01-10 18:24 - 2016-12-08 01:04 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-08-02 15:47 - 2016-12-08 01:04 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-08-02 15:47 - 2017-01-06 00:04 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-02 15:47 - 2016-12-08 01:04 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-05 17:16 - 2017-01-06 00:04 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-02 15:47 - 2016-12-08 01:04 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-08-02 15:47 - 2016-12-08 01:04 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-08-02 15:47 - 2016-12-08 01:04 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-08-02 15:47 - 2016-12-08 01:04 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-08-02 15:47 - 2016-12-08 01:04 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-08-02 15:47 - 2016-12-08 01:04 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-08-02 15:47 - 2016-12-08 01:04 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-10 18:24 - 2017-01-06 00:03 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-01-10 18:24 - 2017-01-06 00:03 - 00026464 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-05 17:16 - 2016-12-08 01:02 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-01-10 18:24 - 2017-01-06 00:03 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-08-02 15:47 - 2016-12-08 01:04 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-08-02 15:47 - 2017-01-06 00:04 - 00023384 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-08-02 15:47 - 2017-01-06 00:04 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-08-02 15:47 - 2017-01-06 00:04 - 00019792 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-08-02 15:47 - 2017-01-06 00:04 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-08-02 15:47 - 2016-12-08 01:04 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-08-02 15:47 - 2017-01-06 00:04 - 00022360 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-01-10 18:24 - 2017-01-06 00:04 - 00024400 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-01-10 18:24 - 2016-12-08 00:57 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-01-10 18:24 - 2017-01-06 00:04 - 00031576 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-01-10 18:24 - 2016-12-22 02:04 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-01-10 18:24 - 2017-01-06 00:03 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-01-10 18:24 - 2017-01-06 00:04 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-08-02 15:47 - 2016-12-08 01:01 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-01-10 18:24 - 2017-01-06 00:04 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-01-10 18:24 - 2017-01-06 00:04 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-01-10 18:24 - 2017-01-06 00:04 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-01-10 18:24 - 2017-01-06 00:04 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-01-10 18:24 - 2017-01-06 00:04 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-01-10 18:24 - 2017-01-06 00:04 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-05 17:16 - 2017-01-06 00:04 - 00020296 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2017-01-10 18:24 - 2016-12-08 01:08 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-01-10 18:24 - 2016-12-08 01:08 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-01-10 18:24 - 2017-01-06 00:04 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-01-10 18:24 - 2017-01-06 00:04 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-01-10 18:24 - 2017-01-06 00:04 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-08-02 15:47 - 2016-12-08 01:04 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-02 15:47 - 2017-01-06 00:04 - 00037200 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-05 17:16 - 2017-01-06 00:04 - 00024920 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-01-10 18:24 - 2017-01-06 00:04 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2017-01-16 14:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-855933916-2125327620-179708743-1000\Control Panel\Desktop\\Wallpaper -> c:\users\hp\pictures\2015\img_20150528_150238.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{36549242-3E51-410A-AA0D-A2275C6D2BA0}] => LPort=1900
FirewallRules: [{D5D3BDC7-1CC4-480E-93AA-2D0C682D654D}] => LPort=2869
FirewallRules: [{11225767-07F9-45DF-85AC-32E6EB83F7F9}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AA831D43-0F3B-4E55-86E6-97E42EF5AFCC}] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1D8E0923-6511-43F9-BDBC-2C254D25720F}] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D62452DF-6913-4F65-A806-07D826540379}] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe
FirewallRules: [{8866261F-CB80-4244-9188-AA01B23F1732}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{9C11B03B-30DD-4A80-9DDC-153FC380A451}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5144B8A6-70CC-4097-9FB6-8F8B7FD51C2B}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{694B6151-86A3-4E0C-8273-FB13C9DA7A4C}] => C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{4C929835-4793-4161-9E6E-17EA084A10F8}] => C:\Program Files (x86)\PremierOpinion\pmropn.exe

==================== Restore Points =========================

21-12-2016 08:37:07 Scheduled Checkpoint
02-01-2017 19:27:00 Scheduled Checkpoint
10-01-2017 21:15:22 Windows Update
15-01-2017 17:09:12 Removed Affinity Photo Public Beta

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2017 05:49:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process ID: 0xd9c
Faulting application start time: 0x01d27020be62c803
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report ID: eaf5eecf-13ec-428c-90bd-ea6ec8821b1b
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (01/16/2017 05:49:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process ID: 0xd9c
Faulting application start time: 0x01d27020be62c803
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report ID: 38494fbd-3620-4142-999f-740de8b4d3c4
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (01/16/2017 05:49:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process ID: 0xd9c
Faulting application start time: 0x01d27020be62c803
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report ID: 8adef0d0-3bfb-437d-8162-d72ca5cabf75
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (01/16/2017 05:49:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process ID: 0xd9c
Faulting application start time: 0x01d27020be62c803
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report ID: 8269eeff-22ba-4610-add8-a1abbbdcfaf3
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (01/16/2017 05:49:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process ID: 0xd9c
Faulting application start time: 0x01d27020be62c803
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report ID: 275c7f1b-34ca-49cc-a7cd-192cdd5dd533
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (01/16/2017 05:49:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process ID: 0xd9c
Faulting application start time: 0x01d27020be62c803
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report ID: d3193c44-dce6-47a6-b023-3bf6e52e4429
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (01/16/2017 05:49:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process ID: 0xd9c
Faulting application start time: 0x01d27020be62c803
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report ID: 2c59601f-b75f-4939-bd5e-b6a7b2720069
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (01/16/2017 05:49:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process ID: 0xd9c
Faulting application start time: 0x01d27020be62c803
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report ID: 2491302a-3104-42a7-9981-6989c27adfec
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (01/16/2017 05:49:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process ID: 0xd9c
Faulting application start time: 0x01d27020be62c803
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report ID: 4909d17a-e848-42d5-9d50-4df9b72a8e8f
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (01/16/2017 05:49:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process ID: 0xd9c
Faulting application start time: 0x01d27020be62c803
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report ID: 48177b44-0e96-44c7-befc-1c07dc72c72f
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

System errors:
=============
Error: (01/16/2017 02:31:11 PM) (Source: DCOM) (EventID: 10016) (User: HP-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user HP-PC\HP SID (S-1-5-21-855933916-2125327620-179708743-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (01/16/2017 02:26:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/16/2017 02:26:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/15/2017 05:26:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/15/2017 05:15:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/15/2017 05:14:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/15/2017 04:02:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/15/2017 04:01:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/15/2017 03:56:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Secdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (01/15/2017 03:56:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\WINDOWS\SysWow64\drivers\SECDRV.SYS

CodeIntegrity:
===================================
Date: 2017-01-16 05:32:51.562
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-16 05:32:51.560
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-16 05:32:51.548
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-16 01:32:52.328
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-16 01:32:52.326
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-16 01:32:52.314
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-15 21:32:54.510
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-15 21:32:54.508
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-15 21:32:54.495
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-15 17:33:25.196
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 41%
Total physical RAM: 8080.04 MB
Available physical RAM: 4726.87 MB
Total Virtual: 16272.04 MB
Available Virtual: 13021.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.73 GB) (Free:372.16 GB) NTFS
Drive e: (Classic SL) (Fixed) (Total:74.53 GB) (Free:29.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 45290D0F)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

aswMBR:

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-01-16 18:03:02
-----------------------------
18:03:02.400 OS Version: Windows x64 6.2.9200
18:03:02.400 Number of processors: 4 586 0x2A07
18:03:02.400 ComputerName: HP-PC UserName: HP
18:03:03.432 Initialize success
18:03:03.533 VM: initialized successfully
18:03:03.533 VM: Intel CPU BiosDisabled
18:08:29.799 AVAST engine defs: 17010903
18:12:19.695 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002b
18:12:19.695 Disk 0 Vendor: ST3500418AS CC68 Size: 476940MB BusType: 11
18:12:19.795 Disk 0 MBR read successfully
18:12:19.811 Disk 0 MBR scan
18:12:19.864 Disk 0 Windows 7 default MBR code
18:12:19.864 Disk 0 Partition 1 00 EE GPT 476940 MB offset 1
18:12:19.911 Disk 0 scanning C:\WINDOWS\system32\drivers
18:12:29.841 Service scanning
18:12:48.776 Modules scanning
18:12:48.776 Disk 0 trace - called modules:
18:12:48.807 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
18:12:48.829 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffff97089e0b1060]
18:12:48.829 3 CLASSPNP.SYS[fffff8063c4b5efb] -> nt!IofCallDriver -> [0xffff97089c20be40]
18:12:48.829 5 ACPI.sys[fffff8063b324571] -> nt!IofCallDriver -> \Device\0000002b[0xffff97089c218060]
18:12:49.592 AVAST engine scan C:\WINDOWS
18:12:51.500 AVAST engine scan C:\WINDOWS\system32
18:16:06.468 AVAST engine scan C:\WINDOWS\system32\drivers
18:16:26.139 AVAST engine scan C:\Users\HP
18:29:50.604 AVAST engine scan C:\ProgramData
18:36:29.601 Disk 0 statistics 1663644/0/0 @ 0.92 MB/s
18:36:29.616 Scan finished successfully
18:38:19.789 Disk 0 MBR has been saved successfully to "C:\Users\HP\Desktop\MBR.dat"
18:38:19.820 The log file has been saved successfully to "C:\Users\HP\Desktop\aswMBR.txt"

↧

I'm back and need help

January 16, 2017, 8:02 pm

≫ Next: Anti-Beacon: OneDrive keeps popping up in the Options after having been Immunized.

≪ Previous: PC Cleaner & other stuff

here is my scan, when i try and run aswMBR my pc gives me an odd blue page with a frown smiley saying my pc needs to shut down. here is my frst log i hope you can direct me to fix this. thanks.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by Dad (administrator) on BRIDGES1 (16-01-2017 21:41:11)
Running from C:\Users\Dad\Desktop
Loaded Profiles: Dad (Available Profiles: Dad & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7766.57671.0_x64__8wekyb3d8bbwe\onenoteim.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Run: [Chromium] => c:\users\dad\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk.disabled [2016-02-22]
ShortcutTarget: PalTalk.lnk.disabled -> C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2107755742-302254199-1763176924-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-2107755742-302254199-1763176924-1001] => localhost:21320
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{aa1f6054-53c9-4db4-9ea5-cb8d826a68ec}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{e8b2aba9-4372-4dda-bdca-b8277f4bd75f}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-25] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-25] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: fen9gfz2.default-1409800020396
FF DefaultProfile: ronnybridges@gmail.com
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396 [2017-01-16]
FF NewTab: Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396 -> about:newtab
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396 -> Google
FF SearchEngineOrder.2: Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396 ->
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396 -> Bing
FF Homepage: Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396 -> hxxp://www.msn.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396 -> user_pref("keyword.URL", true);
FF NetworkProxy: Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396 -> type", 4
FF Extension: (Adblock Plus) - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\fen9gfz2.default-1409800020396\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-12-31] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @flyordie.com/GamesPlugin -> C:\Program Files (x86)\Flyordie Plugin\npfod.dll [2016-08-29] (Solware)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2011-11-14] (Affinegy, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 easytether; C:\WINDOWS\System32\drivers\easytthrx.sys [22728 2015-11-22] (Mobile Stream)
S3 IntcDAud; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [317440 2010-10-15] (Intel(R) Corporation) [File not signed]
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 Netaapl; C:\WINDOWS\System32\DRIVERS\netaapl64.sys [22528 2011-08-02] (Apple Inc.) [File not signed]
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2504192 2016-07-16] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R4 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26392 2014-12-02] (DEVGURU Co., LTD.)
R3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2016-07-16] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-16 21:41 - 2017-01-16 21:41 - 00021160 _____ C:\Users\Dad\Desktop\FRST.txt
2017-01-16 21:39 - 2017-01-16 21:40 - 02419200 _____ (Farbar) C:\Users\Dad\Desktop\FRST64.exe
2017-01-16 21:34 - 2017-01-16 21:34 - 00002315 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2017-01-16 21:33 - 2017-01-16 21:37 - 05766144 _____ (Tweaking.com) C:\Users\Dad\Desktop\tweaking.com_registry_backup_setup.exe
2017-01-16 21:28 - 2017-01-11 12:26 - 00000135 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170116-212832.backup
2017-01-14 18:42 - 2017-01-14 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-01-13 23:07 - 2017-01-13 23:07 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-11 12:29 - 2017-01-16 21:34 - 00017905 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2017-01-11 12:26 - 2017-01-10 23:52 - 00453045 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170111-122611.backup
2017-01-10 23:52 - 2017-01-09 23:30 - 00453045 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170110-235200.backup
2017-01-10 23:43 - 2017-01-15 23:29 - 00001303 _____ C:\Users\Dad\Desktop\Free Sound Recorder.lnk
2017-01-10 23:43 - 2017-01-10 23:43 - 00001327 _____ C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Free Sound Recorder.lnk
2017-01-10 23:43 - 2006-03-23 12:56 - 00113486 _____ C:\WINDOWS\SysWOW64\NCTWMAProfiles.prx
2017-01-10 23:43 - 2005-04-15 12:08 - 00880640 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioEditor2.dll
2017-01-10 23:43 - 2005-04-04 17:21 - 00602112 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioTransform2.dll
2017-01-10 23:43 - 2005-03-28 15:54 - 00479232 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTAudioVisualization2.dll
2017-01-10 23:43 - 2005-03-28 15:52 - 00417792 _____ (Online Media Technologies Ltd.) C:\WINDOWS\SysWOW64\NCTTextToAudio2.dll
2017-01-10 23:43 - 2004-11-04 13:31 - 00835584 _____ (NCT) C:\WINDOWS\SysWOW64\NCTAudioCDGrabber2.dll
2017-01-10 13:50 - 2016-12-20 23:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-10 13:50 - 2016-12-20 22:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 13:50 - 2016-12-20 22:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 13:50 - 2016-12-20 22:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 13:50 - 2016-12-20 22:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 13:50 - 2016-12-13 22:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 13:50 - 2016-12-13 22:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 13:49 - 2016-12-20 23:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 13:49 - 2016-12-20 23:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 13:49 - 2016-12-20 23:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 13:49 - 2016-12-20 23:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 13:49 - 2016-12-20 23:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 13:49 - 2016-12-20 23:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 13:49 - 2016-12-20 23:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 13:49 - 2016-12-20 23:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 13:49 - 2016-12-20 23:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 13:49 - 2016-12-20 22:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 13:49 - 2016-12-20 22:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 13:49 - 2016-12-20 22:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 13:49 - 2016-12-20 22:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 13:49 - 2016-12-20 22:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 13:49 - 2016-12-20 22:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 13:49 - 2016-12-20 22:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 13:49 - 2016-12-20 22:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 13:49 - 2016-12-20 22:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 13:49 - 2016-12-20 22:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 13:49 - 2016-12-20 22:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 13:49 - 2016-12-20 22:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 13:49 - 2016-12-20 22:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 13:49 - 2016-12-20 22:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 13:49 - 2016-12-20 22:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 13:49 - 2016-12-20 22:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 13:49 - 2016-12-20 22:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 13:49 - 2016-12-20 22:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 13:49 - 2016-12-20 22:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 13:49 - 2016-12-20 22:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 13:49 - 2016-12-20 22:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 13:49 - 2016-12-20 22:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 13:49 - 2016-12-20 22:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 13:49 - 2016-12-20 22:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 13:49 - 2016-12-13 23:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 13:49 - 2016-12-13 23:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 13:49 - 2016-12-13 23:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 13:49 - 2016-12-13 23:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 13:49 - 2016-12-13 23:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 13:49 - 2016-12-13 23:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 13:49 - 2016-12-13 22:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 13:49 - 2016-12-13 22:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 13:49 - 2016-12-13 22:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 13:49 - 2016-12-13 22:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 13:49 - 2016-12-13 22:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 13:49 - 2016-12-13 22:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 13:49 - 2016-12-13 22:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 13:49 - 2016-12-13 22:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 13:49 - 2016-12-13 22:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 13:49 - 2016-12-13 22:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 13:49 - 2016-12-13 22:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 13:49 - 2016-12-13 22:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 13:49 - 2016-12-13 22:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 13:49 - 2016-11-02 06:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 13:49 - 2016-08-01 22:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 13:45 - 2016-12-21 02:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 13:45 - 2016-12-21 02:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 13:45 - 2016-12-21 01:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 13:45 - 2016-12-21 01:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-10 13:45 - 2016-12-21 01:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 13:45 - 2016-12-21 01:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 13:45 - 2016-12-21 01:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 13:45 - 2016-12-21 01:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 13:45 - 2016-12-21 01:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 13:45 - 2016-12-21 01:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 13:45 - 2016-12-21 01:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 13:45 - 2016-12-21 01:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 13:45 - 2016-12-21 01:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 13:45 - 2016-12-21 01:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 13:45 - 2016-12-21 01:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 13:45 - 2016-12-21 01:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 13:45 - 2016-12-21 01:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 13:45 - 2016-12-21 01:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 13:45 - 2016-12-21 01:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 13:45 - 2016-12-21 01:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 13:45 - 2016-12-21 01:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 13:45 - 2016-12-21 01:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 13:45 - 2016-12-21 01:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 13:45 - 2016-12-21 01:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 13:45 - 2016-12-21 01:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 13:45 - 2016-12-21 01:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 13:45 - 2016-12-21 01:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 13:45 - 2016-12-21 00:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 13:45 - 2016-12-21 00:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 13:45 - 2016-12-21 00:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 13:45 - 2016-12-21 00:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 13:45 - 2016-12-21 00:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 13:45 - 2016-12-21 00:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 13:45 - 2016-12-21 00:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 13:45 - 2016-12-21 00:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 13:45 - 2016-12-21 00:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 13:45 - 2016-12-21 00:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 13:45 - 2016-12-13 23:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 13:45 - 2016-12-13 23:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 13:45 - 2016-12-13 23:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 13:45 - 2016-12-13 23:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 13:45 - 2016-12-13 23:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 13:45 - 2016-12-13 22:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 13:45 - 2016-12-13 22:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 13:45 - 2016-12-13 22:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 13:45 - 2016-12-13 22:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 13:45 - 2016-12-13 22:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 13:45 - 2016-12-13 22:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 13:45 - 2016-12-13 22:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 13:45 - 2016-12-13 22:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 13:45 - 2016-12-13 22:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 13:45 - 2016-12-13 22:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 13:45 - 2016-12-13 22:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 13:45 - 2016-12-13 22:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 13:45 - 2016-12-13 22:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 13:45 - 2016-12-13 22:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 13:45 - 2016-12-13 22:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 13:45 - 2016-12-13 22:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 13:45 - 2016-12-13 22:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 13:45 - 2016-12-13 22:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 13:45 - 2016-12-13 22:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 13:44 - 2016-12-21 02:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 13:44 - 2016-12-21 01:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 13:44 - 2016-12-21 01:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 13:44 - 2016-12-21 01:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 13:44 - 2016-12-21 01:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 13:44 - 2016-12-21 01:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 13:44 - 2016-12-21 01:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 13:44 - 2016-12-21 01:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 13:44 - 2016-12-21 01:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 13:44 - 2016-12-21 01:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 13:44 - 2016-12-21 01:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 13:44 - 2016-12-21 01:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 13:44 - 2016-12-21 01:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 13:44 - 2016-12-21 00:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 13:44 - 2016-12-21 00:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 13:44 - 2016-12-21 00:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 13:44 - 2016-12-21 00:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 13:44 - 2016-12-21 00:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 13:44 - 2016-12-21 00:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 13:44 - 2016-12-21 00:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 13:44 - 2016-12-21 00:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 13:44 - 2016-12-21 00:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 13:44 - 2016-12-21 00:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 13:44 - 2016-12-13 23:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 13:44 - 2016-12-13 23:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 13:44 - 2016-12-13 23:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 13:44 - 2016-12-13 23:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 13:44 - 2016-12-13 23:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 13:44 - 2016-12-13 22:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 13:44 - 2016-12-13 22:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 13:44 - 2016-12-13 22:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 13:44 - 2016-12-13 22:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 13:44 - 2016-12-13 22:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 13:44 - 2016-12-13 22:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 13:44 - 2016-12-13 22:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 13:44 - 2016-12-13 22:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 13:44 - 2016-12-13 22:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 13:44 - 2016-12-13 22:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 13:44 - 2016-12-13 22:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 13:44 - 2016-12-13 22:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 13:44 - 2016-11-02 05:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 13:44 - 2016-11-02 04:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 13:44 - 2016-11-02 04:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 13:44 - 2016-11-02 04:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 13:43 - 2016-12-13 23:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 13:43 - 2016-12-13 23:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 10:43 - 2017-01-10 10:43 - 00000000 ____D C:\Users\Dad\AppData\Local\oneClickRoot
2017-01-10 10:42 - 2017-01-10 10:42 - 00000000 ____D C:\Users\Dad\AppData\Local\AWSToolkit
2017-01-10 10:41 - 2017-01-10 10:41 - 25416816 _____ (One Click Root) C:\Users\Dad\AppData\Local\TempOneClickRoot.exe
2017-01-09 23:30 - 2017-01-07 17:37 - 00453045 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170109-233001.backup
2017-01-09 11:47 - 2017-01-09 11:47 - 06258893 _____ C:\Users\Dad\Desktop\Coldplay - Scientist, The Thm.mp4
2017-01-09 11:47 - 2017-01-09 11:47 - 04270546 _____ C:\Users\Dad\Desktop\Coldplay - Scientist, The Thm.zip
2017-01-08 23:53 - 2017-01-08 23:53 - 00000000 ____D C:\Users\Dad\AppData\Local\{0EBB51A8-A65D-4954-80BE-57465B94F5D5}
2017-01-08 21:46 - 2017-01-08 21:46 - 00000842 _____ C:\Users\Dad\Desktop\txt1.txt
2017-01-07 19:47 - 2017-01-07 19:47 - 00000000 ____D C:\Users\Dad\AppData\Local\{B65CE059-9FD5-4F11-9D1F-D2FBDD1D93B0}
2017-01-07 17:37 - 2016-12-22 09:30 - 00452937 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170107-173714.backup
2017-01-07 08:15 - 2017-01-07 08:16 - 51466368 _____ C:\Users\Dad\Desktop\Leonard_Cohen_Bird_On_The_Wire(Video_Karaoke_with_a_colored_background)_223631.mp4
2017-01-01 13:39 - 2017-01-01 13:42 - 00000000 ____D C:\Users\Dad\Desktop\New folder (3)
2017-01-01 13:31 - 2017-01-01 13:31 - 00000000 ____D C:\Users\Dad\AppData\Local\{D4BCB26B-60AF-46A1-9212-09614CB79BD0}
2016-12-22 22:47 - 2016-12-22 22:47 - 00000000 ____D C:\Users\Dad\AppData\Local\{6545616A-06F9-43C2-8155-E0726F595E6F}
2016-12-22 18:00 - 2016-12-22 18:00 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-22 18:00 - 2016-12-22 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-22 17:59 - 2016-12-22 18:00 - 00000000 ____D C:\Program Files\iTunes
2016-12-22 17:59 - 2016-12-22 17:59 - 00000000 ____D C:\Program Files\iPod
2016-12-22 12:28 - 2017-01-16 19:56 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2016-12-22 09:30 - 2016-12-22 08:44 - 00452937 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161222-093057.backup
2016-12-22 09:18 - 2016-12-22 09:18 - 00032128 _____ (Safer-Networking Ltd.) C:\Users\Dad\SDAV.dll
2016-12-22 08:44 - 2016-12-19 08:11 - 00452781 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161222-084439.backup
2016-12-21 12:21 - 2016-12-21 12:24 - 00000000 ____D C:\AdwCleaner
2016-12-21 12:19 - 2017-01-16 21:41 - 00000000 ____D C:\FRST
2016-12-20 17:15 - 2016-12-20 17:16 - 00000000 ____D C:\Users\Dad\Desktop\New folder (2)
2016-12-20 17:07 - 2016-12-20 17:08 - 06597294 _____ C:\Users\Dad\Desktop\Tracy_Chapman_The_Promise(MP3+CDG_Karaoke)_88338.zip
2016-12-19 16:13 - 2016-12-19 16:14 - 12038186 _____ C:\Users\Dad\Desktop\Stapleton, Chris - Tennessee Whiskey (Instrumental Version) A.mp3
2016-12-19 16:13 - 2016-12-19 16:13 - 11258066 _____ C:\Users\Dad\Desktop\Johnson, Jamey - High Cost Of Living (Backing Track) D.mp3
2016-12-19 16:12 - 2016-12-19 16:13 - 10258427 _____ C:\Users\Dad\Desktop\Bentley, Dierks - Bad Angel (ft Miranda Lambert and Jamey Johnson) (Instrumental Version).mp3
2016-12-19 16:12 - 2016-12-19 16:13 - 05620068 _____ C:\Users\Dad\Desktop\Lynyrd Skynyrd - Free Bird.mp3
2016-12-19 08:11 - 2016-12-17 20:26 - 00452781 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161219-081104.backup
2016-12-17 20:26 - 2016-12-16 09:50 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20161217-202651.backup
2016-12-17 08:43 - 2016-12-17 08:43 - 00003272 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-17 02:44 - 2016-12-17 02:45 - 04619752 _____ (Piriform Ltd) C:\Users\Dad\Downloads\dfsetup221.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-16 21:36 - 2016-10-03 05:51 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-01-16 21:32 - 2016-11-26 04:03 - 00000000 ____D C:\Users\Dad\AppData\LocalLow\Mozilla
2017-01-16 20:19 - 2016-10-03 02:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-15 23:34 - 2012-04-14 19:17 - 00000000 ____D C:\Users\Dad\Documents\Free Sound Recorder
2017-01-15 17:14 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-15 00:05 - 2016-11-27 01:37 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-14 18:42 - 2013-01-04 20:52 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-14 18:42 - 2012-10-03 00:44 - 00000000 ____D C:\Users\Dad\AppData\Local\Google
2017-01-14 17:40 - 2016-10-03 03:04 - 00000000 ____D C:\Users\Dad
2017-01-14 15:58 - 2012-04-14 19:19 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Cool Record Edit Pro
2017-01-14 01:01 - 2015-12-31 22:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-13 23:10 - 2012-07-16 06:22 - 00007668 _____ C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2017-01-13 23:08 - 2013-07-07 09:31 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Dropbox
2017-01-13 23:06 - 2013-08-07 09:19 - 00000000 ___RD C:\Users\Dad\Dropbox
2017-01-13 21:45 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-12 03:46 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-12 01:53 - 2016-10-03 03:26 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 16:05 - 2016-10-03 03:03 - 02421636 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-10 23:59 - 2014-02-04 00:03 - 00000000 ____D C:\temp
2017-01-10 23:44 - 2014-12-02 19:09 - 00000000 ____D C:\Program Files (x86)\Free Sound Recorder
2017-01-10 23:43 - 2014-12-02 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Sound Recorder
2017-01-10 23:02 - 2015-07-02 10:54 - 00000000 ____D C:\Program Files (x86)\KaraFun Player 2
2017-01-10 23:02 - 2012-03-29 13:40 - 00000000 ____D C:\ProgramData\Recisio
2017-01-10 23:01 - 2016-08-30 00:57 - 00000000 ____D C:\Program Files (x86)\KaraokeDX
2017-01-10 22:59 - 2014-02-11 17:22 - 00000000 ____D C:\Users\Dad\AppData\Local\Packages
2017-01-10 21:50 - 2014-12-04 13:31 - 00000000 ____D C:\Users\Dad\Documents\Audio Recorder for Free
2017-01-10 21:43 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-10 21:43 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-10 21:43 - 2014-08-22 20:33 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-10 18:11 - 2015-12-31 11:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-10 18:10 - 2015-08-09 08:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-10 17:57 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-10 17:46 - 2016-10-03 03:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-10 17:46 - 2016-10-03 02:57 - 00206200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-10 17:45 - 2016-07-16 00:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-01-10 17:44 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-10 17:44 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-10 17:44 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-10 17:44 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-10 17:44 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-10 13:58 - 2013-08-16 02:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 13:56 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-10 13:56 - 2012-03-30 20:51 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-09 17:23 - 2015-07-02 10:54 - 00000000 ____D C:\Users\Dad\Downloads\KaraFun Player 2
2017-01-09 13:04 - 2016-11-28 00:59 - 00000034 _____ C:\Users\Dad\Documents\settings_audiomix.dat
2017-01-09 13:04 - 2016-08-30 01:25 - 00001163 _____ C:\Users\Dad\Documents\Playlist.spl
2017-01-09 13:04 - 2016-08-30 01:25 - 00000348 _____ C:\Users\Dad\Documents\settings.dat
2017-01-09 11:56 - 2016-08-30 01:08 - 00000793 _____ C:\Users\Dad\Documents\updates.dat
2017-01-07 22:57 - 2016-03-02 10:37 - 00000000 ____D C:\Users\Dad\Desktop\My Programs
2017-01-07 17:37 - 2016-10-03 03:04 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-07 17:37 - 2015-10-30 00:28 - 00000000 ____D C:\Users\Default.migrated
2017-01-01 22:42 - 2016-02-22 01:45 - 00000000 ____D C:\Program Files (x86)\Paltalk Messenger
2016-12-31 21:52 - 2015-05-07 16:14 - 00000000 ____D C:\Users\Dad\Downloads\lockfile
2016-12-29 20:29 - 2012-03-29 13:13 - 00000000 ____D C:\Users\Dad\AppData\Local\ElevatedDiagnostics
2016-12-22 18:09 - 2007-06-02 16:25 - 02778091 _____ C:\Users\Dad\Desktop\Eagles, The - Please Come Home For Christmas.mp3
2016-12-22 17:59 - 2016-07-16 00:04 - 00000000 ___RD C:\Program Files
2016-12-22 17:59 - 2015-03-04 05:19 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-22 17:55 - 2013-02-11 15:57 - 01224600 _____ C:\Users\Dad\Desktop\Eagles, The - Please Come Home For Christmas.cdg
2016-12-22 17:13 - 2016-07-16 05:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-22 17:13 - 2016-07-16 05:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-22 12:28 - 2015-05-01 08:21 - 00000000 ____D C:\WINDOWS\SoftwareDistribution
2016-12-22 09:27 - 2012-03-30 06:55 - 00000000 ____D C:\Users\Dad\Desktop\My Documents
2016-12-22 09:26 - 2016-12-15 18:59 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-22 09:19 - 2016-02-23 11:33 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-12-21 19:10 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-21 12:40 - 2016-12-16 13:50 - 00000000 ____D C:\EEK
2016-12-21 12:11 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-21 10:49 - 2014-03-10 08:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-12-21 10:48 - 2016-12-15 13:18 - 00524288 ___SH C:\Users\Dad\ntuser.dat{5dee0321-c2f6-11e6-84d9-c3466e69eddc}.TMContainer00000000000000000001.regtrans-ms
2016-12-21 10:48 - 2016-12-15 13:18 - 00065536 ___SH C:\Users\Dad\ntuser.dat{5dee0321-c2f6-11e6-84d9-c3466e69eddc}.TM.blf
2016-12-18 23:56 - 2015-02-05 15:08 - 00000823 _____ C:\DelFix.txt
2016-12-18 11:28 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\assembly
2016-12-18 09:47 - 2016-07-16 05:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-12-18 09:47 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-12-18 09:45 - 2016-02-23 11:38 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-18 01:27 - 2015-06-01 14:29 - 00000000 ____D C:\Users\Dad\Downloads\Ant Videos
2016-12-17 17:34 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-17 17:34 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-17 17:34 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-17 17:34 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-17 17:34 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\config\TxR
2016-12-17 17:34 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-17 17:34 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-17 17:34 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-17 17:34 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-17 17:34 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-17 17:34 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-17 17:34 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-17 08:43 - 2015-12-31 11:53 - 00002403 _____ C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-17 08:43 - 2015-12-31 11:53 - 00000000 ___RD C:\Users\Dad\OneDrive
2016-12-17 08:42 - 2014-03-26 03:28 - 00000000 ____D C:\Users\Dad\AppData\Roaming\Skype
2016-12-17 02:45 - 2012-04-15 16:50 - 00000000 ____D C:\Program Files\Defraggler

==================== Files in the root of some directories =======

2015-09-08 19:53 - 2015-09-08 19:57 - 0030208 ___SH () C:\Users\Dad\AppData\Roaming\Thumbs.db
2013-08-07 06:12 - 2016-02-01 02:26 - 0001167 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.1.txt
2013-08-07 06:12 - 2014-12-02 18:47 - 0000919 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.2.txt
2013-08-07 06:12 - 2014-11-16 00:53 - 0001181 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.3.txt
2013-08-07 06:12 - 2014-03-30 11:59 - 0000919 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.4.txt
2013-08-07 06:12 - 2014-03-29 18:54 - 0001181 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.5.txt
2013-08-07 06:12 - 2013-08-07 06:34 - 0000919 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.6.txt
2013-08-07 06:12 - 2013-08-07 06:12 - 0001181 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.7.txt
2013-08-07 06:12 - 2016-02-21 11:53 - 0000905 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.txt
2013-08-07 06:12 - 2016-02-21 11:53 - 0000000 _____ () C:\Users\Dad\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2012-05-12 15:58 - 2012-05-12 15:58 - 0024597 _____ () C:\Users\Dad\AppData\Roaming\UserTile.png
2014-02-13 10:52 - 2015-02-03 09:23 - 0000136 _____ () C:\Users\Dad\AppData\Roaming\WB.CFG
2015-04-14 22:43 - 2015-04-14 22:43 - 0385602 _____ () C:\Users\Dad\AppData\Local\5DEA8E28_stp.CIS
2015-04-14 22:43 - 2015-04-14 22:43 - 0000204 _____ () C:\Users\Dad\AppData\Local\5DEA8E28_stp.CIS.part
2012-04-14 21:46 - 2016-04-04 03:05 - 0134656 _____ () C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-02 22:37 - 2015-02-03 09:24 - 0000010 _____ () C:\Users\Dad\AppData\Local\DSI.DAT
2012-08-18 05:51 - 2015-04-28 06:15 - 0027486 _____ () C:\Users\Dad\AppData\Local\HWVendorDetection.log
2013-01-10 08:07 - 2013-01-10 08:07 - 0000866 _____ () C:\Users\Dad\AppData\Local\recently-used.xbel
2012-07-16 06:22 - 2017-01-13 23:10 - 0007668 _____ () C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2015-05-05 15:42 - 2015-05-07 16:13 - 0000700 ___SH () C:\Users\Dad\AppData\Local\systemFL7.dat
2017-01-10 10:41 - 2017-01-10 10:41 - 25416816 _____ (One Click Root) C:\Users\Dad\AppData\Local\TempOneClickRoot.exe
2012-03-29 12:09 - 2012-03-29 12:09 - 0017408 _____ () C:\Users\Dad\AppData\Local\WebpageIcons.db
2015-09-19 11:43 - 2015-09-19 11:43 - 0000000 _____ () C:\Users\Dad\AppData\Local\{5AB25B4F-5297-4C81-9E38-79FB86AF6283}
2015-09-18 11:43 - 2015-09-18 11:43 - 0000000 _____ () C:\Users\Dad\AppData\Local\{6B8D2950-B7CD-47EB-A0CA-0B0E1B4803C7}
2016-10-03 03:00 - 2016-10-03 03:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-11-19 02:10 - 2012-11-19 02:10 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Dad\SDAV.dll

Some files in TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\A~NSISu_.exe
C:\Users\Dad\AppData\Local\Temp\pal_install_r1111_3.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-14 03:55

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017
Ran by Dad (16-01-2017 21:42:08)
Running from C:\Users\Dad\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-03 09:31:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2107755742-302254199-1763176924-500 - Administrator - Disabled)
Dad (S-1-5-21-2107755742-302254199-1763176924-1001 - Administrator - Enabled) => C:\Users\Dad
DefaultAccount (S-1-5-21-2107755742-302254199-1763176924-503 - Limited - Disabled)
Guest (S-1-5-21-2107755742-302254199-1763176924-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2107755742-302254199-1763176924-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Spybot - Search and Destroy (Enabled - Up to date) {1A0DDE8C-B4BA-EFDD-22A8-0F557C7985F0}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe PDF ePub DRM Removal 4.7.1 (HKLM-x32\...\{C9DD56CA-BAE9-452A-AFE9-834C7770D1A3}) (Version: 4.7.1 - EPUBSOFT)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
BEHRINGER UFX 1394 Drivers v6.11.0.0 (HKLM-x32\...\BEHRINGER UFX 1394 Drivers v6.11.0.0) (Version: 6.11.0.0 - BEHRINGER)
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version: - )
Best Buy pc app (Version: 3.3.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.3.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version: - )
Canon MP160 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.2531.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dropbox (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Dropbox) (Version: 17.4.33 - Dropbox, Inc.)
Dwyco CDC-X version 2.14 (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\Dwyco CDC-X_is1) (Version: 2.14 - Dwyco, Inc.)
Easy Thumbnails (Remove only) (HKLM-x32\...\Easy Thumbnails_is1) (Version: 3.0 - Fookes Software)
EasyTether (HKLM-x32\...\{6f3b40d5-c81b-469b-a7a2-b560f8561a8c}) (Version: 1.3.3 - Mobile Stream)
EasyTether (Version: 1.3.3 - Mobile Stream) Hidden
EasyTether ADB USB driver (HKLM\...\{767071E2-19B8-45D0-B283-776A6403C9BC}) (Version: 1.0.6 - Mobile Stream)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Free Sound Recorder v10.8.8 (HKLM-x32\...\Free Sound Recorder_is1) (Version: - Copyright(C) 2005-2015 FreeSoundRecorder Technologies, Inc.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3503 - Gateway Incorporated)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Gateway Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Paltalk Ad Remover 4.0 (HKLM-x32\...\Paltalk Ad Remover_is1) (Version: - The Anubis Group (T.A.G.))
Paltalk Messenger 11.8 (HKLM-x32\...\Paltalk Messenger) (Version: 11.8.660.17897 - AVM Software Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.4 - Tweaking.com)
VisioForge Video Capture SDK Delphi Redist (x32 Version: 6.2.0.2 - VisioForge) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3504 - Gateway Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2107755742-302254199-1763176924-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2107755742-302254199-1763176924-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2107755742-302254199-1763176924-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2107755742-302254199-1763176924-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2107755742-302254199-1763176924-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2107755742-302254199-1763176924-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2107755742-302254199-1763176924-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2107755742-302254199-1763176924-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2107755742-302254199-1763176924-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2107755742-302254199-1763176924-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2107755742-302254199-1763176924-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2107755742-302254199-1763176924-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2107755742-302254199-1763176924-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Dad\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05FC178C-56A7-4277-B294-98EC7B2F296F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0642325B-D49D-4797-BC3D-2F56533546BB} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {09EEC63B-21B8-4656-86A9-CCDD9C10A77F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {0B699188-E512-462A-B544-A2D6583B33A0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {0C2D3057-5CEB-442F-B5D9-E881BA867A91} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0D30CE93-DA2D-4FC3-9264-30875CB21487} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {19F431AE-BF17-495C-8144-A9292B825820} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {247DCB5E-3BAB-41BB-837B-754F0E509BE3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {328A8A45-78B3-4AB7-95C5-EF5DE9F17634} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {346B439C-CE11-4CE0-B14C-D2FD4E18F124} - System32\Tasks\{1DD8B5E2-C122-4D1F-9758-9B0F5D4479E4} => pcalua.exe -a "C:\Users\Dad\Desktop\My Documents\mp160win64111ea23.exe" -d "C:\Users\Dad\Desktop\My Documents"
Task: {35E50A07-EC32-4024-AA11-31B368248FEE} - System32\Tasks\{D6BB3A59-B46C-4DDF-85E3-A7CC61C4B4CC} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {3CD9F767-3594-4327-B21E-BE3E78C49122} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2107755742-302254199-1763176924-1001Core => C:\Users\Dad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-10] (Dropbox, Inc.)
Task: {46C787DD-5FAA-401F-A2EC-45722C2BB037} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {47D37117-9262-4ECC-9275-2F6B724DFDCB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {490D819C-47D5-456C-A5EB-EEFBD6B58C82} - System32\Tasks\{62ACF029-05DB-43E9-B5E0-E093E965ED01} => C:\Program Files (x86)\Paltalk Messenger\paltalk.exe [2016-11-29] (AVM Software Inc.)
Task: {4DDEDFB7-CEA5-4AAA-B661-F92AB35DC2B6} - System32\Tasks\{52699817-CDA0-4364-99EA-08B994C0A3C5} => pcalua.exe -a C:\Users\Dad\AppData\Local\Microsoft\Windows\INetCache\IE\JN1UBZIK\SAMSUNG_USB_Driver_for_Mobile_Phones_1.5.51_S7FanClub.com[1].exe
Task: {54404098-799A-4096-84BD-710DFE05A07C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {57F10B8A-E6DC-41AF-836F-3D3323A974EC} - System32\Tasks\{8438242B-619B-42CD-9AD1-2D389FF75225} => C:\Program Files (x86)\Paltalk Messenger\paltalk.exe [2016-11-29] (AVM Software Inc.)
Task: {5B316E75-6FB9-4B95-A0AD-82F7C6DDF39B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60901772-3EBA-4F28-9FD1-33195A01BEBB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {60ADB0E8-986E-465B-9524-4FD0AB47C474} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {62037395-D8DC-43DF-B63C-E957E45359EF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {65FBC813-8ECD-4300-99D3-4822AFCDAFE9} - System32\Tasks\{F2D720B6-011A-46ED-9209-2320052E5916} => pcalua.exe -a C:\PROGRA~2\Yahoo!\MESSEN~1\UNWISE.EXE -c /U C:\PROGRA~2\Yahoo!\MESSEN~1\INSTALL.LOG
Task: {73E9C59F-105A-45BF-94D2-701B3CA13E1F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {7CAFE4F0-A049-4D19-943C-C2D088C6E8E2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7E8E0548-709E-4F53-8A65-66199E754643} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {7F1C1925-8490-415C-A841-6F977751A2E3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {849F1300-7E11-4394-9583-4EF949725339} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {892BAF73-A76B-48C2-AFBA-602B7E41BF23} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2107755742-302254199-1763176924-1001UA => C:\Users\Dad\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-10] (Dropbox, Inc.)
Task: {8C25C726-0EDD-419C-ABAE-AB81DD4A8954} - System32\Tasks\{DF80F471-10C4-4247-BCB7-5B67BA005FD2} => pcalua.exe -a C:\Users\Dad\Desktop\ts_webcam.exe -d C:\Users\Dad\Desktop
Task: {8D943107-6A50-440B-8E05-7B77AD0A1BEB} - System32\Tasks\{D9E1C870-B7E8-4995-8A98-D579504F6B41} => C:\Program Files (x86)\Paltalk Messenger\paltalk.exe [2016-11-29] (AVM Software Inc.)
Task: {8DBC6D03-E498-4514-9949-6D4C7891D738} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {927A7E6F-EBCC-48C4-A626-700719C2FE45} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {9525BDE6-DCD8-4885-B91B-E8146E82D044} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {9B2A2994-5FD2-4CE4-85BA-8CD11CAFBAC2} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {AA26CECC-7273-4F5C-B09E-975C83493CCE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {AC02B179-5E5A-44FC-8987-89261C1B6B9C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AE3C4923-DF05-46BF-9F7D-71972FD7EF73} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {CA83AF7A-939E-4895-816B-5147BA26B46B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {CC559984-9D4A-47FF-960E-654E41B282CE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CE4612D6-865E-46E6-A8C8-E78BF08ACC3D} - System32\Tasks\NBAgent => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
Task: {D6E11DB4-11F4-49E0-AD2B-347E51ECD4F9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {E6392F7E-8094-4810-A3A2-612265F0F48F} - System32\Tasks\{F126331D-C6F2-47BE-94F5-C17820994183} => pcalua.exe -a "C:\Program Files (x86)\NCH Software\Recordpad\uninst.exe"
Task: {EE065ECC-DCCD-4639-B191-A6348A638A97} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {F0C8FD3D-AA77-45AC-86EF-395619E4E23F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FBFEE3D5-BBAF-4BE9-987C-53B669156BC9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FF5AE516-004E-406B-8236-DF11EE525F5D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2107755742-302254199-1763176924-1001Core.job => C:\Users\Dad\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2107755742-302254199-1763176924-1001UA.job => C:\Users\Dad\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-16 10:41 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-16 10:41 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-16 10:41 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-17 08:42 - 2016-12-17 08:42 - 01678560 _____ () C:\Users\Dad\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2016-11-25 06:52 - 2016-09-06 22:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 13:45 - 2016-12-21 01:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-12-16 09:49 - 2016-12-16 09:49 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-16 09:49 - 2016-12-16 09:49 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-16 09:49 - 2016-12-16 09:49 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-16 09:49 - 2016-12-16 09:49 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-01-10 13:44 - 2016-12-21 00:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 13:44 - 2016-12-21 00:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 13:44 - 2016-12-21 00:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 13:44 - 2016-12-21 00:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 13:44 - 2016-12-21 00:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 13:44 - 2016-12-21 00:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-24 20:26 - 2016-11-24 20:26 - 01369288 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7766.57671.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-01-13 21:44 - 2017-01-13 21:45 - 13170376 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7766.57671.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2016-11-24 20:27 - 2016-11-24 20:27 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-24 20:27 - 2016-11-24 20:27 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-08-25 19:44 - 2016-08-25 19:44 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-24 20:27 - 2016-11-24 20:27 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-24 20:27 - 2016-11-24 20:27 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2016-03-03 12:36 - 2016-03-03 12:36 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-06 11:44 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-04-06 11:44 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-04-06 11:44 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-04-06 11:44 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-04-06 11:44 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-04-06 11:44 - 2014-04-25 13:11 - 02972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll
2016-12-17 08:42 - 2016-12-17 08:42 - 01244376 _____ () C:\Users\Dad\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7924 more sites.

IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\123simsen.com -> www.123simsen.com

There are 7925 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2017-01-16 21:28 - 00453045 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15574 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2107755742-302254199-1763176924-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dad\Desktop\My Documents\cowhide cove 2016\20160830_184637.jpg
DNS Servers: 192.168.42.129
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Behringer UFX 1394 Control Panel.lnk => C:\Windows\pss\Behringer UFX 1394 Control Panel.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\Windows\pss\PalTalk.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Dad\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: Google Update => "C:\Users\Dad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Dad\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: InstaLAN => "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Downloads\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "LWS"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\StartupFolder: => "PalTalk.lnk.disabled"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2107755742-302254199-1763176924-1001\...\StartupApproved\Run: => "Chromium"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{420A8C90-6036-43CC-B958-5DC028487D97}] => C:\Users\Dad\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{42F398C6-2412-4286-B359-A22CE3258F9D}] => %systemroot%\system32\alg.exe
FirewallRules: [{E5B4F0D5-44FB-4590-9BA8-B38DF964AA36}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E86E9DFF-8082-4A8E-BCE8-7E87ACEE548A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{712D7705-28BD-444D-BB14-5C08AACD5F01}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{25510813-0968-4D57-BADB-1614F2A92B15}] => LPort=2869
FirewallRules: [{5F1AFC8C-6B84-4793-86F5-52029CD4189E}] => LPort=1900
FirewallRules: [{A687E5CE-0A6E-4268-AFA0-7509E2AB6F25}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3E6FC240-35CB-4367-971D-76F632AE4C1F}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{458FF205-4A97-49FB-AB17-2C16B022C60D}] => C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [TCP Query User{B48A3653-063C-4BC6-9E97-F38F05A37958}C:\program files (x86)\paltalk messenger\paltalk.exe] => C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{29FD2029-71D3-48E8-9A43-DAB6570B0073}C:\program files (x86)\paltalk messenger\paltalk.exe] => C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [TCP Query User{24B25CDC-08A1-4E14-B1DF-B7DC664138F1}C:\program files (x86)\paltalk messenger\paltalk.exe] => C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{CF2BC875-58A7-415E-A772-9CA44888D394}C:\program files (x86)\paltalk messenger\paltalk.exe] => C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{97F933F3-EC17-427B-8EBB-7F2D7A6D1CE1}] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{E6E34D32-678E-4AE5-ACA1-6201219331F1}] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{FE719458-9E14-4060-855E-9B16B652E79C}] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{C729B18C-1248-4143-988D-C2F09B9245C3}] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{7F3BAE04-783C-4EC4-A1D9-84B2328AD2F3}] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{7D117006-121E-44D7-B8BD-0E9940813790}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2DE2F26-58C2-4E6F-B81E-A14D40EA6438}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D4B19791-A9CE-47CD-B264-7747FE49518A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C403502F-E4EB-4619-9427-96A11B58CB6D}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2C4C24F7-5407-4E4A-815A-FA6792CE86FF}] => C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{CC7FCCAA-A7D3-4B92-9FAA-0BF793787466}] => C:\Users\Dad\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{4E9D1ED0-3352-49AE-B03F-E0D61A926463}C:\users\dad\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\dad\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{3799D7BD-ED7E-417E-AC3A-D58D4BCC5F9C}C:\users\dad\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\dad\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{F7CF7ECB-94EB-4CA3-9A5E-67955BF062B0}] => C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{0FF1312A-2580-4B26-8D5A-DB0969DA2781}] => C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{A2879CD7-982F-4A67-AF96-452BFA8A845E}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [UDP Query User{A233DB83-0FF4-43B0-A9C7-799A646CAD4D}C:\users\dad\documents\dwyco\cdc-x\cdcx.exe] => C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [{D8D967FB-F64F-4D82-B01A-FD01759A176F}] => C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [{A647DBE1-C08B-4426-A9E9-E562C5D96E07}] => C:\users\dad\documents\dwyco\cdc-x\cdcx.exe
FirewallRules: [{B7262FA6-148B-4409-BC62-F7592EBE592B}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6CADE55D-9590-4686-ABAB-7FB7317CC262}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2372B3DA-DE89-4891-834E-880A59C6E54A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7D05AA06-A396-4473-A973-14E77DA3C076}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D3876269-C714-4A99-A94B-9BDBF1BF891A}] => C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

26-12-2016 18:41:09 Scheduled Checkpoint
04-01-2017 13:35:38 Scheduled Checkpoint
07-01-2017 20:59:20 Windows Update
10-01-2017 10:41:38 Installed One Click Root

==================== Faulty Device Manager Devices =============

Name: Microsoft Wi-Fi Direct Virtual Adapter #4
Description: Microsoft Wi-Fi Direct Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Wi-Fi Direct Virtual Adapter #5
Description: Microsoft Wi-Fi Direct Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2017 09:41:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program osk.exe version 10.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 48fc

Start Time: 01d270736df7cf78

Termination Time: 4

Application Path: C:\Windows\System32\osk.exe

Report Id: b37086c0-dc66-11e6-84e7-e840f20c0b8d

Faulting package full name:

Faulting package-relative application ID:

Error: (01/16/2017 09:37:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/16/2017 09:36:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/16/2017 05:02:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SDWelcome.exe, version: 2.4.40.130, time stamp: 0x535a5196
Faulting module name: rtl150.bpl, version: 15.0.3953.35171, time stamp: 0x4cca139f
Exception code: 0xc0000005
Fault offset: 0x0000a116
Faulting process id: 0x4e14
Faulting application start time: 0x01d2704c84c52352
Faulting application path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
Faulting module path: C:\Program Files (x86)\Spybot - Search & Destroy 2\rtl150.bpl
Report Id: 1ff4f031-b082-4053-afd8-1c119e023e05
Faulting package full name:
Faulting package-relative application ID:

Error: (01/16/2017 02:06:10 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error: (01/15/2017 10:24:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Bridges1.local already in use; will try Bridges1-2.local instead

Error: (01/15/2017 10:24:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 Bridges1.local. Addr 169.254.170.49

Error: (01/15/2017 10:24:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 169.254.170.49:5353 16 Bridges1.local. AAAA 2600:0380:B230:DA8D:B0E2:8222:65E7:AA31

Error: (01/15/2017 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/15/2017 02:06:13 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: HTTP status 403: The client does not have sufficient access rights to the requested server object.

System errors:
=============
Error: (01/13/2017 08:17:10 PM) (Source: DCOM) (EventID: 10001) (User: BRIDGES1)
Description: Unable to start a DCOM Server: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\System32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider

Error: (01/10/2017 06:15:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2017 06:12:28 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/10/2017 06:12:23 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/10/2017 06:12:14 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/10/2017 06:12:09 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/10/2017 06:12:04 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/10/2017 06:11:59 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/10/2017 06:11:51 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (01/10/2017 06:11:46 PM) (Source: DCOM) (EventID: 10001) (User: BRIDGES1)
Description: Unable to start a DCOM Server: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\System32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider

CodeIntegrity:
===================================
Date: 2017-01-16 18:01:56.140
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Store signing level requirements.

Date: 2017-01-16 18:01:56.137
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Store signing level requirements.

Date: 2017-01-16 18:01:56.132
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Store signing level requirements.

Date: 2017-01-16 18:01:55.963
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Store signing level requirements.

Date: 2017-01-16 18:01:55.960
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Store signing level requirements.

Date: 2017-01-16 18:01:55.958
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Store signing level requirements.

Date: 2017-01-16 18:01:55.830
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Store signing level requirements.

Date: 2017-01-16 18:01:55.827
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Store signing level requirements.

Date: 2017-01-16 18:01:55.822
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Store signing level requirements.

Date: 2017-01-16 18:01:55.551
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 56%
Total physical RAM: 6048.27 MB
Available physical RAM: 2652.75 MB
Total Virtual: 12192.27 MB
Available Virtual: 7082.52 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:918.41 GB) (Free:772.65 GB) NTFS
Drive d: (AppDrv1) (CDROM) (Total:2.6 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5D81C09C)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=918.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

↧

Anti-Beacon: OneDrive keeps popping up in the Options after having been Immunized.

January 18, 2017, 3:09 pm

≫ Next: CSE removal

≪ Previous: I'm back and need help

Hi, I just found this site. Ive been using Anti-Beacon for the last week. The program works great, the only thing I have had difficulty with is OneDrive service under the Options tab keeps coming back after selecting and immunizing OneDrive. I went all the way to simply immunizing OneDrive (selecting under Options tab and immunizing under Protection tab) closing out of Anti-Beacon, and then re-opening Anti-Beacon immediately after closing the program, and, even then, OneDrive pops back up. Right after Immunizing it. Im not sure if Im missing something, or if i have deleted OneDrive. I read the log, or tried to read it as best I could ( Im new to programming, and computers in general) and the log says something like "OneDrive doesnt exist" or "cannot be found", something like that. I was wondering if anyone has the answer to this.

-Marcchus_2341

↧

CSE removal

January 19, 2017, 4:58 pm

≫ Next: No Telemetry Hosts - Only 31% (19 of 61) Protected

≪ Previous: Anti-Beacon: OneDrive keeps popping up in the Options after having been Immunized.

Hello, first of all i got infected by CSE and cant remove it. I read a lot of threads online about unchecking proxy server in chrome LAN settings for temporary fix, but that doesnt help. I read about deleting dsq and windows security folders in program data, but i dont even have that folders. I ran all kinds of antivirus/malware scans, but nothing helped. When PC starts, avira is alerting TR/Wdfload.crqun virus located in C/Windows/temp...
I ran FRST scan and ill upload results.

Thanks in advance.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
Ran by user (administrator) on USER-PC (20-01-2017 01:28:50)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Windows\Temp\g476D.tmp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Valve Corporation) D:\stimara\Steam.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Valve Corporation) D:\stimara\bin\cef\cef.win7\steamwebhelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [917576 2016-12-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1618930824-4051046816-776268447-1000\...\Run: [Steam] => D:\stimara\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-1618930824-4051046816-776268447-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-1618930824-4051046816-776268447-1000\...\MountPoints2: {04e1c22c-cff7-11e5-a4da-305a3a06d8ac} - E:\setup.exe
HKU\S-1-5-21-1618930824-4051046816-776268447-1000\...\MountPoints2: {850f7c7c-4a81-11e6-b459-305a3a06d8ac} - F:\setup.exe
HKU\S-1-5-21-1618930824-4051046816-776268447-1000\...\MountPoints2: {a2affad4-4db9-11e4-8402-806e6f6e6963} - E:\Bin\ASSETUP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-03-25]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TotalVPN.lnk [2016-06-07]
ShortcutTarget: TotalVPN.lnk -> C:\Users\user\AppData\Local\TotalVPN\TotalVPN.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{AA11746C-2B99-4761-AC8F-AF924F511077}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKU\S-1-5-21-1618930824-4051046816-776268447-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1618930824-4051046816-776268447-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\w47dog1w.default [2017-01-20]
FF Extension: (Avira Browser Safety) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\w47dog1w.default\Extensions\abs@avira.com.xpi [2016-02-06]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2017-01-20]
CHR Extension: (Google Translate) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-02-17]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-05]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-05]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-05]
CHR Extension: (FACEIT HELPER) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjdhcabjnhhifipbnopnfpfidkafanjf [2017-01-15]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-05]
CHR Extension: (Ban Checker for Steam) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\canbadmphamemnmdfngmcabnjmjgaiki [2016-10-13]
CHR Extension: (Adblock Plus) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-05]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-05]
CHR Extension: (Ban Checker For Steam With History) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidfhokmiihfkmkhgpacakihkehklhka [2016-11-26]
CHR Extension: (Avira Browser Safety) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-01-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-05]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1089592 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [476736 2016-12-15] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1490296 2016-12-15] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2014-10-06] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; D:\orgin\Origin\OriginClientService.exe [2104840 2016-02-21] (Electronic Arts)
S3 OVPNService; C:\Users\user\AppData\Local\TotalVPN\OVPN.Service.exe [20080 2016-06-28] ()
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176464 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148032 2016-12-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-05-11] (Avira Operations GmbH & Co. KG)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows (R) Win 7 DDK provider)
R3 DFX12; C:\Windows\System32\drivers\dfx12x64.sys [29688 2015-11-12] (Windows (R) Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-02-07] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-02-07] (Disc Soft Ltd)
S1 FACEIT; C:\Windows\System32\Drivers\FACEIT.sys [3868168 2016-12-10] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [54736 2017-01-20] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [59608 2014-09-02] (Realtek Corporation)
R3 ssdevfactory; C:\Windows\System32\DRIVERS\ssdevfactory.sys [40576 2016-03-09] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [51400 2016-02-02] (SteelSeries ApS)
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 vdrive; system32\DRIVERS\vdrive.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-20 01:28 - 2017-01-20 01:29 - 00020285 _____ C:\Users\user\Desktop\FRST.txt
2017-01-20 01:08 - 2017-01-20 01:08 - 00132663 _____ C:\Users\user\Desktop\bookmarks_1_20_17.html
2017-01-20 00:55 - 2017-01-20 00:55 - 00004379 _____ C:\Users\user\Desktop\JRT.txt
2017-01-20 00:51 - 2017-01-20 00:49 - 02419712 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2017-01-20 00:49 - 2017-01-20 01:28 - 00000000 ____D C:\FRST
2017-01-20 00:26 - 2017-01-20 00:26 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-01-20 00:25 - 2017-01-20 01:14 - 00000000 ____D C:\Windows\pss
2017-01-20 00:19 - 2017-01-20 00:19 - 00000728 _____ C:\Windows\system32\.crusader
2017-01-20 00:11 - 2017-01-20 00:23 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-19 23:10 - 2017-01-20 01:24 - 00000000 ____D C:\AdwCleaner
2017-01-19 22:50 - 2017-01-20 01:29 - 00016702 _____ C:\Windows\System32\Tasks\564b79n60w937
2017-01-19 22:50 - 2017-01-19 22:50 - 00001431 ___RS C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Eхplоrer.lnk
2017-01-19 22:50 - 2017-01-19 22:50 - 00001427 ___RS C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Eхрlоrеr (64-bit).lnk
2017-01-19 22:50 - 2017-01-19 22:50 - 00000000 ___HD C:\ProgramData\564b79n60w937
2017-01-19 00:34 - 2017-01-19 00:35 - 00000000 ____D C:\ProgramData\Google
2017-01-19 00:34 - 2017-01-19 00:34 - 00000000 ____D C:\Program Files (x86)\GUMA5B6.tmp
2017-01-13 15:04 - 2017-01-13 15:04 - 00517625 _____ C:\Users\user\Desktop\dojavaaa.psd
2017-01-13 14:46 - 2017-01-13 14:53 - 00000000 ____D C:\Users\user\Desktop\photoshop
2017-01-11 00:55 - 2017-01-11 00:55 - 00000112 _____ C:\Users\user\AppData\Roaming\JP2K CS6 Prefs
2017-01-09 15:13 - 2017-01-09 15:13 - 00000000 _____ C:\Users\user\Desktop\New Text Document.txt
2017-01-09 15:03 - 2017-01-09 15:03 - 00003498 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-user-PC-user
2017-01-09 14:58 - 2017-01-09 14:58 - 00000934 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2017-01-09 14:58 - 2017-01-09 14:58 - 00000000 ____D C:\Users\user\Documents\Adobe
2017-01-09 14:58 - 2017-01-09 14:58 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-01-09 14:53 - 2017-01-09 14:58 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-01-09 14:53 - 2017-01-09 14:58 - 00000000 ____D C:\Program Files\Adobe Photoshop CC 2015
2017-01-09 14:52 - 2017-01-09 14:52 - 00001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2017-01-09 14:52 - 2017-01-09 14:52 - 00001518 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2017-01-09 14:49 - 2017-01-09 14:49 - 00000000 ____D C:\Users\user\AppData\Roaming\Macromedia
2016-12-29 15:01 - 2016-12-29 15:01 - 00025938 _____ C:\Users\user\Desktop\gpp2dioaaaa.docx
2016-12-25 00:04 - 2016-12-25 00:04 - 00000000 ____D C:\Program Files (x86)\Square Enix
2016-12-24 22:52 - 2016-12-25 00:39 - 00000000 ____D C:\Users\user\Documents\Thief
2016-12-24 16:22 - 2017-01-19 22:51 - 00000000 ____D C:\Users\user\AppData\LocalLow\BitTorrent
2016-12-24 11:45 - 2016-12-24 11:45 - 00000000 _____ C:\Users\user\Desktop\pitanjagpp2.docx
2016-12-23 15:31 - 2016-12-23 15:31 - 00000000 ____D C:\Users\user\AppData\Local\2K Games
2016-12-23 15:08 - 2016-12-23 15:08 - 00000800 _____ C:\Users\Public\Desktop\Mafia II.lnk
2016-12-23 15:08 - 2016-12-23 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2016-12-22 00:16 - 2016-12-22 00:16 - 00000510 _____ C:\Users\Public\Desktop\Fraps.lnk
2016-12-22 00:16 - 2016-12-22 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-20 01:18 - 2016-09-27 14:58 - 00000000 ____D C:\Users\user\AppData\Local\HTC MediaHub
2017-01-20 01:18 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-19 23:57 - 2009-07-14 05:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-19 23:57 - 2009-07-14 05:45 - 00026544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-19 23:11 - 2016-02-24 01:50 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps
2017-01-19 22:56 - 2016-02-07 20:31 - 00000000 ____D C:\Users\user\AppData\Roaming\BitTorrent
2017-01-19 02:01 - 2009-07-14 06:13 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-19 02:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-19 02:00 - 2016-02-04 19:10 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2017-01-19 00:35 - 2016-02-05 03:22 - 00000000 ____D C:\Users\user\AppData\Local\Google
2017-01-19 00:35 - 2016-02-04 19:10 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
2017-01-16 20:28 - 2016-04-09 01:22 - 00101376 ____H C:\Users\user\Desktop\photothumb.db
2017-01-13 15:40 - 2016-10-07 01:09 - 00000000 ____D C:\Users\user\Desktop\Originals
2017-01-11 02:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-10 14:02 - 2014-10-06 17:13 - 00000000 ____D C:\ProgramData\Adobe
2017-01-09 20:20 - 2016-06-15 20:21 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2017-01-09 20:12 - 2016-07-24 18:58 - 00000000 ____D C:\Users\user\Downloads\PopcornTime
2017-01-09 15:06 - 2016-03-12 17:44 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2017-01-09 14:55 - 2016-02-04 18:57 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-05 22:18 - 2016-03-26 15:10 - 00000000 ____D C:\Users\user\Desktop\alo
2016-12-30 20:04 - 2016-02-14 18:14 - 00000000 ____D C:\Users\user\AppData\Local\Diagnostics
2016-12-24 16:22 - 2014-10-06 16:40 - 00000000 ____D C:\Users\user\AppData\LocalLow
2016-12-23 15:31 - 2016-02-05 22:36 - 00000000 ____D C:\Users\user\AppData\Roaming\NVIDIA

==================== Files in the root of some directories =======

2017-01-11 00:55 - 2017-01-11 00:55 - 0000112 _____ () C:\Users\user\AppData\Roaming\JP2K CS6 Prefs
2014-10-06 16:56 - 2014-10-06 16:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 04:24] - [2014-10-06 16:39] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 04:24] - [2014-10-06 16:39] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-13 16:06

==================== End of FRST.txt ============================

Attached Files

FRST.txt (27.5 KB)
Addition.txt (37.1 KB)

↧

No Telemetry Hosts - Only 31% (19 of 61) Protected

January 22, 2017, 8:58 am

≫ Next: Two SBS&D Installs?

≪ Previous: CSE removal

Running Windows 10. Ran Spybot Anti-Beacon version 6.1 as administrator.

Results:
31% protected (19 of 61).
Telemetry Hosts [no blocks yet!]
Telemetry Hosts (extensive list) [no blocks yet!]

Log:
[i] Telemetry Hosts: 0 entries found in hosts file (C:\WINDOWS\System32\drivers\etc\hosts.).
[.] (TWindows10TelemetryHostsImmunization)
[i] Telemetry Hosts (extensive list): 0 entries found in hosts file (C:\WINDOWS\System32\drivers\etc\hosts.).
[.] (TWindows10TelemetryHostsOptionalImmunization)
[-] snlServiceRunning.OpenServiceW (error code 1060: The specified service does not exist as an installed service.)
[-] snlServiceConfig.OpenServiceW (error code 1060: The specified service does not exist as an installed service.)
[i] OneDrive Service: Unable to read status for service "OneSyncSvc_Session1" (error 1060: The specified service does not exist as an installed service.).
[.] (TWindows10OneDriveServicesImmunization)

Contents of C:\Windows\System32\drivers\etc\host file:
[no entry lines below remarks statements]

I've tried the portable, stand-alone, and full-install versions. Should I try an older version? Or is it possible that I may have blocked telemetry hosts at an earlier time?
Thanks

↧

Two SBS&D Installs?

January 22, 2017, 10:29 am

≫ Next: Fareit and keylogger

≪ Previous: No Telemetry Hosts - Only 31% (19 of 61) Protected

Installed latest Spybot from Safer-Networking 1-22-2017 in Windows 10 Pro. After updating definitions, ran the Post Win 10 Spybot Installer. All is well! Right? Not so much. As the install proceeded, I noticed the dialogue box for input of desired install location flashed before my eyes, highlighted in (copy and paste) blue, but did not wait for me to give an installation location. Instead the installer put SBS&D in a location despite me. Imagine my surprise when I open File Explorer and find two complete Spybot installations! One installation in the original desired location set and one on the C: drive, where the Post Win 10 installer decided to put it. Files size, file count and folder count was the same in both locations.

Including the Win 10 Update installer is a great idea, but the user should retain control of the installation location.

↧

Fareit and keylogger

January 22, 2017, 8:00 pm

≫ Next: new thread via malware forum

≪ Previous: Two SBS&D Installs?

I have been running Defender and it finds these 2 but can not seem to remove them. Help please?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by Shane (administrator) on OBERON (22-01-2017 18:52:43)
Running from C:\Users\Shane\Desktop
Loaded Profiles: Shane (Available Profiles: Shane)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dell) C:\Program Files\Dell\Click 2 Fix+\srvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.CRESTRON\MSSQL\Binn\sqlservr.exe
(Waves Audio Ltd.) C:\Windows\SysWOW64\SGDawNodeService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(RME) C:\Windows\System32\madifaceusb.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
(RME) C:\Windows\System32\TotalMixFX.exe
(Alienware Corp.) C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Dell) C:\Program Files\Dell\Click 2 Fix+\cust.exe
(Dell) C:\Program Files\Dell\Click 2 Fix+\cutil.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\VPREVIEW.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\regedit.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [35576 2015-06-30] (Alienware)
HKLM\...\Run: [GraphicsAmplifierSW] => [X]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-09] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-04-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Blackmagic Streaming Server] => C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\BMDStreamingServer.exe [995840 2015-09-01] ()
HKLM\...\Run: [Blackmagic CheckVersion PCI] => C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersionPCI.exe [107595568 2015-09-01] (Blackmagic Design)
HKLM\...\Run: [GlobalProtect] => C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [2108744 2016-06-21] (Palo Alto Networks)
HKLM\...\Run: [MadifaceeUsbTray1] => C:\Windows\system32\madifaceusb.exe [420848 2016-11-29] (RME)
HKLM\...\Run: [FirefaceMixTray2] => C:\Windows\system32\TotalMixFX.exe [23932768 2016-11-29] (RME)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [DellCApp] => C:\Program Files\Dell\Click 2 Fix+\capp.exe -l
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Recon3Di SBX Control Panel] => c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [1129984 2014-03-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [DME-N Network Driver] => C:\Windows\SysWOW64\DME-N Network Driver.exe [395208 2010-06-23] (Yamaha Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3697776 2012-06-21] (brother)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [3746232 2015-10-15] (Alienware Corp.)
HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM-x32\...\Run: [Blackmagic CheckVersion] => C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\CheckVersion.exe
HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [949960 2016-04-01] (CyberLink Corp.)
HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\MountPoints2: {3b5ae955-c3d5-11e5-8261-9cb6d005425c} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\MountPoints2: {f9b2a238-6959-11e6-82b4-f8cab83f1bab} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\Winlogon: [Shell] - <==== ATTENTION
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175552 2016-04-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2016-04-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2016-06-22]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-12-27]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-10-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Audinate\Shared Files\mdnsNSP.dll [171480 2016-05-04] (Audinate Pty. Ltd.)
Winsock: Catalog5-x64 07 C:\Program Files\Audinate\Shared Files\mdnsNSP.dll [179712 2016-05-04] (Audinate Pty. Ltd.)
Tcpip\Parameters: [DhcpNameServer] 172.20.50.1
Tcpip\..\Interfaces\{6D3AF994-497F-4BEB-8618-AA8C2BB36039}: [DhcpNameServer] 172.20.50.1
Tcpip\..\Interfaces\{B9250369-1CC1-4BF3-BB1E-2181F9B3B00C}: [DhcpNameServer] 172.16.50.1

Internet Explorer:
==================
HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001 -> DefaultScope {59C36AC4-52C1-4364-8A53-3BB570A91AD3} URL =
SearchScopes: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001 -> {59C36AC4-52C1-4364-8A53-3BB570A91AD3} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-04-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4124817852-1649296433-1094762776-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Shane\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-01-12] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Shane\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-02-11] (Cisco WebEx LLC)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default [2017-01-22]
CHR Extension: (Google Slides) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-05]
CHR Extension: (Google Docs) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-05]
CHR Extension: (Google Drive) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-05]
CHR Extension: (Turn Off the Lights) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2017-01-03]
CHR Extension: (YouTube) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-05]
CHR Extension: (Google Search) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-05]
CHR Extension: (Adobe Acrobat) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-19]
CHR Extension: (Google Sheets) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-05]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (OneNote Web Clipper) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojbdfnpnhogfdgjbigejoaolejmgdhk [2017-01-19]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-01-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-05]
CHR Extension: (Chrome Media Router) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312056 2015-08-11] (Qualcomm Atheros)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S4 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe [76392 2016-10-16] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S4 conmon; C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe [329200 2016-05-04] (Audinate Pty Ltd)
S4 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.) [File not signed]
S4 CTAudSvcService; c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-28] (Creative Technology Ltd) [File not signed]
S4 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [133640 2015-07-26] (Creative Technology Ltd)
S4 DanteDiscovery; C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe [428504 2016-05-04] (Audinate Pty. Ltd.)
R2 Dell Click 2 Fix+; C:\Program Files\Dell\Click 2 Fix+\srvc.exe [104448 2017-01-07] (Dell)
S4 Dell Foundation Services; C:\Program Files\Alienware\Dell Foundation Services\DFSSvc.exe [104160 2016-09-09] (Dell)
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
S4 dvhlp; C:\Program Files (x86)\Blackmagic Design\Blackmagic Desktop Video\DesktopVideoHelper.exe [26112 2015-09-01] () [File not signed]
S4 dvs.manager; C:\Program Files (x86)\Audinate\Dante Virtual Soundcard\dvs_service.exe [7359488 2015-09-09] (Audinate Pty. Ltd.) [File not signed]
S4 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-08-08] (Intel Corporation)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-04-27] (NVIDIA Corporation)
S4 GraphicsAmplifierWindowsService; C:\Program Files\Alienware\Graphics Amplifier\GraphicsAmplifierWindowsService.exe [36112 2015-07-23] (Alienware)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S4 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373760 2016-06-23] (Intel Corporation)
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S4 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S4 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
S4 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223520 2015-07-10] (Intel Corporation)
S4 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [413184 2015-06-23] (Rivet Networks) [File not signed]
R2 MSSQL$CRESTRON; C:\Program Files\Microsoft SQL Server\MSSQL10_50.CRESTRON\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-04-27] (NVIDIA Corporation)
S4 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-04-27] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-04-27] (NVIDIA Corporation)
S4 OptocoreServer; C:\Program Files (x86)\Optocore\OptcrServer.exe [724992 2014-12-24] (Optocore GmbH) [File not signed]
S4 PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [3283272 2016-06-21] (Palo Alto Networks)
R2 SGDawNodeService; C:\Windows\SysWOW64\SGDawNodeService.exe [5082624 2016-01-05] (Waves Audio Ltd.) [File not signed]
S4 SQLAgent$CRESTRON; C:\Program Files\Microsoft SQL Server\MSSQL10_50.CRESTRON\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-09] (Synaptics Incorporated)
S4 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
S4 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1897184 2016-05-17] (Intel Corporation)
S4 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-12-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-12-27] (Microsoft Corporation)
S2 astcc; C:\Windows\SysWOW64\ASTSRV.EXE [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [118320 2015-06-19] (Rivet Networks, LLC.)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1075496 2015-07-26] (Creative Technology Ltd)
S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [55816 2015-08-13] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [53752 2015-08-13] (Intel Corporation)
R2 dvs.asio; C:\Program Files (x86)\Audinate\Dante Virtual Soundcard\dvs_asio.sys [226264 2015-09-09] (Audinate Pty. Ltd.)
R3 dvs.wdm; C:\Windows\system32\DRIVERS\dvs_wdm.sys [296920 2015-09-09] (Audinate Pty. Ltd.)
R0 EMSC; C:\Windows\System32\drivers\EMSC.SYS [17720 2012-07-10] ()
R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-10] ()
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [261624 2015-08-13] (Intel Corporation)
S3 FTSER2K; C:\Windows\system32\drivers\ftser2k.sys [79872 2014-09-09] (FTDI Ltd.) [File not signed]
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [41080 2016-02-09] ()
R3 iusb3adp; C:\Windows\System32\drivers\iusb3adp.sys [37160 2015-06-01] (Intel)
R3 KillerEth; C:\Windows\system32\DRIVERS\e24w8x64.sys [126976 2015-04-29] (Qualcomm Atheros, Inc.)
S3 kiox_ff_driver; C:\Windows\System32\drivers\kiox_ff_driver.sys [32736 2014-10-09] (Kionix, Inc.)
R0 kxdiskprot; C:\Windows\System32\DRIVERS\kxdiskprot.sys [30664 2014-10-09] (Kionix, Inc.)
S3 madifaceu64; C:\Windows\system32\drivers\madiface_usb_64.sys [213912 2016-11-29] (RME)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [27904 2007-05-17] ()
S3 nhi; C:\Windows\system32\DRIVERS\tbt81x.sys [127048 2016-05-22] (Intel Corporation)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [306112 2016-04-27] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-04-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-27] (NVIDIA Corporation)
R3 PanGpd; C:\Windows\system32\DRIVERS\pangpd.sys [36352 2016-06-21] (Palo Alto Networks)
R3 Qcamain; C:\Windows\system32\DRIVERS\Qcamainx64.sys [2325520 2015-05-29] (Qualcomm Atheros, Inc.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [752856 2015-05-29] (Realsil Semiconductor Corporation)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SmartView; C:\Windows\system32\DRIVERS\SmartView.sys [12288 2015-12-15] (Blackmagic Design)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-09] (Synaptics Incorporated)
R3 SoundGridMIDI; C:\Windows\system32\drivers\SoundGridMidi.sys [25424 2016-01-05] (Waves Audio Ltd.)
R3 SoundGridMIDI; C:\Windows\SysWOW64\drivers\SoundGridMidi.sys [11264 2016-01-05] (Waves Audio Ltd.) [File not signed]
R2 SoundGridProtocol; C:\Windows\system32\DRIVERS\SoundGridProtocol.sys [89424 2016-01-05] (Waves Audio Ltd.)
R2 SoundGridProtocol; C:\Windows\SysWOW64\DRIVERS\SoundGridProtocol.sys [48128 2016-01-05] (Waves Audio Ltd.) [File not signed]
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 SwitchersAccessories; C:\Windows\system32\DRIVERS\SwitchersAccessories.sys [15872 2015-11-09] (Blackmagic Design)
R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [41720 2016-04-05] (USBPcap)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-12-27] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-12-27] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-12-27] (Microsoft Corporation)
S3 WinDriver1200; C:\Windows\system32\drivers\windrvr1200.sys [300488 2015-10-09] (Jungo Connectivity)
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2016-04-01] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-22 18:52 - 2017-01-22 18:52 - 00026046 _____ C:\Users\Shane\Desktop\FRST.txt
2017-01-22 18:49 - 2017-01-22 18:52 - 00000000 ____D C:\FRST
2017-01-22 18:49 - 2017-01-22 18:49 - 02420736 _____ (Farbar) C:\Users\Shane\Desktop\FRST64.exe
2017-01-22 12:10 - 2017-01-22 12:10 - 00019252 _____ C:\Users\Shane\Downloads\TV's at Kid's Check-In.pdf
2017-01-22 11:08 - 2017-01-22 11:08 - 00381952 _____ C:\Windows\Minidump\012217-13703-01.dmp
2017-01-19 22:04 - 2017-01-19 22:04 - 00369992 _____ C:\Windows\Minidump\011917-10953-01.dmp
2017-01-19 22:03 - 2017-01-22 16:36 - 00000001 _____ C:\ProgramData\SRTCTUacSts.txt
2017-01-19 22:02 - 2017-01-19 22:02 - 00000000 ____D C:\ProgramData\Touchfreeze
2017-01-19 21:58 - 2017-01-19 21:58 - 00001822 _____ C:\Users\Public\Desktop\Dell Click 2 Fix+.lnk
2017-01-19 21:58 - 2017-01-19 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Click 2 Fix+
2017-01-19 21:27 - 2017-01-19 21:27 - 00420952 _____ C:\Users\Shane\Documents\ShaneWeber_Resume_012017.pdf
2017-01-19 21:26 - 2017-01-19 21:26 - 00420939 _____ C:\Users\Shane\Documents\ShaneWeber_Resume_052016.pdf
2017-01-19 15:26 - 2017-01-19 15:29 - 03648361 _____ C:\Users\Shane\Downloads\AVL 1-18-17.pdf
2017-01-17 22:22 - 2017-01-17 22:22 - 00079145 _____ C:\Users\Shane\Downloads\Invoice-1128.pdf
2017-01-17 22:18 - 2017-01-17 22:18 - 00080414 _____ C:\Users\Shane\Downloads\Invoice-1137.pdf
2017-01-17 22:15 - 2017-01-17 22:15 - 00080103 _____ C:\Users\Shane\Downloads\Invoice-1157.pdf
2017-01-16 21:34 - 2017-01-16 21:34 - 00382235 _____ C:\Users\Shane\Downloads\Assembly+Instruction+-+neutriCON (1).pdf
2017-01-16 20:51 - 2017-01-16 20:51 - 04477630 _____ C:\Users\Shane\Downloads\Product+Guide+-+Section+Circular+Connectors.pdf
2017-01-16 20:51 - 2017-01-16 20:51 - 00031820 _____ C:\Users\Shane\Downloads\Drawing+OSC8M.pdf
2017-01-16 16:04 - 2017-01-16 16:03 - 00371200 _____ C:\Users\Shane\Downloads\part-number-Complete-List.xls
2017-01-16 13:36 - 2017-01-16 13:37 - 00382235 _____ C:\Users\Shane\Downloads\Assembly+Instruction+-+neutriCON.pdf
2017-01-16 13:10 - 2017-01-16 13:10 - 02932459 _____ C:\Users\Shane\Downloads\1 - Brightmoor Video Suite FP 1.10.17.pdf
2017-01-16 13:09 - 2017-01-16 13:09 - 06687826 _____ C:\Users\Shane\Downloads\2 - Brightmoor Christian Church 01.11.17 Shop Drawings Rev.1 (1).pdf
2017-01-16 09:45 - 2017-01-16 09:45 - 06687826 _____ C:\Users\Shane\Downloads\2 - Brightmoor Christian Church 01.11.17 Shop Drawings Rev.1.pdf
2017-01-16 09:08 - 2017-01-16 09:09 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-01-15 13:26 - 2017-01-15 13:29 - 00153868 _____ C:\Users\Shane\Downloads\Form8283_LOI.pdf
2017-01-14 16:22 - 2017-01-14 16:22 - 00330496 _____ C:\Windows\Minidump\011417-13250-01.dmp
2017-01-14 16:15 - 2017-01-14 16:15 - 00182826 _____ C:\Users\Shane\Downloads\Installation_Promo.pdf
2017-01-13 09:22 - 2017-01-13 09:22 - 02819980 _____ C:\Users\Shane\Downloads\proav_price_list.pdf
2017-01-13 09:16 - 2017-01-13 09:16 - 00063353 _____ C:\Users\Shane\Downloads\EIKI-Projector-Comparison-Aug-2016.pdf
2017-01-12 17:23 - 2017-01-12 17:23 - 00071591 _____ C:\Users\Shane\Downloads\EK-810U-Lens-Chart.pdf
2017-01-12 17:13 - 2017-01-12 17:13 - 00119250 _____ C:\Users\Shane\Downloads\EK-620U-Specifications (1).pdf
2017-01-12 17:13 - 2017-01-12 17:13 - 00086338 _____ C:\Users\Shane\Downloads\EK-620U-Lens-Chart.pdf
2017-01-12 17:12 - 2017-01-12 17:12 - 00119250 _____ C:\Users\Shane\Downloads\EK-620U-Specifications.pdf
2017-01-12 17:05 - 2017-01-12 17:05 - 00000000 ____D C:\Users\Shane\Documents\Converted Data
2017-01-12 16:18 - 2017-01-12 16:18 - 00347560 _____ C:\Windows\Minidump\011217-13078-01.dmp
2017-01-12 16:16 - 2016-09-11 01:20 - 00037832 _____ C:\Windows\system32\Drivers\iqvw64e.sys
2017-01-12 16:08 - 2017-01-12 16:14 - 00000000 ____D C:\Users\Shane\Documents\OLM-PST
2017-01-12 16:05 - 2017-01-12 16:05 - 09201064 _____ (Gladwev Software Private Limited®) C:\Users\Shane\Downloads\Gladwev OLM To PST Converter Setup.exe
2017-01-12 16:05 - 2017-01-12 16:05 - 00003093 _____ C:\Users\Shane\Desktop\OLMtoPST Converter Pro.lnk
2017-01-12 16:05 - 2017-01-12 16:05 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OLMtoPST Converter Pro
2017-01-12 16:05 - 2017-01-12 16:05 - 00000000 ____D C:\Users\Shane\AppData\Local\KNR-iDigital
2017-01-12 16:05 - 2017-01-12 16:05 - 00000000 ____D C:\Program Files (x86)\OLMtoPST Converter Pro 1.4
2017-01-12 16:03 - 2017-01-12 16:03 - 00000165 ____H C:\Users\Shane\Documents\~$OLK-120916.olm
2017-01-12 15:05 - 2017-01-12 15:05 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-12 15:05 - 2017-01-12 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-12 15:05 - 2017-01-12 15:05 - 00000000 ____D C:\Program Files\iTunes
2017-01-12 15:05 - 2017-01-12 15:05 - 00000000 ____D C:\Program Files\iPod
2017-01-12 14:44 - 2017-01-12 14:44 - 00516608 _____ C:\Users\Shane\Downloads\ezip.xls
2017-01-12 14:43 - 2017-01-12 16:18 - 18160640 _____ C:\Users\Shane\Downloads\proav_price_list.xls
2017-01-12 14:43 - 2017-01-12 14:43 - 00283936 _____ C:\Users\Shane\Downloads\proav_summary_retail.pdf
2017-01-12 14:43 - 2017-01-12 14:43 - 00089004 _____ C:\Users\Shane\Downloads\BWG 4th & 5th Year Warranty Spreadsheet.pdf
2017-01-12 10:37 - 2017-01-12 10:37 - 00362934 _____ C:\Users\Shane\Downloads\MMS_Bill of Lading_TEMPLATE (1).pdf
2017-01-12 10:37 - 2017-01-12 10:37 - 00339069 _____ C:\Users\Shane\Downloads\MMS_Bill of Lading_TEMPLATE-Form.pdf
2017-01-12 10:18 - 2017-01-12 10:18 - 00322289 _____ C:\Users\Shane\Downloads\MMS_Bill of Lading_TEMPLATE.pdf
2017-01-12 09:47 - 2017-01-22 18:14 - 00000576 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4124817852-1649296433-1094762776-1001.job
2017-01-12 09:47 - 2017-01-22 17:44 - 00000672 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4124817852-1649296433-1094762776-1001.job
2017-01-12 09:47 - 2017-01-12 09:47 - 00003668 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-4124817852-1649296433-1094762776-1001
2017-01-12 09:47 - 2017-01-12 09:47 - 00003572 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4124817852-1649296433-1094762776-1001
2017-01-11 14:13 - 2017-01-11 14:12 - 06184099 _____ C:\Users\Shane\Documents\PMP_TEST-01.pdf
2017-01-04 12:29 - 2017-01-04 12:34 - 00000000 ____D C:\Program Files\Plumbytes Software
2017-01-03 05:58 - 2016-08-27 13:44 - 22360288 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-01-03 05:58 - 2016-08-27 13:44 - 02755504 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-01-03 05:58 - 2016-08-27 13:44 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
2017-01-03 05:58 - 2016-08-27 12:26 - 19789232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-03 05:58 - 2016-08-27 12:26 - 02411048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-01-03 05:58 - 2016-08-27 12:26 - 00113656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
2017-01-03 05:58 - 2016-08-27 10:09 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-01-03 05:58 - 2016-08-27 09:55 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-01-03 05:58 - 2016-07-09 10:10 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2017-01-03 05:58 - 2016-07-08 16:35 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-01-03 05:58 - 2016-07-08 08:17 - 00377344 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2017-01-03 05:58 - 2016-07-08 08:17 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2017-01-03 05:58 - 2016-07-07 16:32 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2017-01-03 05:58 - 2016-07-07 16:18 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\iprtrmgr.dll
2017-01-03 05:58 - 2016-07-07 16:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2017-01-03 05:58 - 2016-07-07 16:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\rasppp.dll
2017-01-03 05:58 - 2016-07-07 15:04 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
2017-01-03 05:58 - 2016-07-07 14:59 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2017-01-03 05:58 - 2016-07-07 14:44 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2017-01-03 05:58 - 2016-07-07 14:41 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2017-01-03 05:58 - 2016-07-07 14:34 - 00542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2017-01-03 05:58 - 2016-07-07 14:29 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2017-01-03 05:58 - 2016-07-07 14:29 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2017-01-03 05:58 - 2016-07-07 14:23 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iprtrmgr.dll
2017-01-03 05:58 - 2016-07-07 14:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2017-01-03 05:58 - 2016-07-07 14:11 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasppp.dll
2017-01-03 05:58 - 2016-07-07 13:35 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
2017-01-03 05:58 - 2016-07-07 13:14 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2017-01-03 05:58 - 2016-07-03 21:45 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2017-01-03 05:58 - 2016-07-01 14:39 - 00197352 _____ (Microsoft Corporation) C:\Windows\system32\dssenh.dll
2017-01-03 05:58 - 2016-07-01 14:39 - 00157016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dssenh.dll
2017-01-03 05:58 - 2016-06-18 14:06 - 00590688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2017-01-03 05:58 - 2016-06-18 14:06 - 00072408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys
2017-01-03 05:58 - 2016-06-11 13:52 - 00057184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2017-01-03 05:58 - 2016-06-11 12:05 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\gpresult.exe
2017-01-03 05:58 - 2016-06-11 11:14 - 00192512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpresult.exe
2017-01-03 05:58 - 2016-06-11 10:50 - 00987136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-03 05:58 - 2016-06-11 10:46 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2017-01-03 05:58 - 2016-06-11 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2017-01-03 05:58 - 2016-06-11 10:37 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-01-03 05:58 - 2016-06-11 10:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-03 05:58 - 2016-06-11 10:20 - 00413184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2017-01-03 05:58 - 2016-06-11 10:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-01-03 05:58 - 2016-06-10 15:34 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
2017-01-03 05:58 - 2016-06-10 14:07 - 03820544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-01-03 05:58 - 2016-06-10 12:11 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2017-01-03 05:58 - 2016-06-10 12:11 - 01487992 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-01-03 05:58 - 2016-06-10 12:11 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2017-01-03 05:58 - 2016-06-10 12:11 - 00125024 _____ (Microsoft Corporation) C:\Windows\system32\cryptxml.dll
2017-01-03 05:58 - 2016-06-10 12:10 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptxml.dll
2017-01-03 05:58 - 2016-06-10 12:07 - 03273728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-01-03 05:58 - 2016-06-09 13:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-01-03 05:58 - 2016-06-09 12:18 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2017-01-03 05:58 - 2016-06-07 12:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll
2017-01-03 05:58 - 2016-06-07 11:13 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hbaapi.dll
2017-01-03 05:47 - 2017-01-03 05:47 - 00000000 ____D C:\ProgramData\PC-Doctor, Inc

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-22 18:12 - 2016-01-11 15:51 - 00000000 ____D C:\Users\Shane\Documents\Outlook Files
2017-01-22 17:47 - 2016-01-05 20:20 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4124817852-1649296433-1094762776-1001
2017-01-22 17:30 - 2016-01-08 12:23 - 00000000 ____D C:\Users\Shane\Documents\WebFeatProductions
2017-01-22 16:57 - 2016-02-08 15:54 - 00000000 ____D C:\Users\Shane\Documents\RealEstate
2017-01-22 16:55 - 2016-01-11 15:57 - 00000000 ____D C:\Users\Shane\Documents\Devotions
2017-01-22 12:42 - 2016-01-05 20:15 - 00000000 ____D C:\Users\Shane\AppData\Local\Packages
2017-01-22 11:13 - 2014-11-20 22:42 - 00964724 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-22 11:13 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\Inf
2017-01-22 11:10 - 2016-01-05 20:15 - 00000000 ____D C:\Users\Shane
2017-01-22 11:08 - 2016-01-22 10:53 - 1863937649 _____ C:\Windows\MEMORY.DMP
2017-01-22 11:08 - 2016-01-22 10:53 - 00000000 ____D C:\Windows\Minidump
2017-01-22 11:08 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-19 22:24 - 2016-01-11 17:01 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 22:23 - 2016-01-11 17:01 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-19 22:05 - 2015-12-27 02:11 - 00000000 ____D C:\ProgramData\PCDr
2017-01-19 21:58 - 2015-12-27 02:14 - 00000000 ____D C:\Program Files\Dell
2017-01-19 21:54 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-01-16 09:44 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\NDF
2017-01-14 16:23 - 2016-03-06 17:32 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-14 16:23 - 2016-01-05 20:15 - 00000000 __SHD C:\Users\Shane\IntelGraphicsProfiles
2017-01-14 16:22 - 2016-05-06 14:32 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-13 15:23 - 2013-08-22 09:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-13 15:22 - 2015-12-27 02:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-12 15:05 - 2016-03-18 09:51 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-12 09:47 - 2016-03-06 16:58 - 00000000 ____D C:\Users\Shane\AppData\Local\Citrix
2017-01-06 15:38 - 2016-03-01 10:38 - 00000000 ____D C:\Users\Shane\AppData\Local\CrashDumps
2017-01-03 06:17 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\rescache
2017-01-03 06:04 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ToastData
2017-01-03 06:04 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-01-03 06:04 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\setup
2017-01-03 05:59 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp
2016-12-29 21:36 - 2016-08-05 10:40 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-29 21:01 - 2016-03-07 15:31 - 00000000 ____D C:\ProgramData\TEMP
2016-12-29 19:11 - 2016-01-05 20:15 - 00000000 ____D C:\Users\Shane\AppData\Roaming
2016-12-29 10:57 - 2013-08-22 09:36 - 00000000 __RSD C:\Windows\assembly
2016-12-29 10:05 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness

==================== Files in the root of some directories =======

2016-01-15 08:43 - 2016-01-19 18:30 - 0036804 _____ () C:\Users\Shane\AppData\Roaming\Comma Separated Values.ADR
2016-08-15 11:12 - 2016-08-15 11:12 - 0000600 _____ () C:\Users\Shane\AppData\Local\PUTTY.RND
2016-01-12 07:41 - 2016-01-13 08:28 - 0007605 _____ () C:\Users\Shane\AppData\Local\Resmon.ResmonCfg
2017-01-19 22:03 - 2017-01-22 16:36 - 0000001 _____ () C:\ProgramData\SRTCTUacSts.txt

Some files in TEMP:
====================
2017-01-12 16:05 - 2017-01-12 16:05 - 0433576 _____ () C:\Users\Shane\AppData\Local\Temp\OLMtoPSTConverterProSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-13 17:49

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by Shane (22-01-2017 18:53:06)
Running from C:\Users\Shane\Desktop
Windows 8.1 Pro (Update) (X64) (2016-01-06 02:15:36)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-4124817852-1649296433-1094762776-500 - Administrator - Disabled)
Guest (S-1-5-21-4124817852-1649296433-1094762776-501 - Limited - Disabled)
Shane (S-1-5-21-4124817852-1649296433-1094762776-1001 - Administrator - Enabled) => C:\Users\Shane

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.1.4 - Intel) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
AFMG Database Service (HKLM-x32\...\InstallShield_{B83698B3-001B-4E51-ABC7-C71DBCA1B63D}) (Version: 1.00.00 - AFMG)
AFMG Database Service (Version: 1.00.00 - AFMG) Hidden
AFMG Licence Manager (HKLM-x32\...\{F2499F77-9924-4137-B514-13F488B4FE55}) (Version: 1.0.5 - AFMG)
AFMG Software Prerequisites (HKLM-x32\...\{0A44ED35-3A20-4DE8-B172-5FD061ED558D}) (Version: 1.0.0 - AFMG)
AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)
Alienware Command Center (HKLM-x32\...\InstallShield_{D5BC2B54-1297-4765-ABF5-FE43ED0067DD}) (Version: 4.5.16.0 - Dell Inc.)
Alienware Command Center (Version: 4.5.16.0 - Dell Inc.) Hidden
Alienware Customer Connect (HKLM-x32\...\{99E581C6-471C-46CA-989E-3B17EB7E3F27}) (Version: 1.3.2.0 - Dell Inc.)
Alienware Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Alienware Graphics Amplifier Software Installer (HKLM-x32\...\InstallShield_{6AAC93BE-2E1D-4E49-8DDD-2DDF00AB4B33}) (Version: 2.0.16.0 - Dell Inc.)
Alienware Graphics Amplifier Software Installer (Version: 2.0.16.0 - Dell Inc.) Hidden
Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.20C - Alienware Corp.)
Alienware On-Screen Display (x32 Version: 0.33.0.20C - Alienware Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Aviom A360 Channel Manager (HKLM-x32\...\{E8C5237F-CC98-4DCE-9A8D-978427E46CBA}) (Version: 3.0.1.4 - Aviom, Inc.)
BD_3D Advisor (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: 2.0.7510 - CyberLink Corp.)
Blackmagic ATEM Switchers (HKLM\...\{EA784BD4-586B-40F7-8E7B-399AB35B1FA3}) (Version: 6.6.1.0 - Blackmagic Design)
Blackmagic SmartView Utility (HKLM-x32\...\{FE3A3891-9F26-479B-BB7F-AC3F22280E76}) (Version: 4.0.1.0 - Blackmagic Design)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother BRAdmin Light 1.27.0001 (HKLM-x32\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.27.0001 - Brother)
Brother HL-2170W (HKLM-x32\...\{53BF3CC4-5FCB-44E2-8B9A-0FE1B25D178A}) (Version: 1.00 - Brother)
Brother MFL-Pro Suite MFC-9970CDW (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.1.5.0 - Brother Industries, Ltd.)
Chrome Remote Desktop Host (HKLM-x32\...\{D669DC52-B1A4-4933-878D-CB80F660D95D}) (Version: 55.0.2883.17 - Google Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
CodeMeter Runtime Kit v5.22a (HKLM\...\{8D299F2C-A3C8-49A5-A726-E885AB397243}) (Version: 5.22.1508.501 - WIBU-SYSTEMS AG)
Composer 5.1 (HKLM-x32\...\{15EDE194-12D1-4A4B-A1AB-C61CE4B670CA}) (Version: 5.1 - Symetrix, Inc.)
Crestron D3Pro Base Templates 2.02.020.00 (Black-Blue) (HKLM-x32\...\{79B0278E-6325-48BA-8DAB-22623B366D67}_is1) (Version: 2.02.020.00 - Crestron Electronics Inc.)
Crestron D3Pro v3.03.002.00 (HKLM-x32\...\{1869F208-31E8-4392-B229-03B914031A68}_is1) (Version: - )
Crestron DALI Commissioning Tool 2.42.324.01 (HKLM-x32\...\{71AE5E5E-36CA-41b3-BEB7-918BEDA4EC21}_is1) (Version: 2.42.324.01 - Crestron Electronics Inc.)
Crestron Database 58.00.002.00 (HKLM-x32\...\{9E52ACC4-ABB4-41A1-9D99-1229F0E3C0C2}_is1) (Version: 58.00.002.00 - Crestron Electronics Inc.)
Crestron Device Database76.00.002.00 (HKLM-x32\...\{6686F38D-1A32-4A8C-94D7-A2AA9C5F3C9B}_is1) (Version: 76.00.002.00 - Crestron Electronics Inc.)
Crestron DVPHDTool 2.42.324.01 (HKLM-x32\...\{5B14B25D-838D-40D9-AA7E-DE880214A9F4}_is1) (Version: 2.42.324.01 - Crestron Electronics Inc.)
Crestron Engraver v5.4.24.02 (HKLM-x32\...\{0573BDB1-CD8C-4591-BA90-DFCAD8F8C5AE}_is1) (Version: - )
Crestron iLux Designer 2.01.04.06 (HKLM-x32\...\{1F287ED0-034E-4A76-B068-F78C2700B4B9}_is1) (Version: 2.01.04.06 - Crestron Electronics Inc.)
Crestron MasterInstaller (HKLM-x32\...\{99D938EB-9933-4C27-AC2C-2D5FCF436ECB}_is1) (Version: 3.01.02.00 - Crestron Electronics Inc.)
Crestron onCue BPC-8 Tool 2.42.324.01 (HKLM-x32\...\{CF3C916F-06D2-4507-807F-D09A4B0FAEB9}_is1) (Version: 2.42.324.01 - Crestron Electronics Inc.)
Crestron Procise Tools 2.42.324.01 (HKLM-x32\...\{CCA3AB83-BCA7-4CFF-B96C-977CC0C1424A}_is1) (Version: 2.42.324.01 - Crestron Electronics Inc.)
Crestron ProdigyTools 2.42.240.00 (HKLM-x32\...\{AE3B0014-DD7D-4156-8CB2-D2D8910AC8DF}_is1) (Version: 2.42.240.00 - Crestron Electronics Inc.)
Crestron ProSoundTools 2.42.240.00 (HKLM-x32\...\{77FB7E6E-D48E-44A7-8257-CD7CF40AADE7}_is1) (Version: 2.42.240.00 - Crestron Electronics Inc.)
Crestron SIMPL Window 4.04.03.00 (HKLM-x32\...\{8B508184-4E86-41C9-BCFF-EF8B1C7EF2BF}_is1) (Version: 4.04.03.00 - Crestron Electronics Inc.)
Crestron SmartGraphics 2.11.05.12 (HKLM-x32\...\{1CE8BCAB-8F15-403F-A9A0-2D2000C6B554}_is1) (Version: 2.11.05.12 - Crestron Electronics Inc.)
Crestron Studio v1.38.008.00 (HKLM-x32\...\{1824EB2E-3FC2-4854-BAA4-6633CFB94487}_is1) (Version: 1.38.008.00 - Crestron Electronics Inc.)
Crestron SystemBuilder Base Templates 3.14.008.00 (Black-Blue) (HKLM-x32\...\{418B6E0F-F89A-44ED-8F05-3C8FEA09C50F}_is1) (Version: 3.14.008.00 - Crestron Electronics Inc.)
Crestron SystemBuilder Theme 3.14.008.00 (Destiny:Frosted Glass Dark) (HKLM-x32\...\{2041FD79-F5A5-4791-8D77-C39BA367856E}_is1) (Version: 3.14.008.00 - Crestron Electronics Inc.)
Crestron SystemBuilder Theme 3.14.008.00 (Destiny:Frosted Glass Light) (HKLM-x32\...\{13828341-3A16-456F-890F-1B777EAF6ECF}_is1) (Version: 3.14.008.00 - Crestron Electronics Inc.)
Crestron SystemBuilder Theme v3.14.008.00 (Black-Green) (HKLM-x32\...\{8F9F48C0-44BE-4C05-B24F-E4FC7CDD13C8}_is1) (Version: 3.14.008.00 - Crestron Electronics Inc.)
Crestron SystemBuilder v3.14.013.00 (HKLM-x32\...\{44B3D6ED-96A4-4399-A328-9F1F58735802}_is1) (Version: - )
Crestron Toolbox 2.42.324.01 (HKLM-x32\...\{1B52BC01-2F6E-4FAE-BB09-1F28D2BF1D63}_is1) (Version: 2.42.324.01 - Crestron Electronics Inc.)
Crestron VisionTools Pro-e 6.1.02.54 (HKLM-x32\...\{E74BC26C-A114-4AE0-990E-BBFBB9F592A4}_is1) (Version: 6.1.02.54 - Crestron Electronics Inc.)
Crestron XPanel (HKLM-x32\...\CrestronXPanel) (Version: 2.11.05 - Crestron Electronics, Inc)
Crestron XPanel (x32 Version: 2.11.05 - Crestron Electronics, Inc) Hidden
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.2718.58 - CyberLink Corp.)
Dante Control and Monitoring (HKLM-x32\...\{32B9C78C-6BA0-456F-8053-5BA6305AEA37}) (Version: 1.10.4.1 - Audinate Pty. Ltd.)
Dante Controller (HKLM-x32\...\{23d3390c-f053-4a97-9c1c-f3b09ab50ada}) (Version: 3.6.2.4 - Audinate Pty. Ltd.)
Dante Controller (x32 Version: 3.6.2.4 - Audinate) Hidden
Dante Discovery (HKLM\...\{BB809BBB-7F71-402D-B0C0-603008B0BB59}) (Version: 1.2.1.1 - Audinate Pty. Ltd.)
Dante Firmware Update Manager (HKLM-x32\...\{29106ff3-7b7d-4026-a7bc-4a117c0bd7be}) (Version: 3.10.0.9 - Audinate Pty. Ltd.)
Dante Firmware Update Manager Core (x32 Version: 3.10.0.9 - Audinate Pty. Ltd.) Hidden
Dante Virtual Soundcard (HKLM-x32\...\{2ddf2ee3-abee-4c1d-81a8-eb0d658d54e9}) (Version: 3.7.4.2 - Audinate Pty. Ltd.)
Dante Virtual Soundcard (Version: 3.7.4.2 - Audinate) Hidden
DashBoard 8.1.0 (HKLM-x32\...\DashBoard) (Version: 8.1.0 - Ross Video Limited)
Dell Click 2 Fix+ (HKLM\...\Dell Click 2 Fix+_is1) (Version: 2.004.032.2615.03 - Dell)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F0DB834}) (Version: 3.4.13900.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell System Detect (HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
DigiGrid MGB-MGO V9r10 (HKLM-x32\...\{97000050-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.7.10 - Waves)
EASE 4.4 (HKLM-x32\...\{7BA1A360-647C-11D4-A0F9-00105ACC16E5}) (Version: - )
EASE Focus 3 (HKLM-x32\...\InstallShield_{825B749A-80ED-4ECC-B89A-CE76097A68E6}) (Version: 3.0.15 - AFMG)
EASE Focus 3 (x32 Version: 3.0.15 - AFMG) Hidden
EASE GLL Viewer (HKLM-x32\...\{795B8848-B5F6-4C71-8243-19A446A61A3A}) (Version: 1.01.18 - AFMG)
EASE SpeakerLab (HKLM-x32\...\{B052DFAB-10AF-48E5-9067-104C02959AE2}) (Version: 1.01.18 - AFMG)
EASE SpeakerLab User Files (HKLM-x32\...\{3951009A-E703-4F10-82BB-5A542380EB4B}) (Version: 1.00.00 - AFMG)
EASEGUARD (HKLM-x32\...\{DAD43F79-CC5F-11D5-A106-00105ACC16E5}) (Version: - )
EASERA SysTune (HKLM-x32\...\{4A55E5DF-E250-4B8E-A597-9C867C6ED664}) (Version: 1.3.7 - AFMG)
EASERA SysTune User Files (HKLM-x32\...\{F9D0F965-7FE2-437A-8746-8C359187C3BD}) (Version: 1.00.01 - AFMG)
EASETOOLS (HKLM-x32\...\{1C18C0A9-7282-4F00-A874-0FD9CE40A1E3}) (Version: - )
EMSC (x32 Version: 0.0.0.28 - Compal Electronics, Inc.) Hidden
ENTTEC RDM Controller 2.115-beta (HKLM-x32\...\ENTTEC RDM Controller) (Version: 2.115-beta - ENTTEC)
EPSON NX230 Series Printer Uninstall (HKLM\...\EPSON NX230 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
Extron Electronics - Extron Product Configuration Software (HKLM-x32\...\{7DAD0032-FD6F-4C9D-A014-2426057FD95A}) (Version: 3.5.3.0 - Extron Electronics)
Extron Electronics - USB Driver Installer v1.0.1 (HKLM\...\{CEF10C19-7370-4AC7-A7DE-1E82278B168A}) (Version: 1.0.1.0 - Extron Electronics)
FileZilla Client 3.16.0 (HKLM-x32\...\FileZilla Client) (Version: 3.16.0 - Tim Kosse)
Free Fall Data Protection (HKLM\...\{5141F653-8707-4B96-9349-247C66319C11}) (Version: 1.1.2.8 - Kionix, Inc.)
GLD Editor 1.51 (HKLM-x32\...\GLD Editor_is1) (Version: V1.51 - Rev. 19116 - Allen & Heath)
GlobalProtect (HKLM\...\{E8279381-56CD-46AC-9517-ACF62F908141}) (Version: 3.1.0 - Palo Alto Networks)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 7.30.0.6140 (HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\GoToMeeting) (Version: 7.30.0.6140 - CitrixOnline)
iLive Editor V1.94 (HKLM-x32\...\42241C6B-7388-4B11-9E1D-7AB6930F7F21) (Version: 1.94 - Allen & Heath)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4463 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) USB 3.0 Host Controller Adaptation Driver (HKLM\...\{9472AEE5-5D4D-4329-8BD8-B282FD33B8E0}) (Version: 1.0.0.42 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IRIS-Net V2.4.1 (HKLM-x32\...\IRIS-Net) (Version: V2.4.1 - EVI Audio GmbH)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Just Add Drivers Configuration 3.2.6.0 (HKLM-x32\...\{9C58B7D4-9024-491f-8767-C73E70D1ACC9}_is1) (Version: 3.2.6.0 - Just Add Drivers Inc.)
Killer Bandwidth Control Filter Driver (Version: 1.1.53.1215 - Rivet Networks) Hidden
Killer E240x Drivers (Version: 1.1.53.1215 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.53.1215 - Rivet Networks) Hidden
Killer Network Manager Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.53.1215 - Rivet Networks)
Killer Wireless Drivers (HKLM-x32\...\{742340F2-BD38-406B-BE73-362D50FB0F4B}) (Version: 1.1.53.1215 - Rivet Networks)
Killer Wireless-AC 1535 Drivers (Version: 1.1.53.1215 - Rivet Networks) Hidden
L-ACOUSTICS Network Manager (HKLM-x32\...\L-ACOUSTICS Network Manager) (Version: 2.4.4.35 - L-ACOUSTICS)
L-Acoustics Soundvision 3.0.5 (HKLM-x32\...\Soundvision 3.0.5) (Version: 3.0.5 - L-Acoustics)
Lectrosonics Wireless Designer Help (HKLM-x32\...\Lectrosonics Wireless Designer Help) (Version: 2016.2.24 - Lectrosonics)
London Architect (HKLM-x32\...\{0C932D7C-3AAD-4410-B7C7-876C4BB4A25B}) (Version: 1613 - BSS Audio)
MAPP XT - Standalone (HKLM-x32\...\{DA9B31C6-6EAE-410A-BAC1-714CB57DFF22}) (Version: 1.1.3 - Meyer Sound Laboratories, Inc.)
Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft CAPICOM 2.1.0.2 SDK (HKLM-x32\...\{2FF43F5D-5729-4E02-A548-310E30A5F29B}) (Version: 2.1.0.2 - Microsoft Corporation)
Microsoft Office Home and Business 2016 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{01078B88-2981-4F75-96B0-8B22E2D2DE03}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2e7a9943-de7b-4030-8f40-63502f679ace}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Network Camera View 4S (HKLM-x32\...\{8A27C0FE-87C7-4169-BF5A-05BF94F70A54}) (Version: 4.29.02 - Panasonic System Networks Co.,Ltd.)
NGINX Webserver (HKLM-x32\...\InstallShield_{F84F3BE5-50E7-48CD-89F9-5B6EA82D7CD1}) (Version: 1.1.1 - AFMG)
NGINX Webserver (x32 Version: 1.1.1 - AFMG) Hidden
NVIDIA 3D Vision Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 365.10 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.66 - NVIDIA Corporation)
NVIDIA Graphics Driver 365.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 365.10 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
OLMtoPST Converter Pro 1.4 (HKLM-x32\...\{FB7E6150-ED7A-4BB6-8C67-9FED9144260A}) (Version: 1.4 - Gladwev Software Private Limited)
Optocore Bundle (HKLM-x32\...\{9DA44CFF-8A89-407E-8103-01EFDDB6C500}_is1) (Version: 2.21.022 - Optocore GmbH)
PanelBuilderSE (HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\128153ff6d04e5ef) (Version: 1.1.7.21 - RCI Custom)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.12.0 - Prolific Technology INC)
PRO-Manager 2.35 (HKLM-x32\...\PRO-Manager) (Version: - )
Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 3.0.0.582 - Qualcomm Atheros)
REAPER (x64) (HKLM\...\REAPER) (Version: - )
RME DIGICheck (HKLM-x32\...\{872BD2A4-7CB6-4692-A74E-99ABA11DED75}) (Version: 581rel - RME)
RME MADIface USB (HKLM\...\FIREFACE_USB) (Version: 0.9.583.0 - RME Intelligent Audio Solutions)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.66 - NVIDIA Corporation) Hidden
Shure Update Utility (HKLM-x32\...\Shure Update Utility) (Version: 2.2.2 - Shure Inc)
SIMPL+ Cross Compiler (HKLM-x32\...\{FB97A745-D1E6-435D-B942-264E94F89938}) (Version: 1.3 - Crestron Electronics Inc.)
Skype 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sound Blaster Recon3Di (HKLM-x32\...\{5A8C086D-D57E-4CE7-9B62-34F52EDBCAE6}) (Version: 1.00.14 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (HKLM-x32\...\{C45E715E-442E-4D82-BD46-A08A0870957C}) (Version: 1.0 - Creative Technology Limited)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Studio Manager 64bit (HKLM-x32\...\InstallShield_{4D149210-AC22-4B88-AC49-076F55300E49}) (Version: 2.3.1.0 - Yamaha Corporation)
Studio Manager 64bit (Version: 2.3.1.0 - Yamaha Corporation) Hidden
Studio Manager 64bit (x32 Version: 2.3.1.0 - Yamaha Corporation) Hidden
Symetrix Jupiter (HKLM-x32\...\InstallShield_{7B69FB16-BCD5-4599-907F-4126EC059385}) (Version: 3.0.2.0 - Symetrix, Inc.)
Symetrix Jupiter (x32 Version: 3.0.2.0 - Symetrix, Inc.) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.65452 - TeamViewer)
Thunderbolt(TM) Software (HKLM-x32\...\{FBD934F4-FC23-4044-8392-3551DC8D972F}) (Version: 16.1.47.275 - Intel Corporation)
Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Tracks Live (HKLM\...\{DF11DBFE-5193-48DF-8929-3ED3D084D751}) (Version: 1.2 - Waves Audio)
TurboCAD Deluxe 21 64-bit (HKLM\...\{6CD8A657-F7E3-4789-8FB1-E30264619ED9}) (Version: 21.2.591 - IMSIDesign)
TurboCAD Deluxe 21 Symbols (HKLM-x32\...\{41DD5AD2-D367-4FA9-8EEC-8A8CE1371FBE}) (Version: 21.0.0 - IMSIDesign)
USB Control Panel 2.0.7 64-bit (HKLM-x32\...\{3663834F-D92B-4485-804D-7A3B5CA70B58}) (Version: 2.00.7000 - DECIMATOR DESIGN)
USBPcap 1.1.0.0-g794bf26-3 (HKLM\...\USBPcap) (Version: 1.1.0.0-g794bf26-3 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WaveAgent (HKLM-x32\...\InstallShield_{053C7D32-3566-452B-9A37-D42B4F4C5379}) (Version: 1.20 - Sound Devices LLC)
WaveAgent (x32 Version: 1.20 - Sound Devices LLC) Hidden
Waves Central V1.0.3.3 (HKLM-x32\...\{94000200-C561-4E32-99EB-3C5AD3683A70}) (Version: 1.0.4 - Waves)
Waves SoundGrid Drivers 9.7.95.5 (HKLM\...\Waves SoundGrid Drivers_is1) (Version: - Waves Audio Ltd.)
Windows Driver Package - Crestron Electronics Inc. (WinUSB) Crestron (11/09/2010 3.0.0.0) (HKLM\...\D49FBD114E4911AD03D99ED034ADA88310A1915A) (Version: 11/09/2010 3.0.0.0 - Crestron Electronics Inc.)
Windows Driver Package - Decimator Design Decimator USB Device Driver Package (03/18/2011 2.08.14) (HKLM\...\EC1B02A4870ABE719DDA2A6943DF0FB974A180F7) (Version: 03/18/2011 2.08.14 - Decimator Design)
Windows Driver Package - Extron Electronics (WinUSB) Extron (02/04/2013 1.0.1.0) (HKLM\...\B81DEDAD853684D67CB15F6AC65E14748A6F370C) (Version: 02/04/2013 1.0.1.0 - Extron Electronics)
Windows Driver Package - FTDI LecNet2 Driver Package (03/18/2011 2.08.14) (HKLM\...\961673CC413A6FB35AB23061666C9A9467264DC0) (Version: 03/18/2011 2.08.14 - FTDI)
Windows Driver Package - Kionix, Inc. (kiox_ff_driver) Sensor I/O devices (10/09/2014 1.1.2.8) (HKLM\...\8DF797456310A45326D5CA27FA380061A19FA127) (Version: 10/09/2014 1.1.2.8 - Kionix, Inc.)
Windows Driver Package - Kionix, Inc. kxdiskprot DiskDrive (10/09/2014 1.1.2.8) (HKLM\...\7115C5B3174715E634D96D0883A6ACF1B11140A8) (Version: 10/09/2014 1.1.2.8 - Kionix, Inc.)
Windows Driver Package - Lectrosonics, Inc. CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\7E973AAFCC16B5BA9E13965B816AB2461F36FB15) (Version: 02/17/2009 2.04.16 - Lectrosonics, Inc.)
Windows Driver Package - RME Fireface (02/05/2016 3.1.16.0) (HKLM\...\89A6B2E963B48FBEFE6A055CAC9393720E08D9E4) (Version: 02/05/2016 3.1.16.0 - RME)
Windows Driver Package - RME Fireface (06/09/2015 3.1.15.0) (HKLM\...\7DB1C44C8497B04984278F9D2C6CAF2685A375F9) (Version: 06/09/2015 3.1.15.0 - RME)
Windows Driver Package - RME Fireface (11/11/2016 3.1.21.0) (HKLM\...\D94B6A121E1E23B553DC12817D0A852650EE41CA) (Version: 11/11/2016 3.1.21.0 - RME)
Windows Driver Package - RME MADIface (11/10/2016 0.9.583.0) (HKLM\...\FC99552C220868A384533B1526F8805023A2A75D) (Version: 11/10/2016 0.9.583.0 - RME)
Wireless Designer (HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\3882983757.lectrosonics.com) (Version: - lectrosonics.com)
Wireless Workbench 6 (HKLM-x32\...\Wireless Workbench 6) (Version: 6.12.0 - Shure Inc)
Wireshark 2.2.1 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.1 - The Wireshark developer community, hxxps://www.wireshark.org)
Yamaha Amp Editor (HKLM-x32\...\InstallShield_{167F6612-1B44-4A86-A88B-CF6019CA6CEB}) (Version: 1.3.1 - Yamaha Corporation)
Yamaha Amp Editor (x32 Version: 1.3.1 - Yamaha Corporation) Hidden
Yamaha DME-N Network Driver (HKLM-x32\...\{A0E2FB76-AF0C-4BC4-A646-399D14E3CB21}) (Version: 1.2.2 - Yamaha Corporation)
Yamaha M7CL V3 Editor (HKLM-x32\...\InstallShield_{DDC3989E-B443-4E62-9801-A95F89DF96C0}) (Version: 3.5.4.58 - Yamaha Corporation)
Yamaha M7CL V3 Editor (x32 Version: 3.5.4.58 - Yamaha Corporation) Hidden
Yamaha MTX-MRX Editor V2.2 (HKLM-x32\...\InstallShield_{D79EAA54-B0FF-4C3F-98F3-6E449F761B5A}) (Version: 2.2.0 - Yamaha Corporation)
Yamaha MTX-MRX Editor V2.2 (x32 Version: 2.2.0 - Yamaha Corporation) Hidden
Yamaha QL Editor (HKLM-x32\...\InstallShield_{73963C3C-B681-484E-9B18-FC8494923990}) (Version: 4.0.1 - Yamaha Corporation)
Yamaha QL Editor (x32 Version: 4.0.1 - Yamaha Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{056ADF40-C1D0-4CEB-94D2-4B82CB2C25F4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\SolidBodyTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{130E8ABC-A163-43b5-B9E5-A31C1B1CB7B4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\BPMngr.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{15544F60-D775-4962-BEB4-E580346B1591}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\ScetchTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Shane\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{1f65cd4a-b284-4247-a0d8-4cbc3b99e265}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{28A80F2D-0869-4E55-B0B3-0E44E64DC4C6}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\ExtRefManager.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{2C10CA50-05D0-11D2-8697-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\ObjectTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{49E39851-1FC0-11D2-8698-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\SmartHatch.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{4a200bc0-c3e0-4cd0-94f8-d0d58dec2a3e}\InprocServer32 -> C:\Windows\system32\shdocvw.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{554EDBD6-7585-40C5-9713-180E76DAC4FC}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Regens\TCImage.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{5B60CCED-F564-43BA-802B-01183FAA0A84}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\TCImageTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481001-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481002-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481003-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481004-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481005-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481100-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\ImsigxPS21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481801-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481802-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481803-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481804-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A481805-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A482001-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\imsigxext\gxext21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A482002-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\imsigxext\gxext21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6A482003-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\imsigxext\gxext21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{6E1099B5-A2D4-11D5-BA2B-00C0DF0625A5}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\RevisionCloud.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{7657D07B-63D1-480B-B9E5-839E458E659E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\DimensionTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Shane\AppData\Local\Citrix\GoToMeeting\6140\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{90E611F0-DE07-11D2-ABC3-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\ViewportTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{BF0BBC85-A311-11D3-A82D-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\TcTools\PalTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{C9ACD2AA-AB9F-40DE-AFBE-1350D6BCB291}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\TCTrnTools.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{D732323E-7207-465d-9924-BCBAFE352435}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\CompoundProfileTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001_Classes\CLSID\{DF9B76D3-539B-42DC-B0A3-80B0664B2C01}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\TcTools\TcCfpLaunchTool.dll (IMSIDesign, LLC)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11CEAFCC-54FF-439D-8CA3-E31CBD5CED24} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {26278CDF-2DB6-4515-A395-9CC051FD2CF7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {2C9471C8-D974-4B7A-9CAD-AE11AD10CDDB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-05] (Google Inc.)
Task: {2EB71203-1804-4F9B-90C2-87BDB7281A7F} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {3AA29A60-D16F-4F4F-93E1-EBB1A1BF3B56} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
Task: {45F3F64C-5616-4A71-9023-17DE80C0FDB6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {507ED709-8A6F-4BCB-8E33-AED54D3224D8} - System32\Tasks\G2MUpdateTask-S-1-5-21-4124817852-1649296433-1094762776-1001 => C:\Users\Shane\AppData\Local\Citrix\GoToMeeting\6140\g2mupdate.exe [2017-01-12] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {5732661A-73FE-470B-B37B-E56E34DC63A4} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {5F61CC95-9606-4FAE-91D9-1D482D0818B6} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Alienware\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {663BFC25-2019-44FF-86A7-D499ADED8985} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {7F059476-F276-44A2-8EEF-062D5BB26A98} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {806CE3A9-60D4-414F-88D6-83882AEA43C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-05] (Google Inc.)
Task: {812E766C-9906-4844-BDF8-0BF1C1792179} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
Task: {A971EA0E-906C-4B54-9FB0-6635DA476182} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {B04A110E-79A8-43C5-A560-2270E7E9912C} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => start ThunderboltService
Task: {BB48699A-9817-41CB-9D0F-A4D8E1F1B0EC} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C4E260E8-1E3D-4E67-800C-2F1FB8DBA70D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Alienware\SupportAssist\uaclauncher.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {DEF42784-256B-4CF7-9EE8-76CB9164EB31} - System32\Tasks\G2MUploadTask-S-1-5-21-4124817852-1649296433-1094762776-1001 => C:\Users\Shane\AppData\Local\Citrix\GoToMeeting\6140\g2mupload.exe [2017-01-12] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F7F1EE82-2699-4ECA-AEBF-623296ABC6EE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {FB611C2C-F191-40FF-A3EA-AADB9421A1EA} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {FC756344-8C45-4665-8FE1-A0159B78AB06} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4124817852-1649296433-1094762776-1001.job => C:\Users\Shane\AppData\Local\Citrix\GoToMeeting\6140\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4124817852-1649296433-1094762776-1001.job => C:\Users\Shane\AppData\Local\Citrix\GoToMeeting\6140\g2mupload.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

==================== Loaded Modules (Whitelisted) ==============

2016-01-14 20:49 - 2010-03-15 17:18 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2016-07-20 13:58 - 2016-06-08 18:12 - 00416408 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
2016-07-20 13:58 - 2016-06-08 18:18 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
2016-07-20 13:58 - 2016-06-08 18:15 - 00130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
2016-07-20 13:58 - 2016-06-08 18:16 - 00025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
2016-07-20 13:58 - 2016-06-08 18:16 - 00059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll
2016-07-20 13:58 - 2016-06-08 18:16 - 00194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
2016-07-20 13:58 - 2016-06-08 18:17 - 00159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll
2016-07-20 13:58 - 2016-06-08 18:17 - 00158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
2016-07-20 13:58 - 2016-06-08 18:16 - 00050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
2016-07-20 13:58 - 2016-06-08 18:15 - 00032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
2017-01-19 21:58 - 2017-01-07 01:27 - 00925240 _____ () C:\Program Files\Dell\Click 2 Fix+\sqlite3.dll
2017-01-19 21:58 - 2017-01-07 01:23 - 00107520 _____ () C:\Program Files\Dell\Click 2 Fix+\nfapi.dll
2017-01-19 21:58 - 2017-01-07 01:25 - 00533520 _____ () C:\Program Files\Dell\Click 2 Fix+\ProtocolFilters.dll
2016-08-28 15:04 - 2016-12-28 11:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-03-04 10:36 - 2016-03-04 10:36 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2014-05-30 16:34 - 2014-05-30 16:34 - 00939008 _____ () C:\Windows\SYSTEM32\EMSC.dll
2017-01-17 17:07 - 2017-01-17 17:07 - 22950480 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2016-12-23 12:10 - 2016-12-23 12:10 - 00323152 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2016-09-30 17:36 - 2016-09-30 17:36 - 46476472 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
2016-12-15 05:22 - 2016-12-08 01:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 05:22 - 2016-12-08 01:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:AstInfo [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:9567EA29 [175]
AlternateDataStreams: C:\Users\Shane\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Shane\Desktop\TX-F:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Shane\Documents\Converted Data:AFP_AfpInfo [122]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "DisplayName"="Dell"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ErrorControl"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ImagePath"="C:\Program Files\Dell\Click 2 Fix+\srvc.exe"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "ObjectName"="LocalSystem"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Start"="2"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dell Click 2 Fix+ => "Type"="272"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2015-08-13 14:46 - 00000734 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shane\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 172.20.50.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AlienFusionService => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: chromoting => 3
MSCONFIG\Services: CodeMeter.exe => 2
MSCONFIG\Services: conmon => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Crypkey License => 2
MSCONFIG\Services: CTAudSvcService => 2
MSCONFIG\Services: CtHdaSvc => 2
MSCONFIG\Services: DanteDiscovery => 2
MSCONFIG\Services: Dell Foundation Services => 2
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDigitalDelivery => 2
MSCONFIG\Services: dvhlp => 2
MSCONFIG\Services: dvs.manager => 2
MSCONFIG\Services: esifsvc => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: GoToAssist => 2
MSCONFIG\Services: GraphicsAmplifierWindowsService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel(R) Security Assist => 3
MSCONFIG\Services: ioloEnergyBooster => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: isaHelperSvc => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: Killer Service V2 => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamNetworkSvc => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: OptocoreServer => 2
MSCONFIG\Services: PanGPS => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: SystemUsageReportSvc_WILLAMETTE => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: ThunderboltService => 3
MSCONFIG\Services: USER_ESRV_SVC_WILLAMETTE => 3
HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "LAN to RS232 Bridge.lnk"
HKLM\...\StartupApproved\StartupFolder: => "CodeMeter Control Center.lnk"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Blackmagic CheckVersion PCI"
HKLM\...\StartupApproved\Run: => "Blackmagic Streaming Server"
HKLM\...\StartupApproved\Run: => "GlobalProtect"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "UpdReg"
HKLM\...\StartupApproved\Run32: => "Sound Blaster Recon3Di SBX Control Panel"
HKLM\...\StartupApproved\Run32: => "DME-N Network Driver"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "BrStsWnd"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "AirPort Base Station Agent"
HKLM\...\StartupApproved\Run32: => "Blackmagic CheckVersion"
HKLM\...\StartupApproved\Run32: => "PowerDVD15Agent"
HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-4124817852-1649296433-1094762776-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{CFF2A72E-A88E-41BB-86F2-537F7925C23D}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{421262CE-11D5-47EE-939E-FFC997055D18}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3265EE1A-6B97-4256-BE7B-2D7A71DF4CD5}] => C:\Users\Shane\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{4E65034C-3588-47D9-B152-73FC4B16B291}] => C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe
FirewallRules: [{9B58E24D-1DA6-4AAE-B2C9-BB7A7CD77148}] => C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe
FirewallRules: [{4B1943AD-DDEB-472E-8163-BF56913CBF00}] => LPort=8800
FirewallRules: [{908DE2B4-0F0B-4402-9B8C-51DEA33BEDB3}] => LPort=8751
FirewallRules: [{944961B9-7BD3-4508-A8F6-A49D102BBE36}] => LPort=4321
FirewallRules: [{503669C2-E1CD-411B-A1A8-5C7F602A5223}] => LPort=14600
FirewallRules: [{705120DD-D227-4FCC-BA5F-A5777337FD65}] => C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe
FirewallRules: [{03E61F17-31FD-4B49-BD0F-B035CF4E1499}] => C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe
FirewallRules: [TCP Query User{DD5734AA-E522-49B6-9406-733B47ECC9ED}C:\users\shane\appdata\local\temp\joi33a0.tmp\join.me.exe] => C:\users\shane\appdata\local\temp\joi33a0.tmp\join.me.exe
FirewallRules: [UDP Query User{C0A41700-42C1-4A51-906F-382ADD3C4042}C:\users\shane\appdata\local\temp\joi33a0.tmp\join.me.exe] => C:\users\shane\appdata\local\temp\joi33a0.tmp\join.me.exe
FirewallRules: [{1B834DAB-DA11-4D40-804D-F4FD8688D99B}] => C:\Program Files (x86)\Brother\Brmfl10e\FAXRX.exe
FirewallRules: [{AF1F1E22-F579-41CE-9805-DA0574524C47}] => C:\Program Files (x86)\Brother\Brmfl10e\FAXRX.exe
FirewallRules: [{CB4517DA-AB16-4ABF-9519-6DD384BEADB6}] => LPort=54925
FirewallRules: [TCP Query User{55651B7B-E46A-4057-B1FC-FFE15CAEC689}C:\program files (x86)\just add power\jadconfig\jadconfig.exe] => C:\program files (x86)\just add power\jadconfig\jadconfig.exe
FirewallRules: [UDP Query User{D32D249E-9BBB-41FF-94A5-19CE5F880A58}C:\program files (x86)\just add power\jadconfig\jadconfig.exe] => C:\program files (x86)\just add power\jadconfig\jadconfig.exe
FirewallRules: [TCP Query User{6D36367F-A0B8-4E4C-BFF1-0E0C23D9183A}C:\program files (x86)\crestron\toolbox\vptcomserver.exe] => C:\program files (x86)\crestron\toolbox\vptcomserver.exe
FirewallRules: [UDP Query User{910B2839-93C2-4987-9FFB-51AD4682A6D2}C:\program files (x86)\crestron\toolbox\vptcomserver.exe] => C:\program files (x86)\crestron\toolbox\vptcomserver.exe
FirewallRules: [TCP Query User{693FC4C5-DBD7-4E66-8FFC-3E2F38BD3B9D}C:\program files (x86)\symetrix\composer 5.0\composer50.exe] => C:\program files (x86)\symetrix\composer 5.0\composer50.exe
FirewallRules: [UDP Query User{E0FE45DC-5A7D-4A34-81B6-B2C2D3CC2FF1}C:\program files (x86)\symetrix\composer 5.0\composer50.exe] => C:\program files (x86)\symetrix\composer 5.0\composer50.exe
FirewallRules: [TCP Query User{72B202BE-FA66-4678-976F-169F0B11F338}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{E2FBD96C-FFAD-4356-95ED-DA3D409FB9CD}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{1487D8C1-F5E1-4424-9D82-C89372702109}C:\program files (x86)\crestron\toolbox\vptcomserver.exe] => C:\program files (x86)\crestron\toolbox\vptcomserver.exe
FirewallRules: [UDP Query User{4698B3B3-B44E-4D4B-98F3-2744228D25F8}C:\program files (x86)\crestron\toolbox\vptcomserver.exe] => C:\program files (x86)\crestron\toolbox\vptcomserver.exe
FirewallRules: [{F1279F32-F5EC-47DA-B2E9-17DD5A0341CC}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C94DEFBD-9BC5-406C-8D72-1190B7685E40}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EEA6FEBC-1DAC-434F-9434-E1B4A11EFEC3}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5FEDAE91-911B-49A6-AD0B-B655C187D917}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{20F794E6-34CD-4782-A998-F7D8905D2216}C:\users\shane\appdata\local\temp\joi857f.tmp\join.me.exe] => C:\users\shane\appdata\local\temp\joi857f.tmp\join.me.exe
FirewallRules: [UDP Query User{46A65B56-FCF8-43BF-A7B9-E120763C21AB}C:\users\shane\appdata\local\temp\joi857f.tmp\join.me.exe] => C:\users\shane\appdata\local\temp\joi857f.tmp\join.me.exe
FirewallRules: [TCP Query User{787DE791-BE23-4696-8ED3-73AB84CCD41F}C:\users\shane\appdata\local\temp\joi35d6.tmp\join.me.exe] => C:\users\shane\appdata\local\temp\joi35d6.tmp\join.me.exe
FirewallRules: [UDP Query User{D6EE16D9-1BF5-447F-8263-FF455F12CF30}C:\users\shane\appdata\local\temp\joi35d6.tmp\join.me.exe] => C:\users\shane\appdata\local\temp\joi35d6.tmp\join.me.exe
FirewallRules: [TCP Query User{D352337C-F652-44DD-9892-282D0BC38D08}C:\users\shane\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => C:\users\shane\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{FB08BD3F-36E7-4D10-A3EA-19C9966AE92C}C:\users\shane\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => C:\users\shane\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{1D510A18-64D3-497F-AFD0-18254E85789A}C:\users\shane\appdata\local\temp\joi692d.tmp\join.me.exe] => C:\users\shane\appdata\local\temp\joi692d.tmp\join.me.exe
FirewallRules: [UDP Query User{CCCCDC1D-B8FE-4345-9C83-B70206F1B7AF}C:\users\shane\appdata\local\temp\joi692d.tmp\join.me.exe] => C:\users\shane\appdata\local\temp\joi692d.tmp\join.me.exe
FirewallRules: [{E2C4A3C6-EEB0-4F84-8E70-F5FEC0686348}] => C:\Program Files (x86)\Brother\BRAdmin Light\BRAdmLight.exe
FirewallRules: [TCP Query User{BE84AA49-109F-4959-9CDF-32A3D31EA3C4}C:\program files (x86)\evi audio\iris-net v2.4.1\irisnet.exe] => C:\program files (x86)\evi audio\iris-net v2.4.1\irisnet.exe
FirewallRules: [UDP Query User{36E2BDA3-46CB-4E17-A7F1-534DDEBACBFC}C:\program files (x86)\evi audio\iris-net v2.4.1\irisnet.exe] => C:\program files (x86)\evi audio\iris-net v2.4.1\irisnet.exe
FirewallRules: [TCP Query User{35712B88-FC74-47C9-8B03-F2D7B8AE8518}C:\program files (x86)\shure\wireless workbench 6\wireless workbench 6.exe] => C:\program files (x86)\shure\wireless workbench 6\wireless workbench 6.exe
FirewallRules: [UDP Query User{49CA3C3E-FBD3-47A4-8836-E4A292787954}C:\program files (x86)\shure\wireless workbench 6\wireless workbench 6.exe] => C:\program files (x86)\shure\wireless workbench 6\wireless workbench 6.exe
FirewallRules: [TCP Query User{FA049080-07E8-4F88-9D8E-442825A2D30C}C:\program files (x86)\shure\wireless workbench 6\snetdameon.exe] => C:\program files (x86)\shure\wireless workbench 6\snetdameon.exe
FirewallRules: [UDP Query User{3F1E5941-0342-46E8-832C-1A2786E530D4}C:\program files (x86)\shure\wireless workbench 6\snetdameon.exe] => C:\program files (x86)\shure\wireless workbench 6\snetdameon.exe
FirewallRules: [{35788DA1-44B2-4BBD-8FFD-1A6A2E804A6E}] => C:\program files (x86)\shure\wireless workbench 6\snetdameon.exe
FirewallRules: [{DA5454A9-EEB2-4C04-A482-97FD1F2FF676}] => C:\program files (x86)\shure\wireless workbench 6\snetdameon.exe
FirewallRules: [{8ECA2CF1-F375-4E2A-9E2A-0FC0D60D6ADD}] => C:\program files (x86)\shure\wireless workbench 6\wireless workbench 6.exe
FirewallRules: [{078EB180-30A7-4D4A-B16C-8C954ECA715D}] => C:\program files (x86)\shure\wireless workbench 6\wireless workbench 6.exe
FirewallRules: [TCP Query User{4A5EDA81-CC8E-43AC-9099-0658A59545D1}C:\program files (x86)\evi audio\iris-net v2.4.1\irisnet.exe] => C:\program files (x86)\evi audio\iris-net v2.4.1\irisnet.exe
FirewallRules: [UDP Query User{8C891015-F286-4410-A0D9-36602E24B407}C:\program files (x86)\evi audio\iris-net v2.4.1\irisnet.exe] => C:\program files (x86)\evi audio\iris-net v2.4.1\irisnet.exe
FirewallRules: [{CDBAEE74-E6D4-41B4-AEA4-89485A1743C4}] => C:\Users\Shane\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{B609E92F-A68D-464D-9D4B-F9FFE0D102ED}] => C:\Users\Shane\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{C7820167-8E3B-44A7-91BC-F5E6863D61B3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{8AF570F7-8879-4607-8D64-DF7D27CE1527}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{60297E56-4757-4CB6-95DB-9CDD8025EA9D}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{694F7A64-3D46-435E-A766-2D34488C336A}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A850B9A8-24AB-432B-8B6C-30F8028CB70F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B206CB23-F694-43DB-9854-83CA88A256E3}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A88F1FDE-0AC5-46CB-9F6E-77F0B9084DEE}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A3B8355A-79FF-4742-9B7D-73B731AFF062}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E2F0D23B-CF6D-43C4-ACFF-C278E12A70F7}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{CD19A0EC-7A07-43F9-8C49-19C797F4D236}C:\program files (x86)\symetrix\composer 5.0\composer50.exe] => C:\program files (x86)\symetrix\composer 5.0\composer50.exe
FirewallRules: [UDP Query User{F3A134A7-9D91-4E5F-ACCA-17D73ECDC72F}C:\program files (x86)\symetrix\composer 5.0\composer50.exe] => C:\program files (x86)\symetrix\composer 5.0\composer50.exe
FirewallRules: [TCP Query User{B5C46DEA-61E1-492C-A488-45541E605F8B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{54D68D65-6B6C-4A61-8AED-F752D47412E3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{47113367-7B34-443B-9EC4-C67C4DA37140}C:\program files (x86)\airport\aputil.exe] => C:\program files (x86)\airport\aputil.exe
FirewallRules: [UDP Query User{2FAE7EFB-5DCC-4BD7-9C3D-4B0C133CBE3B}C:\program files (x86)\airport\aputil.exe] => C:\program files (x86)\airport\aputil.exe
FirewallRules: [{7E40C351-4949-44A5-9B8D-2C37F1A35154}] => C:\Program Files (x86)\AirPort\APAgent.exe
FirewallRules: [TCP Query User{C2514B62-9C2A-4873-8A8C-2AC67A2584AE}C:\program files (x86)\airport\aputil.exe] => C:\program files (x86)\airport\aputil.exe
FirewallRules: [UDP Query User{EAAA8CB6-7CD7-4AC6-8553-B1194ED76439}C:\program files (x86)\airport\aputil.exe] => C:\program files (x86)\airport\aputil.exe
FirewallRules: [{62C3171F-C024-4C97-99DC-EA3F4B4D9D45}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{A75B2CA8-58BF-406C-8610-144F51EC8394}C:\program files (x86)\audinate\dante controller\dantecontroller.exe] => C:\program files (x86)\audinate\dante controller\dantecontroller.exe
FirewallRules: [UDP Query User{FC07F5AA-14A3-4F56-A254-23D20E39E4FE}C:\program files (x86)\audinate\dante controller\dantecontroller.exe] => C:\program files (x86)\audinate\dante controller\dantecontroller.exe
FirewallRules: [TCP Query User{A8FFB53D-91B4-4745-B67A-2A98D8DDDADA}C:\users\shane\appdata\local\temp\temp1_easyipsetupv425.zip\easyipsetup.exe] => C:\users\shane\appdata\local\temp\temp1_easyipsetupv425.zip\easyipsetup.exe
FirewallRules: [UDP Query User{B1E573A9-C68B-4883-AF4F-56DC6713A3BD}C:\users\shane\appdata\local\temp\temp1_easyipsetupv425.zip\easyipsetup.exe] => C:\users\shane\appdata\local\temp\temp1_easyipsetupv425.zip\easyipsetup.exe
FirewallRules: [TCP Query User{78A4B602-DF11-4B25-8F8E-99F95AB0FF09}C:\users\shane\documents\webfeatproductions\tools\easyipsetup.exe] => C:\users\shane\documents\webfeatproductions\tools\easyipsetup.exe
FirewallRules: [UDP Query User{7D5CD5E3-D291-4508-8683-B22A57D7C42E}C:\users\shane\documents\webfeatproductions\tools\easyipsetup.exe] => C:\users\shane\documents\webfeatproductions\tools\easyipsetup.exe
FirewallRules: [TCP Query User{4A1D0673-97F3-4530-A09B-D3C38FFFA3FC}C:\program files (x86)\blackmagic design\blackmagic smartview\smartviewsetup.exe] => C:\program files (x86)\blackmagic design\blackmagic smartview\smartviewsetup.exe
FirewallRules: [UDP Query User{C5D09F29-0830-4E29-A493-B26FEB68BB74}C:\program files (x86)\blackmagic design\blackmagic smartview\smartviewsetup.exe] => C:\program files (x86)\blackmagic design\blackmagic smartview\smartviewsetup.exe
FirewallRules: [TCP Query User{C8AEB2D8-6648-4DD6-B07B-59A84E8E857B}C:\program files (x86)\allen & heath\gld editor 1.51\gld editor.exe] => C:\program files (x86)\allen & heath\gld editor 1.51\gld editor.exe
FirewallRules: [UDP Query User{8051849D-3B94-4BFA-84D9-6C797890A36C}C:\program files (x86)\allen & heath\gld editor 1.51\gld editor.exe] => C:\program files (x86)\allen & heath\gld editor 1.51\gld editor.exe
FirewallRules: [TCP Query User{DA712C9D-8DDE-452C-B7AE-24F80680C351}C:\program files (x86)\allen & heath\gld editor 1.51\gld editor.exe] => C:\program files (x86)\allen & heath\gld editor 1.51\gld editor.exe
FirewallRules: [UDP Query User{3513C55C-D26F-4A61-95CE-341FEEB720D4}C:\program files (x86)\allen & heath\gld editor 1.51\gld editor.exe] => C:\program files (x86)\allen & heath\gld editor 1.51\gld editor.exe
FirewallRules: [TCP Query User{AE20A9CB-35DB-4D5D-ACE2-C86B81563768}C:\program files (x86)\symetrix\composer 5.1\composer51.exe] => C:\program files (x86)\symetrix\composer 5.1\composer51.exe
FirewallRules: [UDP Query User{6445430D-8FAD-45AD-AE64-E892B960B1F9}C:\program files (x86)\symetrix\composer 5.1\composer51.exe] => C:\program files (x86)\symetrix\composer 5.1\composer51.exe
FirewallRules: [TCP Query User{06A66389-8436-496D-BF5F-2E9FE6F8B93D}C:\program files (x86)\symetrix\composer 5.1\composer51.exe] => C:\program files (x86)\symetrix\composer 5.1\composer51.exe
FirewallRules: [UDP Query User{FFBA4A5D-9595-4A04-AAE4-4B1FD6219EF4}C:\program files (x86)\symetrix\composer 5.1\composer51.exe] => C:\program files (x86)\symetrix\composer 5.1\composer51.exe
FirewallRules: [TCP Query User{DAA6F300-619F-4841-A4E6-5C210D494B37}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{D925B21A-05C7-48F2-A56A-76F0FC9426AF}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{9DD7BA06-7F2F-4F8A-A59C-F7E6A2CA9A36}C:\program files (x86)\allen & heath\ilive editor v1.94\jre6\bin\javaw.exe] => C:\program files (x86)\allen & heath\ilive editor v1.94\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{20822C09-4BE9-458F-AEEA-1272B472FB8C}C:\program files (x86)\allen & heath\ilive editor v1.94\jre6\bin\javaw.exe] => C:\program files (x86)\allen & heath\ilive editor v1.94\jre6\bin\javaw.exe
FirewallRules: [{63AA2611-09C8-43DC-8AAD-3364121BFDB5}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{61AED995-3752-4974-BE72-4F019BD5764F}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{D7C5CDC2-D99E-41F6-BFCB-5BD94648324A}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{AAEE8AF9-A629-475E-80C4-706F1F880D9D}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{D28588CA-0F56-48A4-A923-0DA6AD181B94}] => C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{0B923B97-D7B3-4979-813C-48483F100663}C:\dashboard\dashboard.exe] => C:\dashboard\dashboard.exe
FirewallRules: [UDP Query User{6B49E4CD-59EC-4DA0-8EC3-391757044850}C:\dashboard\dashboard.exe] => C:\dashboard\dashboard.exe
FirewallRules: [TCP Query User{8D42CFF5-5531-410B-A30D-1E7FA4578FDC}C:\dashboard\dashboard.exe] => C:\dashboard\dashboard.exe
FirewallRules: [UDP Query User{E94EBC18-869F-4742-B006-673D47C7EE34}C:\dashboard\dashboard.exe] => C:\dashboard\dashboard.exe
FirewallRules: [TCP Query User{EBFB1557-A794-47AB-8A0E-699B0D853F25}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{E880F2A2-CBBE-4BFE-8BA2-C77C3BE79DC4}C:\program files (x86)\internet explorer\iexplore.exe] => C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{CD07D70E-B07F-4123-B286-7E56468891C1}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A6F0E514-E621-41D7-A368-4FDB225EDF4D}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{42FF69AC-7607-40DD-ADAE-2C2F87A7FA05}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C321193F-DD7F-4869-8F4C-8F14BDC746A8}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FF42EE85-A372-4C33-91E4-ADFE5D79DDF7}] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe
FirewallRules: [{6A94960E-1C4E-4C48-A736-90537BF39AB5}] => C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
FirewallRules: [{7145FC22-A801-40BA-A186-D84650FC70E3}] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
FirewallRules: [{39F139B2-41E2-4559-B096-8B4C8953FBB1}] => C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe
FirewallRules: [{869F6891-9069-4D5A-ACC2-3FE702AA2CD1}] => C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [TCP Query User{F47D9C3A-22BC-4B97-BB5E-2D62F8621844}C:\program files (x86)\audinate\dante controller\dantecontroller.exe] => C:\program files (x86)\audinate\dante controller\dantecontroller.exe
FirewallRules: [UDP Query User{418A5034-1B33-4FA1-9758-0132E0B031DD}C:\program files (x86)\audinate\dante controller\dantecontroller.exe] => C:\program files (x86)\audinate\dante controller\dantecontroller.exe
FirewallRules: [TCP Query User{554AE5D0-079D-4D0E-95C3-71DA60946A30}C:\program files (x86)\l-acoustics\la network manager 2.4\la network manager 2.4.exe] => C:\program files (x86)\l-acoustics\la network manager 2.4\la network manager 2.4.exe
FirewallRules: [UDP Query User{30318B3D-FAE4-477C-B183-D798B1A1B749}C:\program files (x86)\l-acoustics\la network manager 2.4\la network manager 2.4.exe] => C:\program files (x86)\l-acoustics\la network manager 2.4\la network manager 2.4.exe
FirewallRules: [TCP Query User{69110F71-77CC-48C6-BBE8-D32DCDF23ACF}C:\program files\videolan\vlc\vlc.exe] => C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{D27422DC-4669-412E-9F06-CB3D06141526}C:\program files\videolan\vlc\vlc.exe] => C:\program files\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{59175AA9-51F2-4C21-9733-91D1C1CA1592}C:\program files (x86)\shure\shure update utility\shure update utility.exe] => C:\program files (x86)\shure\shure update utility\shure update utility.exe
FirewallRules: [UDP Query User{6145814C-920C-4CC0-AEAD-A1C89504FE77}C:\program files (x86)\shure\shure update utility\shure update utility.exe] => C:\program files (x86)\shure\shure update utility\shure update utility.exe
FirewallRules: [{6EF0EECB-47E8-4F46-9941-770DEFD178C0}] => C:\program files (x86)\shure\shure update utility\shure update utility.exe
FirewallRules: [{7D239C8C-8E9E-4460-8C75-1E726C7021BD}] => C:\program files (x86)\shure\shure update utility\shure update utility.exe
FirewallRules: [TCP Query User{D16F4A7B-E2BC-417B-AC86-3C6CDF06175B}C:\program files (x86)\l-acoustics\la network manager 2.4\la network manager 2.4.exe] => C:\program files (x86)\l-acoustics\la network manager 2.4\la network manager 2.4.exe
FirewallRules: [UDP Query User{EF155C5E-CD6B-4ED2-B72D-FA2781065349}C:\program files (x86)\l-acoustics\la network manager 2.4\la network manager 2.4.exe] => C:\program files (x86)\l-acoustics\la network manager 2.4\la network manager 2.4.exe
FirewallRules: [{50CA55D7-A6F9-4F9C-A172-DB4A38948869}] => C:\Program Files (x86)\Google\Chrome Remote Desktop\55.0.2883.17\remoting_host.exe
FirewallRules: [{98370CD2-07D9-44DA-B3F4-46C5FA64FF76}] => C:\Program Files (x86)\ENTTEC\DMX PRO Manager\PRO-Manager.exe
FirewallRules: [{36C010B1-CCDE-4AB3-91AD-99636217797B}] => C:\Program Files (x86)\ENTTEC\DMX PRO Manager\PRO-Manager.exe
FirewallRules: [TCP Query User{DFCF2A6E-3ED2-48B4-BB08-33BDD8F4FB95}C:\program files (x86)\symetrix\jupiter\bin\jupiterv10.exe] => C:\program files (x86)\symetrix\jupiter\bin\jupiterv10.exe
FirewallRules: [UDP Query User{5B38B0EE-258B-4599-B4A6-27133FC87571}C:\program files (x86)\symetrix\jupiter\bin\jupiterv10.exe] => C:\program files (x86)\symetrix\jupiter\bin\jupiterv10.exe
FirewallRules: [TCP Query User{C564C495-9E8F-4C05-A10E-90C255C514AF}C:\program files (x86)\symetrix\jupiter\bin\jupiterv10.exe] => C:\program files (x86)\symetrix\jupiter\bin\jupiterv10.exe
FirewallRules: [UDP Query User{12D9CD3B-AF2B-4DF3-9175-099F3FE1260A}C:\program files (x86)\symetrix\jupiter\bin\jupiterv10.exe] => C:\program files (x86)\symetrix\jupiter\bin\jupiterv10.exe
FirewallRules: [{7157D72A-B82D-440D-B64F-E005B8FAFD41}] => C:\Program Files (x86)\Yamaha\Amp Editor\AmpEditor.exe
FirewallRules: [{9C7588A6-69A2-479D-8A4F-C81F024250CD}] => C:\Program Files (x86)\Yamaha\MTX-MRX Editor\V2.2\MTX3.exe
FirewallRules: [{CE86408E-6550-4258-B498-905E4953F1F9}] => C:\Program Files (x86)\Yamaha\MTX-MRX Editor\V2.2\XMV.exe
FirewallRules: [{F4101B8D-0A4F-4342-AF18-A3EC93DCE69D}] => C:\Program Files (x86)\Yamaha\MTX-MRX Editor\V2.2\XMV-D.exe
FirewallRules: [{8C1FC760-BA22-4BC1-BBB1-5257ABBB9206}] => C:\Program Files (x86)\Yamaha\MTX-MRX Editor\V2.2\EXio.exe
FirewallRules: [{0EA2ED53-7EE8-49FC-A7A3-C08ADA63E140}] => C:\Program Files (x86)\Yamaha\MTX-MRX Editor\V2.2\MTX5-D.exe
FirewallRules: [{97F90CC3-9F9B-4570-9CD4-29DA564C49ED}] => C:\Program Files (x86)\Yamaha\MTX-MRX Editor\V2.2\MRX7-D.exe
FirewallRules: [{EE543CD6-72F4-4A53-A05E-E2B341880C59}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6658A5FE-2266-4065-8B9F-37C6485C6ACE}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4EE830BD-103A-451B-BFFD-3A5A8DDB6240}] => C:\Program Files\Dell\Click 2 Fix+\cust.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Restore Points =========================

11-01-2017 14:17:47 Scheduled Checkpoint
12-01-2017 16:05:16 Installed OLMtoPST Converter Pro 1.4
19-01-2017 21:58:46 Pre Install Click 2 Fix+ restore point
22-01-2017 16:35:31 Removed TouchFreeze

==================== Faulty Device Manager Devices =============

Name: Kionix KXCNL Freefall Sensor
Description: Kionix KXCNL Freefall Sensor
Class Guid: {b4f2027a-f326-4c3b-8e28-80d112a7f7d1}
Manufacturer: Kionix, Inc.
Service: kiox_ff_driver
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2017 05:36:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.18460 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 940

Start Time: 01d274d26c147d57

Termination Time: 0

Application Path: C:\Windows\Explorer.EXE

Report Id: 7c8f21c2-e0fb-11e6-82d1-9cb6d005425c

Faulting package full name:

Faulting package-relative application ID:

Error: (01/22/2017 05:00:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cust.exe, version: 0.4.0.5, time stamp: 0x586a0a97
Faulting module name: trig000.dll_unloaded, version: 1.0.0.1, time stamp: 0x586a0a59
Exception code: 0xc0000005
Fault offset: 0x000000000001775c
Faulting process id: 0x5d0
Faulting application start time: 0x01d274d23773bafb
Faulting application path: C:\Program Files\Dell\Click 2 Fix+\cust.exe
Faulting module path: trig000.dll
Report Id: 8551a0ed-e0f6-11e6-82d1-9cb6d005425c
Faulting package full name:
Faulting package-relative application ID:

Error: (01/22/2017 04:35:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/22/2017 11:09:07 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 28507 ms

Error: Unable to create resource file.

Error: (01/22/2017 11:09:07 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel(R) Dynamic Platform and Thermal Framework : ESIF(8.1.10603.192) TYPE: ERROR FUNC: rsrc_file_extract_resource_file FILE: rsrc_file.c LINE: 384 TIME: 28503 ms

Error: Unable to create resource file.

Error: (01/22/2017 11:08:57 AM) (Source: SGDawNodeService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/22/2017 11:08:57 AM) (Source: SGDawNodeService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/22/2017 11:08:57 AM) (Source: SGDawNodeService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/22/2017 11:08:57 AM) (Source: SGDawNodeService) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/22/2017 11:08:57 AM) (Source: SGDawNodeService) (EventID: 0) (User: )
Description: Event-ID 0

System errors:
=============
Error: (01/22/2017 11:38:53 AM) (Source: DCOM) (EventID: 10010) (User: Oberon)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (01/22/2017 11:08:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (01/22/2017 11:08:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sentinel64 service failed to start due to the following error:
The system cannot find the device specified.

Error: (01/22/2017 11:08:55 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000139 (0x0000000000000003, 0xffffd00055eaf110, 0xffffd00055eaf068, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012217-13703-01.

Error: (01/22/2017 11:08:53 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:32:00 AM on ‎1/‎22/‎2017 was unexpected.

Error: (01/22/2017 11:08:40 AM) (Source: Application Popup) (EventID: 56) (User: )
Description: ACPI5

Error: (01/21/2017 02:25:03 AM) (Source: DCOM) (EventID: 10010) (User: Oberon)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (01/21/2017 02:24:33 AM) (Source: DCOM) (EventID: 10010) (User: Oberon)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

Error: (01/20/2017 04:11:32 AM) (Source: DCOM) (EventID: 10010) (User: Oberon)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.

Error: (01/20/2017 04:11:02 AM) (Source: DCOM) (EventID: 10010) (User: Oberon)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
Date: 2017-01-22 17:59:32.357
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 17:59:25.947
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 17:58:21.271
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 17:58:14.794
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 17:57:22.846
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 17:57:16.500
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 17:50:32.053
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 17:50:26.030
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 17:48:04.957
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-01-22 17:47:58.621
Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume7\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-6820HK CPU @ 2.70GHz
Percentage of memory in use: 24%
Total physical RAM: 16280.65 MB
Available physical RAM: 12255.35 MB
Total Virtual: 32664.65 MB
Available Virtual: 28778.55 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:944.18 GB) (Free:710.13 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:616.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C5C5E14E)

Partition: GPT.

========================================================
Disk: 1 (Size: 953.9 GB) (Disk ID: 49CE9610)

Partition: GPT.

==================== End of Addition.txt ============================

↧

new thread via malware forum

January 22, 2017, 11:34 pm

≫ Next: Manual Removal Guide for Ad.MegaSearch

≪ Previous: Fareit and keylogger

directed me to start a new thread here about my bitdefender error report but when i try to upload the file it says invalid file. it's name is Bitdefender Threat Scanner.dmp how can i send that to be examined?

https://forums.spybot.info/showthrea...-and-need-help

↧

Manual Removal Guide for Ad.MegaSearch

January 24, 2017, 4:51 am

≫ Next: Manual Removal Guide for PU.AdvanceSystemCare

≪ Previous: new thread via malware forum

The following instructions have been created to help you to get rid of "Ad.MegaSearch" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

adware
bho

Description:

Ad.MegaSearch installs a BHO (Browser Helper Object) and more unwanted extensions to default web browsers.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

The file at "<$COMMONAPPDATA>\BeeMP3\bogeipaekklnlihpaphoibmoileciekk\bogeipaekklnlihpaphoibmoileciekk.crx".
The file at "<$COMMONAPPDATA>\BeeMP3\daoikldkclaafpadkkhebmapacdihpdm\daoikldkclaafpadkkhebmapacdihpdm.crx".
The file at "<$COMMONAPPDATA>\BeeMP3\fhdmdnglbocomhijclkomaiphhfmdala\fhdmdnglbocomhijclkomaiphhfmdala.crx".
The file at "<$COMMONAPPDATA>\BeeMP3\kkckpbpmpdnaenhhopidhcmghcnocpek\kkckpbpmpdnaenhhopidhcmghcnocpek.crx".

Make sure you set your file manager to display hidden and system files. If Ad.MegaSearch uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

The directory at "<$COMMONAPPDATA>\BeeMP3\bogeipaekklnlihpaphoibmoileciekk".
The directory at "<$COMMONAPPDATA>\BeeMP3\daoikldkclaafpadkkhebmapacdihpdm".
The directory at "<$COMMONAPPDATA>\BeeMP3\fhdmdnglbocomhijclkomaiphhfmdala".
The directory at "<$COMMONAPPDATA>\BeeMP3\kkckpbpmpdnaenhhopidhcmghcnocpek".
The directory at "<$COMMONAPPDATA>\BeeMP3".
The directory at "<$LOCALAPPDATA>\Comodo\Dragon\User Data\Default\Extensions\kehdnckffompgiiglpnjegafmkkompje".
The directory at "<$LOCALAPPDATA>\Comodo\Dragon\User Data\Default\Extensions\pdloedoldpielkkenhgdfeogelhpijam".
The directory at "<$LOCALAPPDATA>\Google\Chrome SxS\User Data\Default\Extensions\kehdnckffompgiiglpnjegafmkkompje".
The directory at "<$LOCALAPPDATA>\Google\Chrome SxS\User Data\Default\Extensions\pdloedoldpielkkenhgdfeogelhpijam".
The directory at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Extensions\kehdnckffompgiiglpnjegafmkkompje".
The directory at "<$LOCALAPPDATA>\Google\Chrome\User Data\Default\Extensions\pdloedoldpielkkenhgdfeogelhpijam".
The directory at "<$LOCALAPPDATA>\Torch\User Data\Default\Extensions\kehdnckffompgiiglpnjegafmkkompje".
The directory at "<$LOCALAPPDATA>\Torch\User Data\Default\Extensions\pdloedoldpielkkenhgdfeogelhpijam".
The directory at "<$PROFILE>\AppData\LocalLow\{0B061568-3331-85A1-12FF-05369F889A26}".
The directory at "<$PROFILE>\AppData\LocalLow\{2B356CCF-046C-C572-C773-4E06C6D26C6A}".
The directory at "<$PROFILE>\AppData\LocalLow\{4CC1937A-4CA2-1C39-ADFD-10FB667B92A8}".
The directory at "<$PROFILE>\AppData\LocalLow\{A8E32607-76E8-6C37-34D6-59942B351939}".

Make sure you set your file manager to display hidden and system files. If Ad.MegaSearch uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

Delete the registry key "{2B356CCF-046C-C572-C773-4E06C6D26C6A}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{2B356CCF-046C-C572-C773-4E06C6D26C6A}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{2B356CCF-046C-C572-C773-4E06C6D26C6A}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\".
Delete the registry key "{4CC1937A-4CA2-1C39-ADFD-10FB667B92A8}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{4CC1937A-4CA2-1C39-ADFD-10FB667B92A8}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{4CC1937A-4CA2-1C39-ADFD-10FB667B92A8}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\".
Delete the registry key "{A8E32607-76E8-6C37-34D6-59942B351939}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{A8E32607-76E8-6C37-34D6-59942B351939}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{A8E32607-76E8-6C37-34D6-59942B351939}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\".
Delete the registry key "bogeipaekklnlihpaphoibmoileciekk" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\".
Delete the registry key "daoikldkclaafpadkkhebmapacdihpdm" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\".
Delete the registry key "fhdmdnglbocomhijclkomaiphhfmdala" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\".
Delete the registry key "kkckpbpmpdnaenhhopidhcmghcnocpek" at "HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\".
Delete the registry value "{0B061568-3331-85A1-12FF-05369F889A26}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\".
Delete the registry value "{2B356CCF-046C-C572-C773-4E06C6D26C6A}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\".
Delete the registry value "{4CC1937A-4CA2-1C39-ADFD-10FB667B92A8}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\".
Delete the registry value "{A8E32607-76E8-6C37-34D6-59942B351939}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\".

If Ad.MegaSearch uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

Please read these instructions before requesting assistance,
Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.

↧

Manual Removal Guide for PU.AdvanceSystemCare

January 24, 2017, 4:51 am

≫ Next: Manual Removal Guide for PU.Jawego.PCCleaner

≪ Previous: Manual Removal Guide for Ad.MegaSearch

The following instructions have been created to help you to get rid of "PU.AdvanceSystemCare" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

pups

Description:

PU.AdvanceSystemCare scans the computer for errors and invalid registry entries in order to improve system stability. If the user wants to fix these entries he has to activate the program. After closing the main window of the free version a new window opens and remembers the user to get an activation key. A user has to buy a license of the product if he needs the functionality. This software license costs $ 29,95 (status: January 2017).

Links (be careful!):

: ttp://advancedpctools.com

Removal Instructions:

Autorun:

Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.

Entries named "Advance-System-Care_Logon" and pointing to "?<$PROGRAMFILES>\Advance-System-Care\adsc.exe? startupshow".
Entries named "UniDU" and pointing to "?<$APPDATA>\UniDU\UniDULauncher.exe? /verysilent?".

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

Products that have a key or property named "{F751A81C-AAF7-4E24-8E40-231FD881A20B}_is1".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

The file at "<$APPDATA>\FileOpenerWindows\wfo.exe".
The file at "<$APPDATA>\SCAppManager\appmanager.exe".
The file at "<$COMMONAPPDATA>\ASCValidator\ASCValidatorService.exe".
The file at "<$COMMONDESKTOP>\Advance-System-Care.lnk".
The file at "<$COMMONPROGRAMS>\Advance-System-Care\Advance-System-Care.lnk".
The file at "<$COMMONPROGRAMS>\Advance-System-Care\Buy Advance-System-Care.lnk".
The file at "<$COMMONPROGRAMS>\Advance-System-Care\Uninstall Advance-System-Care.lnk".
The file at "<$PROGRAMFILES>\Advance-System-Care\adsc.exe".
The file at "<$PROGRAMFILES>\Advance-System-Care\unins000.exe".

Make sure you set your file manager to display hidden and system files. If PU.AdvanceSystemCare uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

The directory at "<$APPDATA>\advancepctools.net\Advance-System-Care".
The directory at "<$APPDATA>\FileOpenerWindows".
The directory at "<$APPDATA>\SCAppManager".
The directory at "<$COMMONAPPDATA>\advancepctools.net\Advance-System-Care".
The directory at "<$COMMONAPPDATA>\ASCValidator".
The directory at "<$COMMONPROGRAMS>\Advance-System-Care".
The directory at "<$PROGRAMFILES>\Advance-System-Care".

Make sure you set your file manager to display hidden and system files. If PU.AdvanceSystemCare uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

Delete the registry key "Advance-System-Care" at "HKEY_CURRENT_USER\Software\advancepctools.net\".
Delete the registry key "Advance-System-Care" at "HKEY_LOCAL_MACHINE\SOFTWARE\advancepctools.net\".
Delete the registry key "asc-pr" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
Delete the registry key "ASCValidator" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
Delete the registry key "ASCValidator" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\".
Delete the registry key "ASCValidator" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
Delete the registry key "ASCValidator" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\".
Delete the registry key "ASCValidator" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
Delete the registry key "ASCValidator" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\".
Delete the registry key "ASCValidatorService" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
Delete the registry key "opendlg" at "HKEY_CLASSES_ROOT\Unknown\shell\".

If PU.AdvanceSystemCare uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

Please read these instructions before requesting assistance,
Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.

↧

Manual Removal Guide for PU.Jawego.PCCleaner

January 24, 2017, 4:51 am

≫ Next: Infected computer, randomly tabs to desktop and have had adware

≪ Previous: Manual Removal Guide for PU.AdvanceSystemCare

The following instructions have been created to help you to get rid of "PU.Jawego.PCCleaner" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

pups

Description:

PU.Purify scans the computer for errors and invalid registry entries in order to improve system stability. If the user wants to fix these entries he has to activate the program. After closing the main window of the free version a new window opens and remembers the user to get an activation key. The free version is only a trial. However the software offers to fix 15 Windows registry errors if the user provides his email address. A user has to buy a license of the product if he needs the functionality. This software license costs $ 39,95 and is reduced to $ 19,95 when attempting to leave their website (status: January 2017).

Links (be careful!):

: ttp://www.pcpurifier.co/
: ttp://www.jawego.com/

Removal Instructions:

Installed Software List:

You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D or RunAlyzer to locate and get rid of these entries.

Products that have a key or property named "PC Clean Plus_is1".

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

The file at "<$COMMONDESKTOP>\PC Clean Plus.lnk".
The file at "<$COMMONPROGRAMS>\PC Clean Plus\PC Clean Plus.lnk".
The file at "<$COMMONPROGRAMS>\PC Clean Plus\Register PC Clean Plus.lnk".
The file at "<$COMMONPROGRAMS>\PC Clean Plus\Uninstall PC Clean Plus.lnk".
The file at "<$PROGRAMFILES>\PC Clean Plus\PCCleanPlus.exe".
The file at "<$PROGRAMFILES>\PC Clean Plus\PCCPUns.exe".
The file at "<$PROGRAMFILES>\PC Clean Plus\unins000.exe".
The file at "<$WINDIR>\Tasks\PC Clean Plus_DEFAULT.job".
The file at "<$WINDIR>\Tasks\PC Clean Plus_UPDATES.job".

Make sure you set your file manager to display hidden and system files. If PU.Jawego.PCCleaner uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

The directory at "<$APPDATA>\PC Clean Plus".
The directory at "<$COMMONPROGRAMS>\PC Clean Plus".
The directory at "<$PROGRAMFILES>\PC Clean Plus".

Make sure you set your file manager to display hidden and system files. If PU.Jawego.PCCleaner uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Registry:

You can use regedit.exe (included in Windows) to locate and delete these registry entries.

Delete the registry key "Clean" at "HKEY_CURRENT_USER\Software\PC\".
Delete the registry key "Clean" at "HKEY_LOCAL_MACHINE\SOFTWARE\PC\".
Delete the registry key "PC Clean Plus" at "HKEY_CURRENT_USER\Software\".
Delete the registry key "PC Clean Plus" at "HKEY_LOCAL_MACHINE\SOFTWARE\".

If PU.Jawego.PCCleaner uses rootkit technologies, use our RegAlyzer, RootAlyzer or our Total Commander anti-rootkit plugins.

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

Please read these instructions before requesting assistance,
Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.

↧

Infected computer, randomly tabs to desktop and have had adware

January 24, 2017, 4:51 am

≫ Next: Manual Removal Guide for PU.Softmedia

≪ Previous: Manual Removal Guide for PU.Jawego.PCCleaner

Please note: Everytime I've tried to run aswMBR my computer has blue screened and restarted. The forum also won't allow me to upload FRST.txt because the filesize is too big (121 KB) I can paste it in if needed unless there's something I can do.

Attached Files

Addition.txt (42.8 KB)

↧

Manual Removal Guide for PU.Softmedia

January 24, 2017, 4:51 am

≫ Next: Manual Removal Guide for PU.Softmedia

≪ Previous: Infected computer, randomly tabs to desktop and have had adware

The following instructions have been created to help you to get rid of "PU.Softmedia" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.

If this guide was helpful to you, please consider donating towards this site.

Threat Details:

Categories:

pups

Description:

The 'Windows Session Console Weather' program is installed through PowerPack installers as optional content. PU.Softmedia stores IDs of the used installer within the common application data directory. A created startmenue link refers to further installer files.

Removal Instructions:

Files:

Please use Windows Explorer or another file manager of your choice to locate and delete these files.

A file with an unknown location named "wEyeSetup.msi".
The file at "<$COMMONAPPDATA>\SoftMedia\Windows Session Console Weather\Agent.txt".
The file at "<$COMMONAPPDATA>\SoftMedia\Windows Session Console Weather\Install.txt".
The file at "<$COMMONAPPDATA>\SoftMedia\Windows Session Console Weather\Pid.txt".
The file at "<$COMMONSTARTUP>\wEye.lnk".
The file at "<$PROGRAMFILES>\SoftMedia\Windows Session Console Weather\BannerTop.bmp".
The file at "<$PROGRAMFILES>\SoftMedia\Windows Session Console Weather\wdscw.exe".
The file at "<$PROGRAMFILES>\SoftMedia\Windows Session Console Weather\wdscw.InstallState".
The file at "<$PROGRAMFILES>\SoftMedia\Windows Session Console Weather\wEye End User License Agreement.rtf".
The file at "<$PROGRAMFILES>\SoftMedia\Windows Session Console Weather\wEye.bat".

Make sure you set your file manager to display hidden and system files. If PU.Softmedia uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!

Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.

Folders:

Please use Windows Explorer or another file manager of your choice to locate and delete these folders.

The directory at "<$COMMONAPPDATA>\SoftMedia\Windows Session Console Weather".
The directory at "<$PROGRAMFILES>\SoftMedia\Windows Session Console Weather".

Make sure you set your file manager to display hidden and system files. If PU.Softmedia uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!

Final Words:

If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,

Please read these instructions before requesting assistance,
Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.

↧