Results 1 to 9 of 9

Thread: Am I infected?

  1. #1
    Member
    Join Date
    Oct 2008
    Posts
    53

    Default Am I infected?

    I'm suddenly having trouble connecting to web sites with my desktop. The problem started about a week ago and affected my desktop, as well as my wife’s two laptops, and my Kindle, all of which access the Internet through a cable modem from Spectrum (aka TWC) and a Cisco ValetPlus WiFi router. At first it was just poor and intermittent Internet connection. I could access AOL and Facebook, as well as a few other random web sites, but most attempts to open other web pages resulted in a “This page can’t be displayed” message, and clicking on any link within AOL or Facebook gave the same message. Initially we worked around the problem by using a Verizon mobile hot spot. We had a Spectrum (TWC) technician come to the house, and although he found the modem and router to be working, he said we have a weak signal, and replaced the modem and the cables. That seemed to fix the problem for the two laptops and the Kindle, but it has not cured my desktop. I am using a Dell XPS 8500 with Windows 7. I have tried both IE 11.0.36 and Firefox 49.0.1 as my browser. I ran a scan with Malwarebytes, and it found a few PUPs, which I quarantined per instructions, but no malware. I have a McAfee firewall on, and am running McAfee real-time scanning.
    At present, I can open AOL, Facebook (when I open Facebook I get a message “Revocation information for the security certificate for this site is not available”), Google, among other random web sites, including the Spybot home page. However, I am unable to open any links within those web sites, including the Spybot Forum. Google is my home page for IE, and I can do Google searches, but I can't open the sites from within Google. I had to use a laptop to download Registry Backup, FRST, and aswMBR onto a thumb drive, then load them onto my desktop, run the scans, copy the logs onto the thumb drive, and post the logs on the forum using the laptop.

    Logs to follow. Admin Edit, merged two posts.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
    Ran by John (administrator) on JOHNDESKTOP (05-11-2016 16:50:39)
    Running from C:\Users\John\Desktop
    Loaded Profiles: John (Available Profiles: John)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\CommonBuild\McCBEntAndInstru.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    (Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    (Amazon Digital Services, LLC.) C:\Users\John\AppData\Local\Apps\2.0\P7MB5E8M.6KY\GLE0X4JV.KKE\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Dropbox, Inc.) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Mozy, Inc.) C:\Program Files\Mozy Sync\mozysync.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    (McAfee, Inc.) C:\Program Files\mcafee\MAT\McPvTray.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.9.829.0\McCSPServiceHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
    (Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
    (Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\CommonBuild\McCBEntAndInstru.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\CommonBuild\McCBEntAndInstru.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Sun Microsystems, Inc.) C:\Users\John\AppData\Local\Apps\2.0\P7MB5E8M.6KY\GLE0X4JV.KKE\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\LocalServiceJre\bin\AmazonCloudDriveW.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\CommonBuild\McCBEntAndInstru.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\CommonBuild\McCBEntAndInstru.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\CommonBuild\McCBEntAndInstru.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
    (McAfee, Inc.) C:\Program Files\mcafee\VUL\McVulAlert.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\CommonBuild\McCBEntAndInstru.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
    (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
    (Intel Security) C:\Program Files\Common Files\mcafee\ClientAnalytics\McClientAnalytics.exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
    HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
    HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
    HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
    HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
    HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057408 2012-06-04] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-18] (ArcSoft Inc.)
    HKLM-x32\...\Run: [UTM.exe] => cmd /c "start "" "C:\Program Files (x86)\EUT\C811\SUA\UTM.exe""
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286984 2015-10-07] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [530560 2016-04-25] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [239744 2016-04-25] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [714992 2016-07-05] ()
    HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
    HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\Run: [Dropbox Update] => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
    HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
    HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\MountPoints2: {35de0db4-6ab6-11e5-8fce-689423274ca4} - J:\TL-BootStrap.exe
    HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\MountPoints2: {c4afcc77-4666-11e2-b1f6-689423274ca4} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\TL-Bootstrap.exe
    HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\MountPoints2: {c531fead-292a-11e3-892f-689423274ca4} - K:\TL-BootStrap.exe
    HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\MountPoints2: {c76dbdac-2513-11e2-99ab-689423274ca4} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\TL-Bootstrap.exe
    HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
    HKU\S-1-5-18\...\RunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    HKU\S-1-5-18\...\RunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    HKU\S-1-5-18\...\RunOnce: [{90140000-00A1-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    HKU\S-1-5-18\...\RunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    ShellIconOverlayIdentifiers: [ mozysyncNotUploaded] -> {34DF8AC2-A6BB-4855-B45A-CC1B4D9183E3} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2014-10-31] (Mozy, Inc.)
    ShellIconOverlayIdentifiers: [ mozysyncPendingChanges] -> {6673BC77-4A7B-4299-A130-14312E6B203A} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2014-10-31] (Mozy, Inc.)
    ShellIconOverlayIdentifiers: [ mozysyncUpToDate] -> {04547006-32F5-4635-844B-B8D7FCE47692} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2014-10-31] (Mozy, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)
    ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)
    ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-02-17]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-01]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2015-11-28]
    ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-10-07]
    ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
    Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk [2016-10-29]
    ShortcutTarget: Amazon Cloud Drive.lnk -> C:\Users\John\AppData\Local\Apps\2.0\P7MB5E8M.6KY\GLE0X4JV.KKE\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)
    Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-26]
    ShortcutTarget: Dropbox.lnk -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozy Sync.lnk [2013-11-23]
    ShortcutTarget: Mozy Sync.lnk -> C:\Program Files\Mozy Sync\mozysync.exe (Mozy, Inc.)
    BootExecute: autocheck autochk * sdnclean64.exe
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: 0.0.0.1 mssplus.mcafee.com
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Tcpip\..\Interfaces\{0F8D86FA-E84F-4232-BE1F-0CE7F0B5B425}: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Tcpip\..\Interfaces\{B1521873-611C-4141-AAB1-CC30AFC23073}: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62

    Internet Explorer:
    ==================
    HKU\S-1-5-21-211488708-3525939622-1550682978-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    HKU\S-1-5-21-211488708-3525939622-1550682978-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    SearchScopes: HKLM -> {CE522274-F06E-4D52-9CA3-63B6C654F169} URL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    SearchScopes: HKLM -> {FA3295EA-6375-4900-8C94-B2A9C0C67D6E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {FA3295EA-6375-4900-8C94-B2A9C0C67D6E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-211488708-3525939622-1550682978-1000 -> DefaultScope {4795153C-A663-466B-A28C-ECFD99709FFA} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-211488708-3525939622-1550682978-1000 -> {4795153C-A663-466B-A28C-ECFD99709FFA} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-211488708-3525939622-1550682978-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-211488708-3525939622-1550682978-1000 -> {CE522274-F06E-4D52-9CA3-63B6C654F169} URL =
    SearchScopes: HKU\S-1-5-21-211488708-3525939622-1550682978-1000 -> {FA3295EA-6375-4900-8C94-B2A9C0C67D6E} URL =
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-09-16] (RealDownloader)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-09-16] (RealDownloader)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2011-12-29] (Atheros Commnucations)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-03] (McAfee, Inc.)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2016-07-07] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-07-07] (McAfee, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aeoam766.default [2016-11-05]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\aeoam766.default -> Secure Search
    FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\aeoam766.default -> Secure Search
    FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\aeoam766.default -> Secure Search
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\aeoam766.default -> Secure Search
    FF Homepage: Mozilla\Firefox\Profiles\aeoam766.default -> hxxps://www.google.com/?gws_rd=ssl
    FF Keyword.URL: Mozilla\Firefox\Profiles\aeoam766.default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C111US105D20140130&p=
    FF Extension: (Firefox Hotfix) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aeoam766.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-01]
    FF Extension: (Video DownloadHelper) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aeoam766.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-10-13]
    FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-10-16]
    FF SearchPlugin: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aeoam766.default\searchplugins\McSiteAdvisor.xml [2015-06-06]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-17] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-08-25] [not signed]
    FF HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-06-06]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-13] ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-07-07] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-13] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-04-25] (Citrix Systems, Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-07-07] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=18.1.0.1236 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-10-07] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=18.1.0.1236 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-10-07] (RealTimes)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US105D20140130&p={searchTerms}
    CHR DefaultSearchKeyword: Default -> mcafee
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\PepperFlash\pepflashplayer.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\pdf.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll => No File
    CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
    CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2016-11-05]
    CHR Extension: (SiteAdvisor) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-08-06]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-04]
    CHR Extension: (Chrome Media Router) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-05]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-27]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [106144 2011-12-29] (Atheros Commnucations) [File not signed]
    S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173568 2012-10-09] (Dell Products, LP.) [File not signed]
    S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [928272 2016-08-31] (Garmin Ltd. or its subsidiaries)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
    R2 HPSLPSVC; C:\Users\John\AppData\Local\Temp\7zS15A2\hpslpsvc64.dll [1039360 2012-11-14] (Hewlett-Packard Co.) [File not signed]
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [166152 2016-10-03] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-07-07] (McAfee, Inc.)
    R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-07-11] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
    R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-06-17] (McAfee, Inc.)
    R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54672 2012-09-18] (Mozy, Inc.)
    S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-09-16] ()
    R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1103656 2015-10-07] (RealNetworks, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros) [File not signed]
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros) [File not signed]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 C771BUS; C:\Windows\System32\DRIVERS\C771BUS.sys [71752 2010-08-26] (DEVGURU Co., LTD.)
    S3 C771VSP; C:\Windows\System32\DRIVERS\C771VSP.sys [186056 2010-08-26] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 c811bus; C:\Windows\System32\DRIVERS\c811bus.sys [169800 2012-12-07] (MCCI Corporation)
    S3 c811serd; C:\Windows\System32\DRIVERS\c811serd.sys [159048 2012-12-07] (MCCI Corporation)
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
    S3 Logi_Headset_DFU; C:\Windows\System32\Drivers\lhusbdfuamd64.sys [44136 2015-10-08] (CSR plc.)
    R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [79192 2016-04-20] (McAfee, Inc.)
    R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.)
    R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
    R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-05 16:50 - 2016-11-05 16:52 - 00042448 _____ C:\Users\John\Desktop\FRST.txt
    2016-11-05 16:49 - 2016-11-05 16:50 - 00000000 ____D C:\FRST
    2016-11-05 16:41 - 2016-11-05 16:41 - 00000207 _____ C:\Windows\tweaking.com-regbackup-JOHNDESKTOP-Windows-7-Home-Premium-(64-bit).dat
    2016-11-05 16:41 - 2016-11-05 16:41 - 00000000 ____D C:\RegBackup
    2016-11-05 16:40 - 2016-11-05 16:40 - 00002237 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2016-11-05 16:40 - 2016-11-05 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-11-05 16:40 - 2016-11-05 16:40 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2016-11-05 16:37 - 2016-11-05 16:41 - 00019558 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
    2016-11-05 16:36 - 2016-11-05 14:51 - 05658651 _____ (Swearware) C:\Users\John\Desktop\ComboFix.exe
    2016-11-05 16:36 - 2016-11-05 14:49 - 05198336 _____ (AVAST Software) C:\Users\John\Desktop\aswMBR.exe
    2016-11-05 16:35 - 2016-11-05 14:42 - 02409984 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
    2016-11-05 16:34 - 2016-11-05 14:39 - 05596528 _____ (Tweaking.com) C:\Users\John\Desktop\tweaking.com_registry_backup_setup.exe
    2016-11-04 01:22 - 2016-11-04 01:22 - 00002146 _____ C:\Users\Public\Desktop\Google Earth.lnk
    2016-11-04 01:22 - 2016-11-04 01:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2016-11-01 10:12 - 2016-11-01 10:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2016-10-29 08:25 - 2016-10-29 08:25 - 00000000 ___RD C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2016-10-28 07:54 - 2016-10-28 07:56 - 00000000 ____D C:\Users\John\Desktop\Elodie
    2016-10-27 00:55 - 2016-06-25 20:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2016-10-27 00:55 - 2016-06-25 20:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2016-10-27 00:55 - 2016-06-25 20:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
    2016-10-27 00:55 - 2016-06-25 20:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
    2016-10-27 00:55 - 2016-06-25 20:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
    2016-10-27 00:55 - 2016-06-25 15:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2016-10-27 00:55 - 2016-06-25 15:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
    2016-10-27 00:55 - 2016-06-25 15:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
    2016-10-27 00:55 - 2016-06-25 15:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
    2016-10-27 00:55 - 2016-06-25 15:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
    2016-10-26 15:19 - 2016-10-26 15:20 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-10-18 21:29 - 2016-09-30 16:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-10-18 21:29 - 2016-09-30 15:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-10-18 21:29 - 2016-09-30 11:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-10-18 21:29 - 2016-09-30 03:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-10-18 21:29 - 2016-09-30 02:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2016-10-18 21:29 - 2016-09-30 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2016-10-18 21:29 - 2016-09-30 02:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2016-10-18 21:29 - 2016-09-30 02:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-10-18 21:29 - 2016-09-30 02:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-10-18 21:29 - 2016-09-30 02:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2016-10-18 21:29 - 2016-09-30 02:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2016-10-18 21:29 - 2016-09-30 02:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2016-10-18 21:29 - 2016-09-30 02:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2016-10-18 21:29 - 2016-09-30 02:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2016-10-18 21:29 - 2016-09-30 02:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2016-10-18 21:29 - 2016-09-30 02:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2016-10-18 21:29 - 2016-09-30 02:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2016-10-18 21:29 - 2016-09-30 02:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-10-18 21:29 - 2016-09-30 02:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2016-10-18 21:29 - 2016-09-30 02:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-10-18 21:29 - 2016-09-30 02:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2016-10-18 21:29 - 2016-09-30 02:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2016-10-18 21:29 - 2016-09-30 01:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2016-10-18 21:29 - 2016-09-30 01:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2016-10-18 21:29 - 2016-09-30 01:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2016-10-18 21:29 - 2016-09-30 01:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2016-10-18 21:29 - 2016-09-30 01:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-10-18 21:29 - 2016-09-30 01:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-10-18 21:29 - 2016-09-30 01:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-10-18 21:29 - 2016-09-30 01:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2016-10-18 21:29 - 2016-09-30 01:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-10-18 21:29 - 2016-09-30 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2016-10-18 21:29 - 2016-09-30 01:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2016-10-18 21:29 - 2016-09-30 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2016-10-18 21:29 - 2016-09-30 01:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-10-18 21:29 - 2016-09-30 01:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2016-10-18 21:29 - 2016-09-30 01:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-10-18 21:29 - 2016-09-30 01:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2016-10-18 21:29 - 2016-09-30 01:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-10-18 21:29 - 2016-09-30 01:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2016-10-18 21:29 - 2016-09-30 01:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-10-18 21:29 - 2016-09-30 01:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-10-18 21:29 - 2016-09-30 01:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2016-10-18 21:29 - 2016-09-30 01:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2016-10-18 21:29 - 2016-09-30 01:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-10-18 21:29 - 2016-09-30 01:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2016-10-18 21:29 - 2016-09-30 01:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2016-10-18 21:29 - 2016-09-30 01:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-10-18 21:29 - 2016-09-30 01:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2016-10-18 21:29 - 2016-09-30 01:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2016-10-18 21:29 - 2016-09-30 01:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-10-18 21:29 - 2016-09-30 01:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2016-10-18 21:29 - 2016-09-30 01:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2016-10-18 21:29 - 2016-09-30 01:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-10-18 21:29 - 2016-09-30 01:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2016-10-18 21:29 - 2016-09-30 01:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-10-18 21:29 - 2016-09-30 01:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-10-18 21:29 - 2016-09-30 01:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-10-18 21:29 - 2016-09-30 01:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-10-18 21:29 - 2016-09-30 01:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2016-10-18 21:29 - 2016-09-30 01:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-10-18 21:29 - 2016-09-30 01:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-10-18 21:29 - 2016-09-30 00:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-10-18 21:29 - 2016-09-30 00:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-10-18 21:29 - 2016-09-30 00:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-10-18 21:29 - 2016-09-30 00:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-10-18 21:29 - 2016-08-12 13:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2016-10-18 21:29 - 2016-08-12 12:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2016-10-18 21:29 - 2016-06-14 13:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2016-10-18 21:28 - 2016-09-30 11:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2016-10-18 21:28 - 2016-09-30 11:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2016-10-18 21:28 - 2016-09-30 01:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2016-10-18 21:28 - 2016-09-15 11:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2016-10-18 21:28 - 2016-09-15 11:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
    2016-10-18 21:28 - 2016-09-15 11:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-10-18 21:28 - 2016-09-15 11:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
    2016-10-18 21:28 - 2016-09-12 17:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-10-18 21:28 - 2016-09-12 17:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-10-18 21:28 - 2016-09-12 17:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-10-18 21:28 - 2016-09-12 17:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-10-18 21:28 - 2016-09-12 16:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-10-18 21:28 - 2016-09-12 16:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-10-18 21:28 - 2016-09-12 16:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-10-18 21:28 - 2016-09-12 16:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-10-18 21:28 - 2016-09-12 16:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-10-18 21:28 - 2016-09-12 16:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-10-18 21:28 - 2016-09-12 16:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-10-18 21:28 - 2016-09-12 16:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-10-18 21:28 - 2016-09-12 16:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-10-18 21:28 - 2016-09-12 16:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-10-18 21:28 - 2016-09-12 16:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-10-18 21:28 - 2016-09-12 16:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
    2016-10-18 21:28 - 2016-09-12 16:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-10-18 21:28 - 2016-09-12 16:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-10-18 21:28 - 2016-09-12 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-10-18 21:28 - 2016-09-12 16:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-10-18 21:28 - 2016-09-12 16:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-10-18 21:28 - 2016-09-12 16:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-10-18 21:28 - 2016-09-12 16:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-10-18 21:28 - 2016-09-12 16:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-10-18 21:28 - 2016-09-12 16:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-10-18 21:28 - 2016-09-12 16:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-10-18 21:28 - 2016-09-12 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-10-18 21:28 - 2016-09-12 16:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-10-18 21:28 - 2016-09-12 15:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2016-10-18 21:28 - 2016-09-12 14:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2016-10-18 21:28 - 2016-09-12 14:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2016-10-18 21:28 - 2016-09-10 12:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
    2016-10-18 21:28 - 2016-09-10 11:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
    2016-10-18 21:28 - 2016-09-09 14:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-10-18 21:28 - 2016-09-09 14:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2016-10-18 21:28 - 2016-09-09 14:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 14:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-10-18 21:28 - 2016-09-09 14:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2016-10-18 21:28 - 2016-09-09 14:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-10-18 21:28 - 2016-09-09 14:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-10-18 21:28 - 2016-09-09 14:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2016-10-18 21:28 - 2016-09-09 13:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2016-10-18 21:28 - 2016-09-09 13:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2016-10-18 21:28 - 2016-09-09 13:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2016-10-18 21:28 - 2016-09-09 13:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-10-18 21:28 - 2016-09-09 13:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-10-18 21:28 - 2016-09-09 13:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2016-10-18 21:28 - 2016-09-09 13:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2016-10-18 21:28 - 2016-09-09 13:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2016-10-18 21:28 - 2016-09-09 13:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2016-10-18 21:28 - 2016-09-09 13:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-09 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-10-18 21:28 - 2016-09-08 16:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2016-10-18 21:28 - 2016-09-08 16:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2016-10-18 21:28 - 2016-09-08 16:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2016-10-18 21:28 - 2016-09-08 16:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2016-10-18 21:28 - 2016-09-08 10:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2016-10-18 21:28 - 2016-09-08 10:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
    2016-10-18 21:28 - 2016-08-12 13:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2016-10-18 21:28 - 2016-08-12 13:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2016-10-18 21:28 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2016-10-18 21:28 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2016-10-18 21:28 - 2016-08-12 12:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2016-10-18 21:28 - 2016-08-12 12:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2016-10-18 21:28 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2016-10-18 21:28 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2016-10-18 21:28 - 2016-08-12 12:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
    2016-10-18 21:28 - 2016-08-06 11:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2016-10-18 21:28 - 2016-08-06 11:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2016-10-18 21:28 - 2016-08-06 11:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2016-10-18 21:28 - 2016-08-06 11:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2016-10-18 21:28 - 2016-08-06 11:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
    2016-10-18 21:28 - 2016-08-06 11:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
    2016-10-18 21:28 - 2016-08-06 11:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2016-10-18 21:28 - 2016-08-06 11:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2016-10-18 21:28 - 2016-08-06 11:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2016-10-18 21:28 - 2016-08-06 11:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2016-10-18 21:28 - 2016-08-06 11:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
    2016-10-18 21:28 - 2016-08-06 11:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2016-10-18 21:28 - 2016-08-06 11:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
    2016-10-18 21:28 - 2016-08-06 10:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2016-10-18 21:28 - 2016-08-06 10:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
    2016-10-18 21:28 - 2016-08-06 10:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
    2016-10-18 21:28 - 2016-06-14 13:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2016-10-18 21:28 - 2016-06-14 13:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2016-10-18 21:28 - 2016-06-14 13:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2016-10-18 21:28 - 2016-06-14 13:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2016-10-18 21:28 - 2016-06-14 11:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2016-10-18 21:28 - 2016-06-14 11:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2016-10-18 21:28 - 2016-06-14 11:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2016-10-18 21:28 - 2016-06-14 11:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2016-10-18 21:28 - 2016-06-14 11:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2016-10-18 21:28 - 2016-06-14 11:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2016-10-18 21:28 - 2016-06-14 11:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2016-10-18 21:28 - 2016-06-14 11:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2016-10-18 21:28 - 2016-06-14 11:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2016-10-18 21:25 - 2016-09-12 17:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-10-18 21:25 - 2016-09-12 17:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-10-18 21:25 - 2016-09-09 11:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-10-18 21:25 - 2016-09-09 11:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-10-18 21:25 - 2016-09-09 11:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-10-18 21:25 - 2016-09-09 11:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-10-18 21:25 - 2016-09-09 11:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2016-10-18 21:25 - 2016-09-09 11:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2016-10-18 21:25 - 2016-09-09 11:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-10-18 21:25 - 2016-08-29 11:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-10-18 21:25 - 2016-08-29 11:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-10-18 21:25 - 2016-08-29 11:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2016-10-18 21:25 - 2016-08-29 11:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2016-10-18 21:25 - 2016-08-29 11:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-10-18 21:25 - 2016-08-29 11:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2016-10-18 21:25 - 2016-08-29 11:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2016-10-18 21:25 - 2016-08-29 10:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2016-10-18 21:25 - 2016-08-16 16:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2016-10-18 21:25 - 2016-08-16 16:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2016-10-18 21:25 - 2016-08-16 16:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2016-10-18 21:25 - 2016-08-16 16:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2016-10-18 21:25 - 2016-08-16 16:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2016-10-18 21:25 - 2016-08-16 16:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2016-10-18 21:25 - 2016-08-16 16:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2016-10-13 09:16 - 2016-10-13 09:16 - 00000211 _____ C:\Users\John\Desktop\12 Green Plastic Hanging Pot w-Wire Hanger 25 count.url
    2016-10-12 20:02 - 2016-10-12 20:02 - 00000275 _____ C:\Users\John\Desktop\Charlotte Chapter Golden State Warriors at Charlotte Hornets - Alumni Community - Davidson College.url
    2016-10-12 19:09 - 2016-10-12 19:09 - 00000276 _____ C:\Users\John\Desktop\Grandma's Gift - The Washington Post.url
    2016-10-11 13:31 - 2016-10-11 13:31 - 00004608 _____ C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2016-10-10 23:40 - 2016-10-10 23:40 - 00000426 _____ C:\Users\John\Desktop\Give Thanks for Wildlife Tickets, Sat, Nov 19, 2016 at 630 PM Eventbrite.url

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-05 16:36 - 2015-06-28 22:21 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-211488708-3525939622-1550682978-1000UA.job
    2016-11-05 16:36 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-11-05 16:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
    2016-11-05 16:35 - 2012-11-13 00:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-11-05 16:13 - 2012-10-27 15:47 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-11-05 16:01 - 2012-09-18 14:51 - 00003498 _____ C:\Windows\mozy.flt
    2016-11-05 16:01 - 2012-09-18 14:51 - 00003036 _____ C:\Windows\mozy.blk
    2016-11-05 15:57 - 2013-11-22 00:15 - 00000000 ____D C:\Users\John\AppData\Local\mozysync
    2016-11-05 13:06 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-11-05 13:06 - 2009-07-14 00:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-11-05 01:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-11-04 23:37 - 2014-01-30 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2016-11-04 23:36 - 2015-06-28 22:21 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-211488708-3525939622-1550682978-1000Core.job
    2016-11-04 23:31 - 2015-06-28 22:21 - 00003882 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-211488708-3525939622-1550682978-1000UA
    2016-11-04 23:31 - 2015-06-28 22:21 - 00003486 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-211488708-3525939622-1550682978-1000Core
    2016-11-04 23:30 - 2012-10-27 15:47 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-11-04 01:22 - 2012-10-27 15:47 - 00000000 ____D C:\Program Files (x86)\Google
    2016-11-03 02:44 - 2012-10-27 15:49 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-11-03 02:44 - 2012-10-27 15:49 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-11-01 10:12 - 2015-11-16 23:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2016-11-01 10:12 - 2014-04-19 13:16 - 00001966 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2016-11-01 10:11 - 2012-11-05 01:05 - 00000000 ___RD C:\Users\John\Dropbox
    2016-10-30 09:00 - 2012-11-12 23:55 - 00000000 ____D C:\Users\John\AppData\Local\ElevatedDiagnostics
    2016-10-29 08:27 - 2012-10-16 21:02 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
    2016-10-29 08:25 - 2014-01-30 13:03 - 00000000 __RSD C:\Users\John\Documents\McAfee Vaults
    2016-10-29 08:24 - 2012-10-16 21:14 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
    2016-10-29 08:24 - 2012-10-16 21:14 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
    2016-10-29 08:23 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-10-28 19:49 - 2009-07-14 01:08 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2016-10-27 02:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
    2016-10-26 18:33 - 2009-07-14 00:45 - 00543192 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-10-26 18:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2016-10-26 18:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
    2016-10-26 18:30 - 2014-12-10 06:43 - 00000000 ____D C:\Windows\system32\appraiser
    2016-10-26 18:30 - 2014-04-23 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
    2016-10-26 18:28 - 2013-03-13 01:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2016-10-26 18:28 - 2013-03-13 01:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2016-10-26 16:15 - 2013-08-14 03:34 - 00000000 ____D C:\Windows\system32\MRT
    2016-10-26 16:11 - 2012-12-01 01:30 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-10-26 16:08 - 2013-03-13 01:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2016-10-26 15:20 - 2012-11-05 00:56 - 00000000 ____D C:\Users\John\AppData\Roaming\Dropbox
    2016-10-26 07:57 - 2014-05-19 13:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-10-25 01:38 - 2014-01-30 13:03 - 00000000 ____D C:\Program Files (x86)\McAfee
    2016-10-23 22:29 - 2015-06-29 00:10 - 00003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
    2016-10-19 07:50 - 2012-10-27 15:42 - 00000000 ____D C:\ProgramData\TEMP
    2016-10-13 09:35 - 2012-11-13 00:28 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-10-13 09:35 - 2012-11-13 00:28 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-10-13 09:35 - 2012-11-13 00:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-10-13 09:35 - 2012-10-16 20:44 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-10-13 09:35 - 2012-10-16 20:44 - 00000000 ____D C:\Windows\system32\Macromed
    2016-10-11 11:38 - 2014-07-13 14:24 - 00000000 ____D C:\Users\John\Desktop\Cooking and Dining
    2016-10-10 18:49 - 2012-10-27 00:25 - 00000000 ____D C:\Users\John
    2016-10-08 16:55 - 2012-11-06 22:16 - 00000000 ____D C:\Users\John\AppData\Local\CrashDumps
    2016-10-07 23:26 - 2012-12-22 17:33 - 00000000 ____D C:\Users\John\AppData\Local\Citrix

    ==================== Files in the root of some directories =======

    2013-08-03 18:39 - 2013-08-03 18:39 - 0000000 _____ () C:\Users\John\AppData\Roaming\SharedSettings.ccs
    2016-10-11 13:31 - 2016-10-11 13:31 - 0004608 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-02-17 21:54 - 2013-03-26 22:43 - 0002217 _____ () C:\ProgramData\hpzinstall.log

    Files to move or delete:
    ====================
    C:\Users\Public\Tempmozy-autoupdate-8262dfa079e3ea66519693899238bbfb.exe
    C:\Users\Public\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe
    C:\Users\Public\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe
    C:\Users\Public\Tempmozy-autoupdate-c0261ff8012aad585d55140a9b6ddcb9.exe
    C:\Users\Public\Tempmozy-autoupdate-fd378831154aecd3ff93f99a8cbdcdea.exe
    C:\Users\Public\Tempmozy-manualupdate-4a89cedd164c5f5e19189bfd5deb26c7.exe
    C:\Users\Public\Tempmozy-manualupdate-4ff83994dfb32374e99fb2987f4e5700.exe
    C:\Users\Public\Tempmozy-manualupdate-5ab4a737bec6be5a44cdd634ea82d76b.exe
    C:\Users\Public\Tempmozy-manualupdate-b2dc44eb185732ade88416784fadbd67.exe
    C:\Users\Public\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe
    C:\Users\Public\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe


    Some files in TEMP:
    ====================
    C:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpljkj9h.dll
    C:\Users\John\AppData\Local\Temp\HPInstaller.exe
    C:\Users\John\AppData\Local\Temp\lowproc.exe
    C:\Users\John\AppData\Local\Temp\mozy-sync-1_3_0_4057-62459.exe
    C:\Users\John\AppData\Local\Temp\mozy-sync-1_3_1_4068-63621.exe
    C:\Users\John\AppData\Local\Temp\mozy-sync_1.2.0.4028.exe
    C:\Users\John\AppData\Local\Temp\mozy-sync_1.2.1.4039.exe
    C:\Users\John\AppData\Local\Temp\ose00000.exe
    C:\Users\John\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    C:\Users\John\AppData\Local\Temp\stubhelper.dll
    C:\Users\John\AppData\Local\Temp\_isDE83.exe
    C:\Users\John\AppData\Local\Temp\_isEAB4.exe
    C:\Users\John\AppData\Local\Temp\{FED90B67-82A4-4ADC-B34B-EEE0F6290AD4}-54.0.2840.71_chrome_installer.exe


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-11-04 00:40

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
    Ran by John (05-11-2016 16:52:43)
    Running from C:\Users\John\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2012-10-27 04:25:08)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-211488708-3525939622-1550682978-500 - Administrator - Disabled)
    Guest (S-1-5-21-211488708-3525939622-1550682978-501 - Limited - Disabled)
    John (S-1-5-21-211488708-3525939622-1550682978-1000 - Administrator - Enabled) => C:\Users\John

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
    ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
    Adobe Connect 9 Add-in (HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\Adobe Connect 9 Add-in) (Version: 11,9,972,8 - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
    Amazon Cloud Drive (HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\23ab716f18849b6f) (Version: 2.1.2013.1340 - Amazon)
    AMD Catalyst Install Manager (HKLM\...\{0E262CBA-A8C6-3BE1-A812-D7490B4F2B09}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
    ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.27 - ArcSoft)
    Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.115 - Atheros)
    Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
    C771 USB Driver V1.0.11.0 (HKLM-x32\...\{FC8BC9C6-7A6F-475E-848B-3FC3CA0BFE19}) (Version: 1.0.11.0 - CASIO)
    CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.4.1000.16 - Citrix Systems, Inc.)
    Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation)
    Corel PaintShop Pro X4 (x32 Version: 14.3.0.3 - Corel Corporation) Hidden
    Coupon Companion Plugin (HKLM-x32\...\Coupon Companion Plugin) (Version: 1.26.152.152 - 215 Apps) <==== ATTENTION
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    D7500 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
    Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
    Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
    Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
    Dell Digital Delivery (HKLM-x32\...\{F91BF1B5-4213-440C-8539-C6EB2F1D1734}) (Version: 2.2.4000.0 - Dell Products, LP)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
    Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
    DesignPro 5 (HKLM-x32\...\InstallShield_{C8F04EF6-C4DB-4D86-8D86-32E7DBDA8595}) (Version: 5.5.708 - Avery Dennison)
    DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
    Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
    Document Capture Pro (HKLM-x32\...\{B4A3C072-87AF-4937-880D-3D7997111C0D}) (Version: 1.01.0000 - Seiko Epson Corporation)
    Dropbox (HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\Dropbox) (Version: 13.4.21 - Dropbox, Inc.)
    eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
    Elevated Installer (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
    Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
    Epson Event Manager (HKLM-x32\...\{148C8BF9-E1B4-445D-AC67-2CABAE63949A}) (Version: 3.01.0009 - Seiko Epson Corporation)
    EPSON Perfection V370 Photo Scanner Driver Update version 3.0.2.0 (HKLM-x32\...\ScannerDriverUpdateEPSON Perfection V370 Photo_is1) (Version: 3.0.2.0 - Epson America Inc.)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Garmin Express (HKLM-x32\...\{5b45c228-dcb1-4a0b-a9de-3b4b683ef15d}) (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries)
    Garmin Express (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
    Garmin Express Tray (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.87 - Google Inc.)
    Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    G'zOne Commando 4G LTE USB Driver (HKLM-x32\...\{99E1CC2D-EB4F-498B-B6ED-492654677E7E}) (Version: 5.30.17.1 - NEC CASIO Mobile Communications, Ltd.)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Photosmart D7500 Printer Driver Software 13.0 Rel. 4 (HKLM\...\{2F478590-A2A6-43E3-A567-A89A5F38AAC4}) (Version: 13.0 - HP)
    HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
    HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    ICA (x32 Version: 14.0.0.332 - Corel Corporation) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
    Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
    IPM_PSP_COM (x32 Version: 14.0.0.332 - Corel Corporation) Hidden
    iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
    Java 7 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217011FF}) (Version: 7.0.110 - Oracle)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
    Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.427.2 - McAfee, Inc.)
    McAfee Total Protection (HKLM-x32\...\MSC) (Version: 15.0.166 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.279 - McAfee, Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
    Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
    Mozy Sync (HKLM\...\{95DB05B2-371B-3957-A65A-7CD9433701AD}) (Version: 1.3.1.4068 - Mozy, Inc.)
    MozyHome (HKLM\...\{81D29D4E-9658-BB63-D879-E6A625C01364}) (Version: 2.28.2.432 - Mozy, Inc.)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
    Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
    Online Plug-in (x32 Version: 14.4.1000.16 - Citrix Systems, Inc.) Hidden
    PS_SF_04_D7500_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
    PSPPContent (x32 Version: 14.0.0.332 - Corel Corporation) Hidden
    PSPPHelp (x32 Version: 14.0.0.332 - Corel Corporation) Hidden
    PSPPro64 (Version: 14.0.0.332 - Corel Corporation) Hidden
    QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
    RealDownloader (x32 Version: 18.1.0.1233 - RealNetworks, Inc.) Hidden
    RealDownloader (x32 Version: 18.1.4.144 - RealNetworks) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.)
    RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.0 - RealNetworks)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Self-service Plug-in (x32 Version: 4.4.1000.13058 - Citrix Systems, Inc.) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Setup (x32 Version: 14.0.0.332 - Corel Corporation) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
    SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
    Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.2 - Tweaking.com)
    UE BOOM Update Assistant (HKLM-x32\...\{8D9BD07C-C098-4BC9-A83B-2CE454A2776C}) (Version: 1.4.57 - Logitech, Inc.)
    UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
    UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
    Video Downloader (x32 Version: 1.2.0 - RealNetworks) Hidden
    VZ_UpgradeMonitorTool (HKLM-x32\...\{C601F8DA-88F1-4380-A431-43072E095C95}) (Version: 1.3.1 - NEC CASIO Mobile Communications, Ltd.)
    VZ_UpgradeTool (HKLM-x32\...\{F7086669-0FA1-4834-9C9C-978AC16848CD}) (Version: 1.3.0 - NEC CASIO Mobile Communications, Ltd.)
    VZ-TL-PC (HKLM-x32\...\{9A25A804-4303-4787-B2DE-99AD745B1CBB}) (Version: 1.1.6 - NEC CASIO Mobile Communications, Ltd.)
    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
    Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
    Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-211488708-3525939622-1550682978-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-211488708-3525939622-1550682978-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-211488708-3525939622-1550682978-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-211488708-3525939622-1550682978-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-211488708-3525939622-1550682978-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-211488708-3525939622-1550682978-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-211488708-3525939622-1550682978-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-211488708-3525939622-1550682978-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-211488708-3525939622-1550682978-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-211488708-3525939622-1550682978-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-211488708-3525939622-1550682978-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-211488708-3525939622-1550682978-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-211488708-3525939622-1550682978-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0BF8E4F5-24AF-46F8-9803-2FAA75D443B6} - System32\Tasks\{D3CAD5B2-3C2E-4601-AFBA-27A4FA2DBA63} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2016-03-10] (Malwarebytes)
    Task: {0CFD4DF7-3D36-435B-B493-E61B008F4DA4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
    Task: {18BEDE3E-626D-4EC6-8684-D0049D33D35C} - \Updater21804.exe -> No File <==== ATTENTION
    Task: {1A3D6C0B-040D-4325-B8BB-C4DD1D38138E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-211488708-3525939622-1550682978-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-09-16] (RealNetworks, Inc.)
    Task: {23D1C0E2-D8A3-4395-907B-691843D48BE1} - System32\Tasks\{BC70EC75-4F38-426E-B29C-4B78B6EB45E6} => C:\Program Files (x86)\iTunes\iTunes.exe
    Task: {2A6255E7-CC76-44E7-AE33-67C2762BEA00} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {3BFFD789-7E52-4102-A6CF-89C7F908F028} - System32\Tasks\{42C676A7-24C2-47F4-9998-A2561BB3FAFF} => C:\Program Files (x86)\iTunes\iTunes.exe
    Task: {41B83F1B-D962-43B2-BD73-1D2DBE53C19C} - System32\Tasks\{2A71FE5B-8DD6-4733-9F75-CDF232BD94F8} => pcalua.exe -a D:\Setup.exe -d D:\
    Task: {513292AA-5EC0-45E7-BEA3-806C5CB80121} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
    Task: {61C4D42A-0443-453F-894E-A108D113A68F} - System32\Tasks\McAfee\McAfee Idle Detection Task
    Task: {6DF9F0B8-96E6-49F3-902B-1A19506EA2BA} - System32\Tasks\{07078906-EB68-4CAF-B686-8FFAA663B339} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2016-03-10] (Malwarebytes)
    Task: {71FEBFD9-949C-4C98-A3A3-66C0F07923D3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-211488708-3525939622-1550682978-1000UA => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
    Task: {72E3959C-BA3A-415D-8EAA-2187D486FAD9} - System32\Tasks\{8D36E390-8650-43D5-8484-24A2828DD1E8} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2016-03-10] (Malwarebytes)
    Task: {74E33F28-CB85-4963-83C5-9EA841390F7D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {783E748D-EBFF-4B99-A658-2B73E07A379E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-211488708-3525939622-1550682978-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-09-16] (RealNetworks, Inc.)
    Task: {8F91EC81-83A6-4096-ABAE-DA654E6E086F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-13] (Adobe Systems Incorporated)
    Task: {94DC0845-A429-4D4B-9047-13F0291DFA90} - System32\Tasks\{0D99EF29-30A3-4B60-92DB-71861F3A547F} => C:\Program Files (x86)\iTunes\iTunes.exe
    Task: {A0F87E21-2AFC-4B08-BA55-FF1C2D92C164} - System32\Tasks\{16D9B9CA-1EA9-4EDD-8EEB-C49E08245E4B} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2016-03-10] (Malwarebytes)
    Task: {AD9A4BBF-37CD-4B72-A365-35CE89B28681} - System32\Tasks\{CC702A7F-3063-4FCA-8D27-EEF64F0BBD0D} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2016-03-10] (Malwarebytes)
    Task: {BBDA9583-85D4-476C-9417-AA9EBAFC3D6F} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [2016-07-07] (McAfee, Inc.)
    Task: {C903FEF8-ED51-4AB7-BC0A-4B6B2315FB13} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-08-31] ()
    Task: {CF659115-61AF-4C80-9640-1E7773DDB6EE} - System32\Tasks\{02D41DFB-91B8-4C8C-9F09-D160384283E7} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2016-03-10] (Malwarebytes)
    Task: {E11E8FF9-D6D1-4582-B885-DA0C0ABF0591} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {EEC79726-FA54-4217-9B35-F33E65B9B435} - System32\Tasks\{90795D08-63CA-4F39-BFCD-B272D7E0D964} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2016-03-10] (Malwarebytes)
    Task: {EF74137D-101C-4D2A-9906-1DF1C3E88EDD} - System32\Tasks\{C318582C-DAE8-4B64-91DB-223DF4607BEE} => C:\Program Files (x86)\iTunes\iTunes.exe
    Task: {FF02B167-9254-45A8-AE74-BAF872FD0EFB} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-07-05] ()
    Task: {FF073C0C-3A3D-4DA4-8443-B7C398FAACD2} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-211488708-3525939622-1550682978-1000Core => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
    Task: {FF1B5303-3C73-44FA-BCD8-95B7F3C3FF8E} - System32\Tasks\{5B81B277-6E64-4FF8-9D6A-8B44ABE77B80} => C:\Program Files (x86)\iTunes\iTunes.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-211488708-3525939622-1550682978-1000Core.job => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-211488708-3525939622-1550682978-1000UA.job => C:\Users\John\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
    Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-13 06:45 - 2015-10-13 06:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-09-16 18:26 - 2015-09-16 18:26 - 00033088 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2012-10-16 21:02 - 2012-01-26 22:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    2011-10-25 22:29 - 2011-10-25 22:29 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2011-11-09 10:55 - 2011-11-09 10:55 - 00016384 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2016-07-05 18:18 - 2016-07-05 18:18 - 00714992 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
    2015-09-16 18:26 - 2015-09-16 18:26 - 00037720 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
    2015-09-16 18:26 - 2015-09-16 18:26 - 00039768 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
    2015-09-16 18:26 - 2015-09-16 18:26 - 00037728 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
    2015-10-07 01:09 - 2015-10-07 01:09 - 00022312 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\mediautil.dll
    2015-10-07 01:09 - 2015-10-07 01:09 - 01520936 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\avformat-55.dll
    2015-10-07 01:09 - 2015-10-07 01:09 - 04274984 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\avcodec-55.dll
    2015-10-07 01:09 - 2015-10-07 01:09 - 00322856 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\avutil-52.dll
    2016-09-20 07:49 - 2016-10-10 14:19 - 00035792 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
    2016-10-26 15:19 - 2016-10-10 14:19 - 00145864 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\pyexpat.pyd
    2016-10-26 15:19 - 2016-10-10 14:19 - 00019408 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\faulthandler.pyd
    2016-10-26 15:19 - 2016-10-10 14:19 - 00116688 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\pywintypes27.dll
    2016-09-20 07:49 - 2016-10-10 14:19 - 00100296 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\_ctypes.pyd
    2016-09-20 07:49 - 2016-10-10 14:19 - 00018888 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\select.pyd
    2016-09-20 07:49 - 2016-10-24 09:16 - 00019760 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
    2016-09-20 07:49 - 2016-10-10 14:19 - 00694224 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\unicodedata.pyd
    2016-10-26 15:19 - 2016-10-24 09:15 - 00020816 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
    2016-09-20 07:49 - 2016-10-10 14:20 - 00123856 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
    2016-10-26 15:19 - 2016-10-24 09:15 - 01682760 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
    2016-10-26 15:19 - 2016-10-24 09:15 - 00020808 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
    2016-09-20 07:49 - 2016-10-10 14:21 - 00105928 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32api.pyd
    2016-09-20 07:49 - 2016-10-24 09:16 - 00021312 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
    2016-10-26 15:19 - 2016-10-24 09:15 - 00052024 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
    2016-10-26 15:19 - 2016-10-24 09:15 - 00038696 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\fastpath.pyd
    2016-10-26 15:19 - 2016-10-10 14:19 - 00392144 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\pythoncom27.dll
    2016-10-26 15:19 - 2016-10-10 14:21 - 00020936 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\mmapfile.pyd
    2016-09-20 07:49 - 2016-10-10 14:21 - 00024528 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32event.pyd
    2016-09-20 07:49 - 2016-10-10 14:21 - 00116176 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32security.pyd
    2016-09-20 07:49 - 2016-10-24 09:16 - 00381752 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
    2016-09-20 07:49 - 2016-10-10 14:21 - 00124880 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32file.pyd
    2016-09-20 07:49 - 2016-10-24 09:16 - 00025424 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
    2016-09-20 07:49 - 2016-10-10 14:21 - 00024016 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
    2016-09-20 07:49 - 2016-10-10 14:21 - 00175560 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32gui.pyd
    2016-09-20 07:49 - 2016-10-10 14:21 - 00030160 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32pipe.pyd
    2016-09-20 07:49 - 2016-10-10 14:21 - 00043472 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32process.pyd
    2016-09-20 07:49 - 2016-10-10 14:21 - 00048592 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32service.pyd
    2016-09-20 07:49 - 2016-10-10 14:21 - 00057808 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
    2016-09-20 07:49 - 2016-10-10 14:21 - 00024016 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32profile.pyd
    2016-10-26 15:19 - 2016-10-24 09:15 - 00246592 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
    2016-10-26 15:19 - 2016-10-24 09:15 - 00026456 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
    2016-09-20 07:49 - 2016-10-10 14:20 - 00241104 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
    2016-10-26 15:19 - 2016-10-24 09:15 - 00020280 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
    2016-09-20 07:49 - 2016-10-10 14:21 - 00028616 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32ts.pyd
    2016-09-20 07:49 - 2016-10-24 09:16 - 00023376 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
    2016-09-20 07:49 - 2016-10-24 09:16 - 00020800 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
    2016-09-20 07:49 - 2016-10-24 09:16 - 00019776 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
    2016-09-20 07:49 - 2016-10-24 09:16 - 00020800 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
    2016-09-20 07:49 - 2016-10-10 14:21 - 00350152 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\winxpgui.pyd
    2016-09-20 07:49 - 2016-10-24 09:16 - 00022352 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
    2016-10-26 15:19 - 2016-10-24 09:15 - 00024392 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
    2016-10-26 15:19 - 2016-10-10 14:17 - 00036296 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\librsync.dll
    2016-10-26 15:19 - 2016-10-24 09:15 - 00084280 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
    2016-10-26 15:19 - 2016-10-24 09:15 - 01826096 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
    2016-09-20 07:49 - 2016-10-10 14:19 - 00083912 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\sip.pyd
    2016-10-26 15:19 - 2016-10-24 09:16 - 00531248 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
    2016-10-26 15:19 - 2016-10-24 09:16 - 03928880 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
    2016-10-26 15:19 - 2016-10-24 09:15 - 01972528 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
    2016-10-26 15:19 - 2016-10-24 09:16 - 00133424 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
    2016-10-26 15:19 - 2016-10-24 09:16 - 00224056 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
    2016-10-26 15:19 - 2016-10-24 09:16 - 00207672 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
    2016-09-20 07:49 - 2016-10-24 09:16 - 00020288 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
    2016-10-26 15:19 - 2016-10-10 14:24 - 00017864 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\libEGL.dll
    2016-10-26 15:19 - 2016-10-10 14:24 - 01631184 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2016-09-20 07:49 - 2016-10-10 14:21 - 00060880 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\win32print.pyd
    2016-09-20 07:49 - 2016-10-24 09:16 - 00024904 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
    2016-10-26 15:19 - 2016-10-24 09:16 - 00546096 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
    2016-10-26 15:19 - 2016-10-24 09:16 - 00357680 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
    2016-10-26 15:19 - 2016-10-24 09:16 - 00042808 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
    2016-10-26 15:19 - 2016-10-24 09:16 - 00168760 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
    2016-09-20 07:49 - 2016-10-10 14:25 - 00697304 _____ () C:\Users\John\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
    2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
    2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
    2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
    2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
    2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
    2016-05-12 03:44 - 2016-05-12 03:44 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9494e643d25019b25b5cf70f2ffc0778\IsdiInterop.ni.dll
    2012-10-16 20:54 - 2012-02-01 17:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2012-10-16 20:57 - 2012-01-21 07:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2013-10-24 14:54 - 2016-11-01 10:11 - 00046080 _____ () C:\Users\John\AppData\Local\Apps\2.0\P7MB5E8M.6KY\GLE0X4JV.KKE\amaz..tion_f2fa081ea2183235_0002.0001_cb34a912a946f839\NativeOperations.dll
    2013-10-24 14:54 - 2013-10-24 14:54 - 00541696 _____ () C:\Users\John\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    2016-07-05 18:13 - 2016-07-05 18:13 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
    2015-10-07 01:09 - 2015-10-07 01:09 - 00653096 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll
    2016-07-05 18:18 - 2016-07-05 18:18 - 00077552 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\secunia.com -> hxxps://psi.secunia.com
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\...\1-se.com -> 1-se.com

    There are 9663 more sites.


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2016-11-01 10:12 - 00000871 ____A C:\Windows\system32\Drivers\etc\hosts


    0.0.0.1 mssplus.mcafee.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-211488708-3525939622-1550682978-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 209.18.47.61 - 209.18.47.62
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{614A4948-7F4F-40A2-A5CB-D6F8B7FAAFB0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{A81972E9-ACD7-4C4F-B975-3E5929D34FD9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{64E77E20-06DD-4342-B983-97FFF39DF9F7}] => (Allow) LPort=2869
    FirewallRules: [{8E1A772C-2115-4FF0-AA40-6FF7D3CA02FC}] => (Allow) LPort=1900
    FirewallRules: [{A9EB3F93-217B-49FE-9415-FADE3857C0D9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{4ED5AC8A-0612-4D48-85F3-1B1C5B0A23B1}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{94FAFA68-4C57-4226-9739-456E62C89113}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{B258A0B6-3EED-4802-A305-31228FAA848C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{51923CED-B27A-4F2C-8444-5E44823D563B}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{4370F326-176B-4F8C-B473-91F52E63AAD8}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
    FirewallRules: [{A3F78B16-ED70-482B-B513-E9FA8F3ACE78}] => (Allow) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{FDD084D5-8CC3-452F-981A-90FA94DEBB9D}] => (Allow) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{5BC71E6D-01BD-41FB-B905-CA207F528F1C}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS15A2\hppiw.exe
    FirewallRules: [{8A6564D4-F5EE-45DB-9158-809B2AC306B9}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS15A2\hppiw.exe
    FirewallRules: [{8B10DB30-FD51-4864-A6B4-E1F286BC6A2C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{15E84B8C-379D-4467-BD13-D5F4917DB619}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{9D7FECF8-BCD7-402B-8E00-518AC276FAA1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{9063100D-C9F1-4DC7-8DB8-F019AD2DBE76}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{16E92756-033F-431C-B4CC-92A3A638C206}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{90F40FFC-09EC-44E9-AA37-04FC3E8AF51B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
    FirewallRules: [{A9E8467F-4B9C-4F76-876C-65CE94BFC75B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{D7FC69CE-6EB2-4427-9444-E9210CF20AAD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{F8398C6B-3C98-494F-A557-4AAB8E3154F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{5284D75B-82CD-4968-AB4E-F8A6AF36CDC8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{94CFE77A-8AC9-4BA0-9550-69FE6D16354D}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{35643D50-8527-407E-A0FE-0CDC33164482}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
    FirewallRules: [{1197912B-488B-47CE-A38D-9235CED6C8FA}] => (Allow) C:\Program Files (x86)\Iminent\Iminent.exe
    FirewallRules: [TCP Query User{A1444DE9-CACF-4FF9-B780-DD5AE36F6B78}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{6A20397B-D6DC-4A84-9E89-352DDCA2B857}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [TCP Query User{05E35BA6-21F4-47D7-ADC4-E6B328F52305}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{AFCF4817-FC31-43B2-9C75-ADD8B65D937E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [{4298B2DD-F988-476D-84F7-1432C952C752}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{33A129A1-9063-4FF8-B20E-30506CDCF7AB}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [TCP Query User{FAF48A1D-E5F2-4D70-80B8-665AFC9F232D}C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{96488E3D-D0FB-4470-BB3D-CDC9D004C726}C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\john\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{4BB9EB68-FD41-4D27-9623-879872AE74FC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{F9386172-77B4-4054-8A86-FFAB2CA4675A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{93982737-F9EE-472B-8CA5-6D13DA0220CF}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    FirewallRules: [{81523421-D1CD-419D-AC9C-9289E9820096}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{C3F63C04-C213-4362-A6C4-5C5CB3A50B05}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{AC7BC0D5-37A8-4FB0-96D3-3441716FFC3B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{29F3146E-CBDA-4A87-8A37-D5B1FBE84AFE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{6E2D2774-5D6D-458A-8D6C-DB625FAAE7A8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{BE57FCBD-FE25-4252-A5AB-1E8AE68900A6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    28-10-2016 19:47:09 Windows Update
    05-11-2016 01:31:44 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name: Officejet 7610 series
    Description: Officejet 7610 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/30/2016 02:07:58 AM) (Source: Software Protection Platform Service) (EventID: 8208) (User: )
    Description: Acquisition of genuine ticket failed (hr=0x80072EE7) for template Id 66c92734-d682-4d71-983e-d6ec3f16059f

    Error: (10/30/2016 02:07:58 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
    Description: License acquisition failure details.
    hr=0x80072EE7

    Error: (10/29/2016 08:25:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (10/29/2016 08:24:13 AM) (Source: RealPlayerUpdateSvc) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (10/29/2016 08:24:13 AM) (Source: RealPlayerUpdateSvc) (EventID: 0) (User: )
    Description: Event-ID 0

    Error: (10/28/2016 07:49:55 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
    Faulting module name: wuaueng.dll, version: 7.6.7601.23453, time stamp: 0x57364d3a
    Exception code: 0xc0000005
    Fault offset: 0x00000000001583f7
    Faulting process id: 0x478
    Faulting application start time: 0x01d22fd907d5e800
    Faulting application path: C:\Windows\system32\svchost.exe
    Faulting module path: c:\windows\system32\wuaueng.dll
    Report Id: 39874f3c-9d69-11e6-91bb-689423274ca4

    Error: (10/28/2016 07:49:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: 228: ERROR: read_msg errno 0 (The operation completed successfully.)

    Error: (10/28/2016 07:49:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: ERROR: mDNSPlatformReadTCP - recv: 10053

    Error: (10/28/2016 07:48:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: 504: ERROR: read_msg errno 0 (The operation completed successfully.)

    Error: (10/28/2016 07:48:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: ERROR: mDNSPlatformReadTCP - recv: 10053


    System errors:
    =============
    Error: (10/29/2016 08:28:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (10/29/2016 08:25:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
    {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
    and APPID
    {344ED43D-D086-4961-86A6-1106F4ACAD9B}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    Error: (10/29/2016 08:24:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Garmin Device Interaction Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (10/29/2016 08:24:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.

    Error: (10/28/2016 07:49:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (10/28/2016 07:49:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (10/28/2016 07:49:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (10/28/2016 07:49:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (10/28/2016 07:49:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (10/28/2016 07:49:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
    Date: 2013-08-03 23:17:19.197
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-08-03 23:17:19.197
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2013-08-03 23:17:19.197
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2012-12-13 08:03:55.194
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2012-12-13 08:03:55.194
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

    Date: 2012-12-13 08:03:55.194
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
    Percentage of memory in use: 22%
    Total physical RAM: 12248.95 MB
    Available physical RAM: 9539.44 MB
    Total Virtual: 24496.07 MB
    Available Virtual: 20215.74 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:668.82 GB) NTFS
    Drive j: () (Removable) (Total:7.45 GB) (Free:3.21 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: EF0E2696)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=12.3 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 5 (Size: 7.5 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2016-11-05 17:21:19
    -----------------------------
    17:21:19.469 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:21:19.469 Number of processors: 8 586 0x3A09
    17:21:19.469 ComputerName: JOHNDESKTOP UserName: John
    17:21:28.377 Initialize success
    17:21:28.470 VM: initialized successfully
    17:21:28.470 VM: Intel CPU supported
    17:21:35.011 VM: supported disk I/O iaStor.sys
    17:21:58.001 AVAST engine download error: 0
    17:21:58.001 AVAST engine defs: 13080400
    17:22:06.456 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    17:22:06.456 Disk 0 Vendor: ST310005 JC4A Size: 953869MB BusType: 3
    17:22:06.737 VM: Disk 0 MBR read successfully
    17:22:06.737 Disk 0 MBR scan
    17:22:06.753 Disk 0 Windows VISTA default MBR code
    17:22:06.753 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
    17:22:06.768 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12544 MB offset 81920
    17:22:06.768 Disk 0 Boot: NTFS code=1
    17:22:06.800 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941284 MB offset 25772032
    17:22:07.252 Disk 0 scanning C:\Windows\system32\drivers
    17:22:20.777 Service scanning
    17:22:33.959 Modules scanning
    17:22:33.959 Disk 0 trace - called modules:
    17:22:33.975 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
    17:22:33.991 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800cca4060]
    17:22:33.991 3 CLASSPNP.SYS[fffff88001d9543f] -> nt!IofCallDriver -> [0xfffffa800a47a590]
    17:22:33.991 5 ACPI.sys[fffff88000f927a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800a6a0050]
    17:22:37.235 AVAST engine scan C:\Windows
    17:22:40.792 AVAST engine scan C:\Windows\system32
    17:24:52.332 AVAST engine scan C:\Windows\system32\drivers
    17:25:02.628 AVAST engine scan C:\Users\John
    19:11:24.070 AVAST engine scan C:\ProgramData
    19:17:51.762 Disk 0 statistics 6489071/0/22 @ 0.63 MB/s
    19:17:51.777 Scan finished successfully
    19:46:17.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    19:46:17.125 Disk 0 Vendor: ST310005 JC4A Size: 953869MB BusType: 3
    19:46:20.277 Disk 0 statistics 6490256/0/23 @ 0.63 MB/s
    19:46:20.277 Scan stopped
    19:46:56.127 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
    19:46:56.142 The log file has been saved successfully to "J:\aswMBR.txt"

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,958

    Default

    Some of the errors showing might be a bit of a pain to attempt to fix...

    The below 2 items need to be uninstalled/deleted from your add/remove programs list.
    After, please reboot your computer.

    Coupon Companion Plugin (HKLM-x32\...\Coupon Companion Plugin) (Version: 1.26.152.152 - 215 Apps) <==== ATTENTION
    Java 7 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217011FF}) (Version: 7.0.110 - Oracle) <== very outdated and open to exploit

    ~~~

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CreateRestorePoint:
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKU\S-1-5-18\...\RunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    HKU\S-1-5-18\...\RunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    HKU\S-1-5-18\...\RunOnce: [{90140000-00A1-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    HKU\S-1-5-18\...\RunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-211488708-3525939622-1550682978-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-211488708-3525939622-1550682978-1000 -> {CE522274-F06E-4D52-9CA3-63B6C654F169} URL =
    SearchScopes: HKU\S-1-5-21-211488708-3525939622-1550682978-1000 -> {FA3295EA-6375-4900-8C94-B2A9C0C67D6E} URL =
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\PepperFlash\pepflashplayer.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\pdf.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
    C:\Users\Public\Tempmozy-autoupdate-8262dfa079e3ea66519693899238bbfb.exe
    C:\Users\Public\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe
    C:\Users\Public\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe
    C:\Users\Public\Tempmozy-autoupdate-c0261ff8012aad585d55140a9b6ddcb9.exe
    C:\Users\Public\Tempmozy-autoupdate-fd378831154aecd3ff93f99a8cbdcdea.exe
    C:\Users\Public\Tempmozy-manualupdate-4a89cedd164c5f5e19189bfd5deb26c7.exe
    C:\Users\Public\Tempmozy-manualupdate-4ff83994dfb32374e99fb2987f4e5700.exe
    C:\Users\Public\Tempmozy-manualupdate-5ab4a737bec6be5a44cdd634ea82d76b.exe
    C:\Users\Public\Tempmozy-manualupdate-b2dc44eb185732ade88416784fadbd67.exe
    C:\Users\Public\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe
    C:\Users\Public\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
    C:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpljkj9h.dll
    C:\Users\John\AppData\Local\Temp\HPInstaller.exe
    C:\Users\John\AppData\Local\Temp\lowproc.exe
    C:\Users\John\AppData\Local\Temp\mozy-sync-1_3_0_4057-62459.exe
    C:\Users\John\AppData\Local\Temp\mozy-sync-1_3_1_4068-63621.exe
    C:\Users\John\AppData\Local\Temp\mozy-sync_1.2.0.4028.exe
    C:\Users\John\AppData\Local\Temp\mozy-sync_1.2.1.4039.exe
    C:\Users\John\AppData\Local\Temp\ose00000.exe
    C:\Users\John\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    C:\Users\John\AppData\Local\Temp\stubhelper.dll
    C:\Users\John\AppData\Local\Temp\_isDE83.exe
    C:\Users\John\AppData\Local\Temp\_isEAB4.exe
    C:\Users\John\AppData\Local\Temp\{FED90B67-82A4-4ADC-B34B-EEE0F6290AD4}-54.0.2840.71_chrome_installer.exe
    Task: {18BEDE3E-626D-4EC6-8684-D0049D33D35C} - \Updater21804.exe -> No File <==== ATTENTION
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    ~~~~~~~~~~~~~~~~`

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
      In order to use AdwCleaner, you have to agree the Eula:
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

    ~~


    Please download Junkware Removal Tool
    or from here http://downloads.malwarebytes.org/file/jrt
    to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ~~
    please post
    Fixlog.txt
    AdwCleaner[C1].txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Member
    Join Date
    Oct 2008
    Posts
    53

    Default

    Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
    Ran by John (13-11-2016 10:27:51) Run:1
    Running from C:\Users\John\Desktop
    Loaded Profiles: John (Available Profiles: John)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKU\S-1-5-18\...\RunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    HKU\S-1-5-18\...\RunOnce: [{90140000-001A-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    HKU\S-1-5-18\...\RunOnce: [{90140000-00A1-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    HKU\S-1-5-18\...\RunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-211488708-3525939622-1550682978-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-211488708-3525939622-1550682978-1000 -> {CE522274-F06E-4D52-9CA3-63B6C654F169} URL =
    SearchScopes: HKU\S-1-5-21-211488708-3525939622-1550682978-1000 -> {FA3295EA-6375-4900-8C94-B2A9C0C67D6E} URL =
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\PepperFlash\pepflashplayer.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\pdf.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
    C:\Users\Public\Tempmozy-autoupdate-8262dfa079e3ea66519693899238bbfb.exe
    C:\Users\Public\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe
    C:\Users\Public\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe
    C:\Users\Public\Tempmozy-autoupdate-c0261ff8012aad585d55140a9b6ddcb9.exe
    C:\Users\Public\Tempmozy-autoupdate-fd378831154aecd3ff93f99a8cbdcdea.exe
    C:\Users\Public\Tempmozy-manualupdate-4a89cedd164c5f5e19189bfd5deb26c7.exe
    C:\Users\Public\Tempmozy-manualupdate-4ff83994dfb32374e99fb2987f4e5700.exe
    C:\Users\Public\Tempmozy-manualupdate-5ab4a737bec6be5a44cdd634ea82d76b.exe
    C:\Users\Public\Tempmozy-manualupdate-b2dc44eb185732ade88416784fadbd67.exe
    C:\Users\Public\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe
    C:\Users\Public\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe
    C:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpljkj9h.dll
    C:\Users\John\AppData\Local\Temp\HPInstaller.exe
    C:\Users\John\AppData\Local\Temp\lowproc.exe
    C:\Users\John\AppData\Local\Temp\mozy-sync-1_3_0_4057-62459.exe
    C:\Users\John\AppData\Local\Temp\mozy-sync-1_3_1_4068-63621.exe
    C:\Users\John\AppData\Local\Temp\mozy-sync_1.2.0.4028.exe
    C:\Users\John\AppData\Local\Temp\mozy-sync_1.2.1.4039.exe
    C:\Users\John\AppData\Local\Temp\ose00000.exe
    C:\Users\John\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
    C:\Users\John\AppData\Local\Temp\stubhelper.dll
    C:\Users\John\AppData\Local\Temp\_isDE83.exe
    C:\Users\John\AppData\Local\Temp\_isEAB4.exe
    C:\Users\John\AppData\Local\Temp\{FED90B67-82A4-4ADC-B34B-EEE0F6290AD4}-54.0.2840.71_chrome_installer.exe
    Task: {18BEDE3E-626D-4EC6-8684-D0049D33D35C} - \Updater21804.exe -> No File <==== ATTENTION
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{91140000-0011-0000-0000-0000000FF1CE} => value removed successfully
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-001A-0409-0000-0000000FF1CE} => value removed successfully
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-00A1-0409-0000-0000000FF1CE} => value removed successfully
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\{90140000-006E-0409-0000-0000000FF1CE} => value removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    "HKU\S-1-5-21-211488708-3525939622-1550682978-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
    HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
    "HKU\S-1-5-21-211488708-3525939622-1550682978-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CE522274-F06E-4D52-9CA3-63B6C654F169}" => key removed successfully
    HKCR\CLSID\{CE522274-F06E-4D52-9CA3-63B6C654F169} => key not found.
    "HKU\S-1-5-21-211488708-3525939622-1550682978-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FA3295EA-6375-4900-8C94-B2A9C0C67D6E}" => key removed successfully
    HKCR\CLSID\{FA3295EA-6375-4900-8C94-B2A9C0C67D6E} => key not found.
    C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\PepperFlash\pepflashplayer.dll => not found.
    C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\ppGoogleNaClPluginChrome.dll => not found.
    C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.87\pdf.dll => not found.
    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
    C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => not found.
    C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => not found.
    C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => not found.
    C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => not found.
    C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => not found.
    C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => not found.
    C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => not found.
    C:\Users\Public\Tempmozy-autoupdate-8262dfa079e3ea66519693899238bbfb.exe => moved successfully
    C:\Users\Public\Tempmozy-autoupdate-82af9a609219353256cb533e636b9416.exe => moved successfully
    C:\Users\Public\Tempmozy-autoupdate-864934ef6e2b54a6f5dcfa6e472922e2.exe => moved successfully
    C:\Users\Public\Tempmozy-autoupdate-c0261ff8012aad585d55140a9b6ddcb9.exe => moved successfully
    C:\Users\Public\Tempmozy-autoupdate-fd378831154aecd3ff93f99a8cbdcdea.exe => moved successfully
    C:\Users\Public\Tempmozy-manualupdate-4a89cedd164c5f5e19189bfd5deb26c7.exe => moved successfully
    C:\Users\Public\Tempmozy-manualupdate-4ff83994dfb32374e99fb2987f4e5700.exe => moved successfully
    C:\Users\Public\Tempmozy-manualupdate-5ab4a737bec6be5a44cdd634ea82d76b.exe => moved successfully
    C:\Users\Public\Tempmozy-manualupdate-b2dc44eb185732ade88416784fadbd67.exe => moved successfully
    C:\Users\Public\Tempmozy-update-1f7fe3012a1778a4fc7c5075f2f61812.exe => moved successfully
    C:\Users\Public\Tempmozy-update-a31217e595a1463492ad999467f8f0a1.exe => moved successfully
    C:\Users\John\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpljkj9h.dll => moved successfully
    C:\Users\John\AppData\Local\Temp\HPInstaller.exe => moved successfully
    C:\Users\John\AppData\Local\Temp\lowproc.exe => moved successfully
    C:\Users\John\AppData\Local\Temp\mozy-sync-1_3_0_4057-62459.exe => moved successfully
    C:\Users\John\AppData\Local\Temp\mozy-sync-1_3_1_4068-63621.exe => moved successfully
    C:\Users\John\AppData\Local\Temp\mozy-sync_1.2.0.4028.exe => moved successfully
    C:\Users\John\AppData\Local\Temp\mozy-sync_1.2.1.4039.exe => moved successfully
    C:\Users\John\AppData\Local\Temp\ose00000.exe => moved successfully
    C:\Users\John\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => moved successfully
    C:\Users\John\AppData\Local\Temp\stubhelper.dll => moved successfully
    C:\Users\John\AppData\Local\Temp\_isDE83.exe => moved successfully
    C:\Users\John\AppData\Local\Temp\_isEAB4.exe => moved successfully
    C:\Users\John\AppData\Local\Temp\{FED90B67-82A4-4ADC-B34B-EEE0F6290AD4}-54.0.2840.71_chrome_installer.exe => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18BEDE3E-626D-4EC6-8684-D0049D33D35C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18BEDE3E-626D-4EC6-8684-D0049D33D35C}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater21804.exe => key not found.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= netsh winsock reset all =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= netsh int ipv4 reset =========

    Reseting Global, OK!
    Reseting Interface, OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========


    ========= netsh int ipv6 reset =========

    Reseting Interface, OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 325762687 B
    Java, Flash, Steam htmlcache => 30839 B
    Windows/system/drivers => 5093780265 B
    Edge => 0 B
    Chrome => 393805461 B
    Firefox => 164161069 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 66228 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 42502300 B
    systemprofile32 => 39840550 B
    LocalService => 16384 B
    NetworkService => 266034 B
    John => 2289545216 B

    RecycleBin => 782339 B
    EmptyTemp: => 7.8 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 10:31:11 ====


    # AdwCleaner v6.030 - Logfile created 13/11/2016 at 11:26:59
    # Updated on 19/10/2016 by Malwarebytes
    # Database : 2016-11-13.1 [Server]
    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : John - JOHNDESKTOP
    # Running from : C:\Users\John\Desktop\AdwCleaner.exe
    # Mode: Clean
    # Support : hxxps://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****

    [-] Folder deleted: C:\Users\John\AppData\LocalLow\HPAppData
    [-] Folder deleted: C:\ProgramData\apn
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\apn


    ***** [ Files ] *****



    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Iminent
    [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Iminent
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{884189CF-7C10-41E8-A014-F7B2BE40AADB}
    [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{94952EC4-DB66-3F32-BE4C-F0BB875EA98E}
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}]
    [-] Key deleted: HKU\S-1-5-21-211488708-3525939622-1550682978-1000\Software\APN PIP
    [#] Key deleted on reboot: HKCU\Software\APN PIP
    [#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
    [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18C9E3869A16248439FE3FF9EB02207A
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D8011310B2622942868A458964FFDC5
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C63F7979DCC2154CB9591969A5CB89D
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DD31E6C1A73B334383DF186676F4D20
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB3204F747B20694B8D49EF92D8DC94B
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C81E33A400B6F814E90C7A3354E2A3A5
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EDBF68C5F16790341B7C6FD7C7F8E4FC
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFA531D0F3A71504DA7AC6A11CE33739
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3038A20B9089EC34D8F74220191FAB30
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EC6D81181F59F2459A84176A626F9ED
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
    [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CE522274-F06E-4D52-9CA3-63B6C654F169}
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylonbee.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylonbee.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\izito.com


    ***** [ Web browsers ] *****

    [-] [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
    [-] [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bopakagnckmlgajfccecajhnimjiiedh


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [22986 Bytes] - [13/11/2016 11:26:59]
    C:\AdwCleaner\AdwCleaner[S0].txt - [22834 Bytes] - [13/11/2016 11:20:40]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [23134 Bytes] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.9 (09.30.2016)
    Operating System: Windows 7 Home Premium x64
    Ran by John (Administrator) on Sun 11/13/2016 at 11:40:37.32
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 19

    Successfully deleted: C:\Users\John\AppData\Local\{001B17A2-2140-4799-B93D-9281548A04DD} (Empty Folder)
    Successfully deleted: C:\Users\John\AppData\Local\{048F61D6-5891-4989-9DFD-AB07F6E0715A} (Empty Folder)
    Successfully deleted: C:\Users\John\AppData\Local\{1BDEDE7A-281E-400A-8C73-23D7A79199A9} (Empty Folder)
    Successfully deleted: C:\Users\John\AppData\Local\{1E521534-9F00-47A6-9DA1-738315BA1D04} (Empty Folder)
    Successfully deleted: C:\Users\John\AppData\Local\{2C8587EB-7A8C-4A3D-A894-87A3A85D4D25} (Empty Folder)
    Successfully deleted: C:\Users\John\AppData\Local\{3A9FE770-A245-48E3-822A-5389149CCFB2} (Empty Folder)
    Successfully deleted: C:\Users\John\AppData\Local\{45025E49-A4AE-4902-9A88-CDCE45EC680E} (Empty Folder)
    Successfully deleted: C:\Users\John\AppData\Local\{675C7220-0D73-47D7-96A8-44EB08ECE4E1} (Empty Folder)
    Successfully deleted: C:\Users\John\AppData\Local\{9F4206D1-C83A-4063-9D08-F2D77351C0C4} (Empty Folder)
    Successfully deleted: C:\Users\John\AppData\Local\{B7BCA253-63E0-429C-9461-BB9CC991509E} (Empty Folder)
    Successfully deleted: C:\Users\John\AppData\Local\{CE475047-FFC9-442F-9BBC-28A67E5DAE76} (Empty Folder)
    Successfully deleted: C:\Users\John\AppData\Local\{FD47EB78-F39E-4994-B700-D0028868C134} (Empty Folder)
    Successfully deleted: C:\Windows\wininit.ini (File)
    Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYL6NDS2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OAVKURG8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5K07ZM6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYL6NDS2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OAVKURG8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5K07ZM6 (Temporary Internet Files Folder)

    Deleted the following from C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\aeoam766.default\prefs.js
    user_pref(browser.search.defaultenginename, Secure Search);
    user_pref(browser.search.defaultenginename.US, Secure Search);
    user_pref(browser.search.order.1, Secure Search);
    user_pref(browser.search.selectedEngine, Secure Search);



    Registry: 1

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 11/13/2016 at 11:44:26.41
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,958

    Default

    Let's update and run a scan with Malwarebytes Anti-Malware

    • Open Malwarebytes Anti-Malware
    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
    • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
    • Upon completion of the scan (or after the reboot), click the History tab.
    • Click Application Logs, followed by the first Scan Log.
    • Click Export,followed by Copy to Clipboard. Paste the log in your next reply.

    ~~~~~~~~~~~~~~~~~~~~`

    Please download Emsisoft Emergency Kit and save it to your desktop.
    Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop.
    • Leave all settings as they are and click the Extract button at the bottom.
    • A folder named EEK will be created in the root of the drive (usually c:\).
    • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
    • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates.
    • Please click Yes so that it downloads the latest database updates.
    • When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
    • Click on Scan to be taken to the scan options.
    • If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
    • Click on the Malware Scan button to start the scan.
    • When the scan is completed click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
    • Please save the log in Notepad on your desktop, and copy it to your next reply.
    • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.


    ~~~~~~~~~~

    please post these 2 logs

    Also, how is your computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Member
    Join Date
    Oct 2008
    Posts
    53

    Default

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/17/2016
    Scan Time: 12:21:48 AM
    Logfile: MBAM Scan Log.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.11.17.03
    Rootkit Database: v2016.10.31.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 2
    CPU: x64
    File System: NTFS
    User: John

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 309135
    Time Elapsed: 14 min, 0 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)




    Emsisoft Emergency Kit - Version 11.9
    Last update: 11/17/2016 7:30:25 AM
    User account: JohnDesktop\John
    Computer name: JOHNDESKTOP
    OS version: Windows 7x64 Service Pack 1

    Scan settings:

    Scan type: Malware Scan
    Objects: Rootkits, Memory, Traces, Files

    Detect PUPs: On
    Scan archives: Off
    ADS Scan: On
    File extension filter: Off
    Advanced caching: On
    Direct disk access: Off

    Scan start: 11/17/2016 7:36:30 AM
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A)
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)

    Scanned 78820
    Found 6

    Scan end: 11/17/2016 7:40:31 AM
    Scan time: 0:04:01

    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Setting.NoRun (A)
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Setting.DisableRegistryTools (A)
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Setting.DisableTaskMgr (A)

    Quarantined 3

    Unfortunately, my computer still has exactly the same issues that it had before we started...I can access some sites but not others. For instance, I can open AOL, Facebook, and Google, and Google will even run searches, but hyperlinks within those sites don't work. I have used IE, Firefox, and Google Chrome, and I have the same issues with all browsers. I have used my Time Warner cable modem plus Cisco WiFi router, and I have used a Verizon mobile hotspot. I can connect to the Internet with both, but I have the same issues with all combinations of the above connections and browsers. Both of our laptops are working fine with either the cable modem or the mobile hotspot.

    I am also still getting the message “Revocation information for the security certificate for this site is not available” every time I open Facebook from the desktop, and I have never seen that message when opening Facebook from my Kindle or either of the laptops.

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,958

    Default

    This is a hard one

    Computer's date is correct?

    Please go here and download the latest version of Java
    https://www.java.com/en/download/
    follow instructions with out bundled toolbars, Then going into the Java Control panel, and unchecking 'Check for updates automatically', then restarting. Knock on wood, the error hasn't returned,

    attempt Facebook again


    If that doesn't help we'll have to disable
    Launch Internet Explorer on a desktop computer.
    Click Tools | Internet Options.
    - The "Internet Options" window appears.
    Click the Advanced tab.
    Under "Security", uncheck the boxes "Check for publisher's revocation" and "Check for server certificate revocation."
    Click Apply.
    Click Ok.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Member
    Join Date
    Oct 2008
    Posts
    53

    Default

    I installed Java (I couldn't get an Internet connection to download directly to my desktop, so I had to download the offline installation program to a flash drive, then load and run on my desktop). I still get the Security Alert message when I start Facebook. It's a minor annoyance, and all I have to do is click the "Yes" box, and Facebook runs normally. I can live with that. However, the inability to connect to Internet sites has not improved. Do my latest logs still show evidence of malware, or could I be barking up the wrong tree? Since my cable modem and wireless router are working OK with my laptops, I am wondering if my computer's onboard network adapter is corrupted. If you don't see any evidence of malware now, I think I will install a USB wireless adapter and see how that works. What do you think?

  8. #8
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,958

    Default

    I am wondering if my computer's onboard network adapter is corrupted. If you don't see any evidence of malware now, I think I will install a USB wireless adapter and see how that works. What do you think?
    Without having internet to try an online scan I can't say your completely malware free but, I don't see how there could be much hiding at this point.
    Let me throw a couple of suggestions out there first.

    Have you tried booting into safe mode with networking to see if you have internet access that way?
    Reason we ask people to try that is to see if onboard security is interfering.
    ~~
    Have you tried resetting your router?
    Shut down the computer
    try unplugging your modem/router for a couple of minutes, Turn the router back on and wait for all lights to stop flashing.
    Boot the computer back up and check connection.
    ~~~~~~

    there is a proxy setting under the Internet Options in the Control Panel
    Internet Options -> Connections tab -> "LAN settings" button
    make sure Proxy server is unchecked
    ~~
    Let me give you a couple of help links with ideas you might want to try.
    http://www.online-tech-tips.com/comp...et-in-windows/
    https://support.microsoft.com/en-us/...-get-connected

    Let me know how you make out.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,958

    Default

    Glad we could help.

    Since this issue appears resolved ... this Topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •