Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 42

Thread: Malware #SL9DW61 message

  1. #21
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    MalwareBytes for the time being is an anti-malware scanner (Can be bought as a premium package)
    SpyBot (unless it's the security package) works along the same way and works with onboard antivirus software.
    McAfee is an antivirus and/or can be obtained as a security package too.

    We ready to remove tools and quarantine folders?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  2. #22
    Junior Member
    Join Date
    Nov 2016
    Posts
    27

    Default

    Yes ready for this

  3. #23
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    ********************


    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secunia PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #24
    Junior Member
    Join Date
    Nov 2016
    Posts
    27

    Default

    Have run delfix and everything looks fine
    Thanks for all the links!

  5. #25
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    We're glad to help
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #26
    Junior Member
    Join Date
    Nov 2016
    Posts
    27

    Default

    Quote Originally Posted by Juliet View Post
    We're glad to help
    Hi Juliet

    I think I may still have a problem
    After signing off I was working on my PC and using an internet banking app when I got the Buzzing Dhol Trojan screen displayed. Needless to say I shut down immediately and checked my account via an iPad. No damage done I believe.
    Then I followed Lawrence Abrams Malware Removal guide.
    1. Checked Task Manager to remove to terminate process - nothing found
    2. Uninstall program in Control panel - Nothing found
    3. Use Rkill to terminate suspicious programs - results below

    Checking Windows Service Integrity:

    * gagp30kx [Missing Service]
    * IEEtwCollectorService [Missing Service]
    * IoQos [Missing Service]
    * nv_agp [Missing Service]
    * TimeBroker [Missing Service]
    * uagp35 [Missing Service]
    * uliagpkx [Missing Service]
    * WcsPlugInService [Missing
    Checking Windows Service Integrity:

    * gagp30kx [Missing Service]
    * IEEtwCollectorService [Missing Service]
    * IoQos [Missing Service]
    * nv_agp [Missing Service]
    * TimeBroker [Missing Service]
    * uagp35 [Missing Service]
    * uliagpkx [Missing Service]
    * WcsPlugInService [Missing Service]
    * wpcfltr [Missing Service]
    * WSService [Missing Service]

    * agp440 [Missing ImagePath]

    * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
    * WpnService => %sysService]
    * wpcfltr [Missing Service]
    * WSService [Missing Service]

    * agp440 [Missing ImagePath]

    * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
    * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

    * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
    * vmicvss => %SystemRoot%\System32\icsvcext.dll [Inctemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

    * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
    * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

    Searching for Missing Digital Signatures:
    orrect ServiceDLL]

    Searching for Missing Digital Signatures:

    * No issues found.

    * No issues found.

    Checking HOSTS File:

    Checking HOSTS File:

    * Cannot edit the HOSTS file.

    * Cannot edit the HOSTS file.
    * Permissions Fixed. Administrators can now edit the HOSTS file.
    * Permissions Fixed. Administrators can now edit the HOSTS file.

    * HOSTS file entries found:

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100s
    * HOSTS file entries found:

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com

    20 out of 15589 HOSTS entries shown.
    Please review HOSTS file for further entries.
    exlinks.com
    127.0.0.1 100sexlinks.com

    Program finished at: 11/28/2016 08:38:58 PM
    Execution time: 0 hours(s), 2 minute(s), and 19 seconds(s)

    20 out of 15589 HOSTS entries shown.
    Please review HOSTS file for further entries.

    Program finished at: 11/28/2016 08:38:58 PM
    Execution time: 0 hours(s), 0 minute(s), and 56 seconds(s)

    4. Use Malwarebytes o clean infection - Rootkits enabled

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 28/11/2016
    Scan Time: 22:46
    Logfile: Buzzing.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.11.28.17
    Rootkit Database: v2016.11.20.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Martin

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 448993
    Time Elapsed: 40 min, 50 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    5. Use AdwCleaner - nothing for Buzzing Dhol found

    6. Use Hitman Pro to to scan for badware - 2 hits

    My concern is that there is something buried deep in my computer that still hasn't been found and eradicated. DO you have any ideas as to what is happening please?

  7. #27
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Don't know whats up, we'll have to search

    Scan with Zemana AntiMalware Free:
    • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
    • Please or download and install Zemana AntiMalware Free
    • Double-click software shortcut on the desktop and follow the prompts to install the program .
    • If an update is available, click the Update now button.
    • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
    • Auto Launch > Untick the box next
    • Scan type > Smart scan (Default)
    • Close all open files, folders and browsers
    • Click scan now ''Run as Administrator'' and a threat Scan will begin.
    • When the scan is complete, Press report and send me report.
    • Please PC restart now.


    ~~~

    Find your version of Farbar Recovery Scan Tool and delete it so we can get an updated copy.

    Farbar Recovery Scan Tool (FRST) Scan
    • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) andsave the file to your Desktop.
    • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
    • Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.
    • Click Yes to the disclaimer.
    • Ensure the Addition.txt box is checked.
    • Click the Scan button and let the programme run.
    • Upon completion, click OK, then OK on the Addition.txt pop up screen.
    • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.


    ~~~

    Malwarebytes Anti-Rootkit
    • Download Malwarebytes Anti-Rootkit
    • Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
    • Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
    • Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
    • Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
    • After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
    • Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
    • If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.



    • Please click by the introduction screen on the Next button to continue.




    • Next you will see the Update Database screen.
    • Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.




    • When the update has finished, click on the Next button.



    • Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
    • Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.




    • When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
    • Make sure everything is selected and that the option to create a restore point is checked.
    • Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
    • Click on Yes button to restart your computer.

    • There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
    • The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
      • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.

    • The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #28
    Junior Member
    Join Date
    Nov 2016
    Posts
    27

    Default Zemana results

    Zemana AntiMalware 2.70.179.25 (Installed)

    -------------------------------------------------------
    Scan Result : Completed
    Scan Date : 2016/11/30
    Operating System : Windows 10 64-bit
    Processor : 4X Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
    BIOS Mode : Legacy
    CUID : 1204AA09F3342AA13920DE
    Scan Type : System Scan
    Duration : 22m 52s
    Scanned Objects : 212865
    Detected Objects : 4
    Excluded Objects : 0
    Read Level : Normal
    Auto Upload : Enabled
    Detect All Extensions : Disabled
    Scan Documents : Disabled
    Domain Info : WORKGROUP,0,2

    Detected Objects
    -------------------------------------------------------

    Edge Homepage
    Status : Scanned
    Object : http://en.4yendex.com/?utm_source=sd...ba11a8b79cd366
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Suspicious Browser Setting
    Cleaning Action : Repair
    Related Objects :
    Browser Setting - Edge Homepage

    Chrome Homepage
    Status : Scanned
    Object : http://uk.yardood.com/?tn=sdkw_inner...ba11a8b79cd366
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Suspicious Browser Setting
    Cleaning Action : Repair
    Related Objects :
    Browser Setting - Chrome Homepage

    miniinstall.exe
    Status : Scanned
    Object : M:\Users\Martin\Downloads\miniinstall.exe
    MD5 : FB89C60C198F7D316065D25C73322891
    Publisher : Media Labs Limited
    Size : 308560
    Version : 0.1.0.23
    Detection : Adware:Win32/BrowserHijack.Gen
    Cleaning Action : Quarantine
    Related Objects :
    File - M:\Users\Martin\Downloads\miniinstall.exe

    picasawin10-setup.exe
    Status : Scanned
    Object : M:\Users\Martin\Downloads\picasawin10-setup.exe
    MD5 : 3000834990C081CD8256663285B3321C
    Publisher : iLight Media LP
    Size : 953720
    Version : 0.0.0.0
    Detection : Adware:Win32/InstallCore.Variant!Sig
    Cleaning Action : Quarantine
    Related Objects :
    File - M:\Users\Martin\Downloads\picasawin10-setup.exe


    Cleaning Result
    -------------------------------------------------------
    Cleaned : 4
    Reported as safe : 0
    Failed : 0

  9. #29
    Junior Member
    Join Date
    Nov 2016
    Posts
    27

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2016
    Ran by Martin (administrator) on MARTIN-HP (30-11-2016 23:12:54)
    Running from M:\Users\Martin\Downloads
    Loaded Profiles: Martin (Available Profiles: Martin & Anna & DefaultAppPool)
    Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
    (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    (Mirics Semiconductor Ltd) C:\Windows\System32\Hauppauge\hcwD3dvb\DVBT\DVBservice.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
    (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
    (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
    (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (Microsoft Corporation) C:\Windows\System32\vds.exe
    () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (Microsoft Corporation) C:\Windows\vVX3000.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    (Google Inc.) C:\Users\Martin\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
    (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
    (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Microsoft Corporation) C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\MHN\AlertHost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-08-15] (Hewlett-Packard )
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1813128 2015-12-11] (NVIDIA Corporation)
    HKLM\...\Run: [IgfxTray] => "C:\WINDOWS\system32\igfxtray.exe"
    HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
    HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
    HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)
    HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
    HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-04] (Hewlett-Packard)
    HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [612872 2014-01-03] (EasyBits Software AS)
    HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [61440 2006-09-14] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
    HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [616272 2015-05-13] (McAfee, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-09-11] (Western Digital Technologies, Inc.)
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-10-05] (Apple Inc.)
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-10-05] (Apple Inc.)
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.)
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-10-05] (Apple Inc.)
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [Google+ Auto Backup] => C:\Users\Martin\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-10-05] (Apple Inc.)
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\RunOnce: [Uninstall C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Policies\system: [DisableLockWorkstation] 0
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Policies\system: [DisableChangePassword] 0
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\GPhotos.scr [4587520 2015-10-13] (Google Inc.)
    HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2014-11-08] (SEIKO EPSON CORPORATION)
    ShellExecuteHooks: - {E54729E8-643D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook64.dll [773192 2014-01-05] ()
    ShellExecuteHooks-x32: - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook32.dll [484936 2014-01-05] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-06]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2011-05-25]
    ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2011-01-23]
    ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{49fd34a8-7140-4b34-baed-7569201fc946}: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{6c148f43-6317-48e1-a91a-95a97bf9803f}: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{d2676523-a682-4f50-bf4b-ac96a89cc311}: [DhcpNameServer] 192.168.1.1
    ManualProxies:

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    URLSearchHook: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll (McAfee, Inc.)
    URLSearchHook: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll (McAfee, Inc.)
    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> DefaultScope {0177F507-A638-4EAE-A88E-5D09F41D8713} URL =
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2011-03-21] (TechSmith Corporation)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-11-24] (Microsoft Corporation)
    BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
    BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-24] (Microsoft Corporation)
    BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2011-03-21] (TechSmith Corporation)
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
    Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2011-03-21] (TechSmith Corporation)
    Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
    Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2011-03-21] (TechSmith Corporation)
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-08-05] (Belarc, Inc.)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-03] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-03] (McAfee, Inc.)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-24] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-24] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-24] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-24] (Microsoft Corporation)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-03] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-03] (McAfee, Inc.)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-05-13] (McAfee, Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\3t3y5vyl.default-1479993367878 [2016-11-30]
    FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-10-18]
    FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-17] [not signed]
    FF Extension: (Motive Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2014-10-14] [not signed]
    FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-17] [not signed]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-11-28]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
    FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll [2010-10-28] (McAfee, Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-11-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
    FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-533333334-2176733419-3778265130-1001: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-11-11] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-11-11] (Apple Inc.)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR RestoreOnStartup: Default -> "hxxp:\/\/uk.yardood.com\/?tn=sdkw_inner_hp_01_yardood_uk&guid=bfdd8eb17ff0571a0eba11a8b79cd366"
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\PepperFlash\pepflashplayer.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\pdf.dll => No File
    CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => No File
    CHR Plugin: (Skype Toolbars) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL => No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL => No File
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    CHR Plugin: (McAfee Virtual Technician) - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
    CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll => No File
    CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll => No File
    CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll => No File
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
    CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
    CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2016-11-30]
    CHR Extension: (SiteAdvisor) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-10-02]
    CHR Extension: (Skype Click to Call) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-17]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-02]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-01]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-01]
    CHR HKLM-x32\...\Chrome\Extension: [hdpkpbhapgfjahbajejahjjcghiclegg] - C:\Program Files (x86)\bttb\toolbar.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
    R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
    R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2016-10-30] (Microsoft Corporation)
    S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-11-26] (CyberLink)
    R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-08-01] (CHENGDU YIWO Tech Development Co., Ltd)
    R2 hcwD3bda_dvbt; C:\WINDOWS\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe [2641920 2010-12-16] (Mirics Semiconductor Ltd)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-11-28] (SurfRight B.V.)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
    S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [681528 2010-08-06] (Hewlett-Packard)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
    R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
    S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [166152 2016-10-03] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
    R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
    R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
    R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.) [File not signed]
    R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
    R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
    S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.)
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
    R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13915888 2016-11-22] (Zemana Ltd.)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
    S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] ()
    S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
    R1 epp; C:\EEK\bin64\epp.sys [116944 2016-06-30] (Emsisoft Ltd)
    R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
    S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] ()
    S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
    R3 hcwD3bda; C:\WINDOWS\system32\DRIVERS\hcwD3bda64.sys [116352 2010-06-29] (Mirics)
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
    R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2016-11-30] ()
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-30] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
    R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
    R0 mfedisk; C:\WINDOWS\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
    R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)
    S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)
    R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
    R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
    S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdcwu.inf_amd64_16f6c9b501baeb7d\nvlddmkm.sys [13754928 2016-08-26] (NVIDIA Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
    R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [65576 2015-06-16] (Safer-Networking Ltd.)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
    R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-11-30] (Zemana Ltd.)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-11-30] (Zemana Ltd.)
    U3 idsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-30 23:12 - 2016-11-30 23:12 - 00000000 ____D C:\FRST
    2016-11-30 23:00 - 2016-11-30 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2016-11-30 22:57 - 2016-11-30 22:57 - 00000000 ___HD C:\OneDriveTemp
    2016-11-30 22:25 - 2016-11-30 23:18 - 02019761 _____ C:\WINDOWS\ZAM.krnl.trace
    2016-11-30 22:25 - 2016-11-30 23:18 - 00345589 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2016-11-30 22:25 - 2016-11-30 22:25 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
    2016-11-30 22:25 - 2016-11-30 22:25 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
    2016-11-30 22:25 - 2016-11-30 22:25 - 00001254 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
    2016-11-30 22:25 - 2016-11-30 22:25 - 00000000 ____D C:\Users\Martin\AppData\Local\Zemana
    2016-11-30 22:25 - 2016-11-30 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
    2016-11-30 22:25 - 2016-11-30 22:25 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2016-11-29 12:31 - 2016-11-30 22:54 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
    2016-11-29 12:24 - 2016-11-29 12:25 - 00545492 _____ C:\WINDOWS\Minidump\112916-27453-01.dmp
    2016-11-28 23:56 - 2016-11-28 23:55 - 00453211 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-235612.backup
    2016-11-28 23:55 - 2016-11-28 23:55 - 00453235 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-235542.backup
    2016-11-28 23:55 - 2016-11-28 23:54 - 00453259 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-235516.backup
    2016-11-28 23:54 - 2016-11-28 23:49 - 00453280 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-235459.backup
    2016-11-28 23:49 - 2016-11-28 23:48 - 00453303 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-234902.backup
    2016-11-28 23:48 - 2016-11-28 23:48 - 00453328 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-234850.backup
    2016-11-28 23:48 - 2016-11-28 23:46 - 00453353 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-234818.backup
    2016-11-28 23:46 - 2016-11-28 23:43 - 00453378 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20161128-234612.backup
    2016-11-28 23:44 - 2016-11-28 23:43 - 00453378 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-234409.backup
    2016-11-28 23:43 - 2016-11-28 23:43 - 00453403 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-234348.backup
    2016-11-28 23:43 - 2016-11-23 00:30 - 00453430 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161128-234342.backup
    2016-11-28 22:16 - 2016-11-28 22:16 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
    2016-11-28 21:56 - 2016-11-28 21:56 - 00001999 _____ C:\Users\Public\Desktop\HitmanPro.lnk
    2016-11-28 21:56 - 2016-11-28 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    2016-11-28 21:56 - 2016-11-28 21:56 - 00000000 ____D C:\Program Files\HitmanPro
    2016-11-28 21:53 - 2016-11-28 22:19 - 00000000 ____D C:\ProgramData\HitmanPro
    2016-11-28 21:38 - 2016-11-28 21:45 - 00000000 ____D C:\AdwCleaner
    2016-11-28 17:55 - 2016-11-28 17:56 - 00530588 _____ C:\WINDOWS\Minidump\112816-35218-01.dmp
    2016-11-28 17:27 - 2016-11-28 17:27 - 00000555 _____ C:\DelFix.txt
    2016-11-28 16:53 - 2016-11-06 11:52 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2016-11-28 00:16 - 2016-11-28 00:17 - 00534772 _____ C:\WINDOWS\Minidump\112816-25375-01.dmp
    2016-11-27 19:34 - 2016-11-27 19:35 - 00534804 _____ C:\WINDOWS\Minidump\112716-26281-01.dmp
    2016-11-27 14:48 - 2016-11-29 12:24 - 00000000 ____D C:\WINDOWS\Minidump
    2016-11-27 14:48 - 2016-11-27 14:49 - 00538236 _____ C:\WINDOWS\Minidump\112716-25015-01.dmp
    2016-11-24 17:16 - 2016-11-28 17:12 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
    2016-11-24 17:16 - 2016-11-24 17:16 - 00002530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
    2016-11-24 17:16 - 2016-11-24 17:16 - 00002529 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
    2016-11-24 17:16 - 2016-11-24 17:16 - 00002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
    2016-11-24 17:16 - 2016-11-24 17:16 - 00002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
    2016-11-24 17:16 - 2016-11-24 17:16 - 00002480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
    2016-11-24 17:16 - 2016-11-24 17:16 - 00002472 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
    2016-11-24 17:16 - 2016-11-24 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
    2016-11-24 17:03 - 2016-11-24 17:03 - 00000000 ____D C:\Program Files\Microsoft Office 15
    2016-11-23 14:32 - 2016-11-23 15:34 - 00000000 ____D C:\EEK
    2016-11-23 13:01 - 2016-11-30 22:33 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-11-23 13:00 - 2016-11-23 13:00 - 00001208 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-11-23 13:00 - 2016-11-23 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-11-23 13:00 - 2016-11-23 13:00 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-11-23 13:00 - 2016-11-23 13:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-11-23 13:00 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2016-11-23 13:00 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-11-23 13:00 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2016-11-23 00:30 - 2016-11-09 00:30 - 00453430 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161123-003049.backup
    2016-11-22 20:22 - 2016-11-22 20:22 - 00002484 _____ C:\Users\Martin\Desktop\JRT.txt
    2016-11-22 09:34 - 2016-11-22 09:34 - 00003334 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
    2016-11-20 15:33 - 2016-11-20 15:33 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-MARTIN-HP-Windows-10-Pro-(64-bit).dat
    2016-11-20 15:32 - 2016-11-20 15:32 - 00002345 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2016-11-20 15:32 - 2016-11-20 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-11-20 15:32 - 2016-11-20 15:32 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2016-11-20 15:31 - 2016-11-20 15:32 - 00017993 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2016-11-18 20:01 - 2016-11-30 22:57 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Mozilla
    2016-11-17 23:58 - 2016-11-30 22:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-11-10 11:13 - 2016-11-10 11:13 - 00001859 _____ C:\Users\Public\Desktop\iTunes.lnk
    2016-11-10 11:13 - 2016-11-10 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2016-11-10 11:11 - 2016-11-10 11:13 - 00000000 ____D C:\Program Files\iTunes
    2016-11-10 11:11 - 2016-11-10 11:11 - 00000000 ____D C:\Program Files\iPod
    2016-11-10 05:59 - 2016-11-10 05:59 - 00002258 _____ C:\Users\Public\Desktop\Google Earth.lnk
    2016-11-10 05:59 - 2016-11-10 05:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2016-11-09 08:31 - 2016-11-02 12:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2016-11-09 08:31 - 2016-11-02 11:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2016-11-09 08:31 - 2016-11-02 11:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2016-11-09 08:31 - 2016-11-02 11:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2016-11-09 08:31 - 2016-11-02 11:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-11-09 08:31 - 2016-11-02 11:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2016-11-09 08:31 - 2016-11-02 11:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
    2016-11-09 08:31 - 2016-11-02 11:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2016-11-09 08:31 - 2016-11-02 11:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2016-11-09 08:31 - 2016-11-02 11:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
    2016-11-09 08:31 - 2016-11-02 11:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-11-09 08:31 - 2016-11-02 11:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2016-11-09 08:31 - 2016-11-02 11:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2016-11-09 08:31 - 2016-11-02 10:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
    2016-11-09 08:31 - 2016-11-02 10:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-11-09 08:31 - 2016-11-02 10:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
    2016-11-09 08:31 - 2016-11-02 10:37 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
    2016-11-09 08:31 - 2016-11-02 10:36 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
    2016-11-09 08:31 - 2016-11-02 10:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
    2016-11-09 08:31 - 2016-11-02 10:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
    2016-11-09 08:31 - 2016-11-02 10:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
    2016-11-09 08:31 - 2016-11-02 10:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
    2016-11-09 08:31 - 2016-11-02 10:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2016-11-09 08:31 - 2016-11-02 10:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
    2016-11-09 08:31 - 2016-11-02 10:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
    2016-11-09 08:31 - 2016-11-02 10:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2016-11-09 08:31 - 2016-11-02 10:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
    2016-11-09 08:31 - 2016-11-02 10:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
    2016-11-09 08:31 - 2016-11-02 10:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
    2016-11-09 08:31 - 2016-11-02 10:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
    2016-11-09 08:31 - 2016-11-02 10:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
    2016-11-09 08:31 - 2016-11-02 10:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
    2016-11-09 08:31 - 2016-11-02 10:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
    2016-11-09 08:31 - 2016-11-02 10:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
    2016-11-09 08:31 - 2016-11-02 10:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
    2016-11-09 08:31 - 2016-11-02 10:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
    2016-11-09 08:31 - 2016-11-02 10:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
    2016-11-09 08:31 - 2016-11-02 10:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2016-11-09 08:31 - 2016-11-02 10:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
    2016-11-09 08:31 - 2016-11-02 10:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
    2016-11-09 08:31 - 2016-11-02 08:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
    2016-11-09 08:30 - 2016-11-02 12:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2016-11-09 08:30 - 2016-11-02 11:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-11-09 08:30 - 2016-11-02 11:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-11-09 08:30 - 2016-11-02 11:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-11-09 08:30 - 2016-11-02 11:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-11-09 08:30 - 2016-11-02 11:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-11-09 08:30 - 2016-11-02 11:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-11-09 08:30 - 2016-11-02 11:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-11-09 08:30 - 2016-11-02 11:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-11-09 08:30 - 2016-11-02 11:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-11-09 08:30 - 2016-11-02 11:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2016-11-09 08:30 - 2016-11-02 11:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-11-09 08:30 - 2016-11-02 11:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2016-11-09 08:30 - 2016-11-02 10:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-11-09 08:30 - 2016-11-02 10:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2016-11-09 08:30 - 2016-11-02 10:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
    2016-11-09 08:30 - 2016-11-02 10:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2016-11-09 08:30 - 2016-11-02 10:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2016-11-09 08:30 - 2016-11-02 10:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
    2016-11-09 08:30 - 2016-11-02 10:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2016-11-09 08:30 - 2016-11-02 10:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
    2016-11-09 08:30 - 2016-11-02 10:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
    2016-11-09 08:30 - 2016-11-02 10:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
    2016-11-09 08:30 - 2016-11-02 10:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
    2016-11-09 08:30 - 2016-11-02 10:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
    2016-11-09 08:30 - 2016-11-02 10:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-11-09 08:30 - 2016-11-02 10:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2016-11-09 08:30 - 2016-11-02 10:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2016-11-09 08:30 - 2016-11-02 10:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
    2016-11-09 08:30 - 2016-11-02 10:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
    2016-11-09 08:30 - 2016-11-02 10:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2016-11-09 08:30 - 2016-11-02 10:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-11-09 08:30 - 2016-11-02 10:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
    2016-11-09 08:30 - 2016-11-02 10:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2016-11-09 08:30 - 2016-11-02 10:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
    2016-11-09 08:30 - 2016-11-02 10:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
    2016-11-09 08:30 - 2016-11-02 10:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
    2016-11-09 08:30 - 2016-11-02 10:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
    2016-11-09 08:30 - 2016-11-02 10:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
    2016-11-09 08:30 - 2016-11-02 10:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
    2016-11-09 08:30 - 2016-11-02 10:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
    2016-11-09 08:30 - 2016-11-02 10:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
    2016-11-09 08:30 - 2016-11-02 10:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
    2016-11-09 08:30 - 2016-11-02 10:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
    2016-11-09 08:30 - 2016-11-02 10:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
    2016-11-09 08:30 - 2016-11-02 10:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
    2016-11-09 08:30 - 2016-11-02 10:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
    2016-11-09 08:30 - 2016-11-02 10:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2016-11-09 08:30 - 2016-11-02 10:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2016-11-09 08:30 - 2016-11-02 10:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
    2016-11-09 08:30 - 2016-11-02 10:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
    2016-11-09 08:30 - 2016-11-02 10:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
    2016-11-09 08:30 - 2016-11-02 10:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
    2016-11-09 08:30 - 2016-11-02 10:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2016-11-09 08:30 - 2016-11-02 10:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2016-11-09 08:30 - 2016-11-02 10:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2016-11-09 08:30 - 2016-11-02 10:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-11-09 08:30 - 2016-11-02 10:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-11-09 08:30 - 2016-11-02 10:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
    2016-11-09 08:30 - 2016-11-02 10:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
    2016-11-09 08:30 - 2016-11-02 10:18 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
    2016-11-09 08:30 - 2016-11-02 10:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2016-11-09 08:30 - 2016-11-02 10:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
    2016-11-09 08:30 - 2016-11-02 10:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
    2016-11-09 08:30 - 2016-11-02 10:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
    2016-11-09 08:30 - 2016-11-02 10:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
    2016-11-09 08:30 - 2016-11-02 10:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
    2016-11-09 08:30 - 2016-11-02 10:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2016-11-09 08:30 - 2016-11-02 10:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
    2016-11-09 08:30 - 2016-11-02 10:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
    2016-11-09 08:30 - 2016-11-02 10:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
    2016-11-09 08:30 - 2016-11-02 10:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2016-11-09 08:29 - 2016-11-02 11:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2016-11-09 08:29 - 2016-11-02 11:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-11-09 08:29 - 2016-11-02 11:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2016-11-09 08:29 - 2016-11-02 11:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-11-09 08:29 - 2016-11-02 11:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-11-09 08:29 - 2016-11-02 11:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-11-09 08:29 - 2016-11-02 11:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
    2016-11-09 08:29 - 2016-11-02 11:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2016-11-09 08:29 - 2016-11-02 11:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2016-11-09 08:29 - 2016-11-02 11:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2016-11-09 08:29 - 2016-11-02 11:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-11-09 08:29 - 2016-11-02 11:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
    2016-11-09 08:29 - 2016-11-02 11:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2016-11-09 08:29 - 2016-11-02 11:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
    2016-11-09 08:29 - 2016-11-02 11:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2016-11-09 08:29 - 2016-11-02 11:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-11-09 08:29 - 2016-11-02 10:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
    2016-11-09 08:29 - 2016-11-02 10:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2016-11-09 08:29 - 2016-11-02 10:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
    2016-11-09 08:29 - 2016-11-02 10:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2016-11-09 08:29 - 2016-11-02 10:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2016-11-09 08:29 - 2016-11-02 10:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
    2016-11-09 08:29 - 2016-11-02 10:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2016-11-09 08:29 - 2016-11-02 10:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2016-11-09 08:29 - 2016-11-02 10:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
    2016-11-09 08:29 - 2016-11-02 10:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
    2016-11-09 08:29 - 2016-11-02 10:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
    2016-11-09 08:29 - 2016-11-02 10:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-11-09 08:29 - 2016-11-02 10:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-11-09 08:29 - 2016-11-02 10:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-11-09 08:29 - 2016-11-02 10:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
    2016-11-09 08:29 - 2016-11-02 10:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2016-11-09 08:29 - 2016-11-02 10:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2016-11-09 08:29 - 2016-11-02 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
    2016-11-09 08:29 - 2016-11-02 10:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2016-11-09 08:29 - 2016-11-02 10:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
    2016-11-09 08:29 - 2016-11-02 10:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2016-11-09 08:29 - 2016-11-02 10:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-11-09 08:29 - 2016-11-02 10:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
    2016-11-09 08:29 - 2016-11-02 10:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2016-11-09 08:29 - 2016-11-02 10:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
    2016-11-09 08:29 - 2016-11-02 10:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-11-09 08:29 - 2016-11-02 10:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
    2016-11-09 08:29 - 2016-11-02 10:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
    2016-11-09 08:29 - 2016-11-02 10:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
    2016-11-09 08:29 - 2016-11-02 10:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
    2016-11-09 08:29 - 2016-11-02 10:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2016-11-09 08:29 - 2016-11-02 10:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2016-11-09 08:29 - 2016-11-02 10:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-11-09 08:29 - 2016-11-02 10:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
    2016-11-09 08:29 - 2016-11-02 10:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2016-11-09 08:29 - 2016-11-02 10:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
    2016-11-09 08:29 - 2016-11-02 10:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
    2016-11-09 08:29 - 2016-11-02 10:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
    2016-11-09 08:29 - 2016-11-02 10:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2016-11-09 08:29 - 2016-11-02 10:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
    2016-11-09 08:29 - 2016-11-02 10:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-11-09 08:29 - 2016-11-02 10:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
    2016-11-09 08:29 - 2016-11-02 10:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2016-11-09 08:29 - 2016-11-02 10:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
    2016-11-09 08:29 - 2016-11-02 10:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2016-11-09 08:29 - 2016-11-02 10:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2016-11-09 08:29 - 2016-11-02 10:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-11-09 08:29 - 2016-11-02 10:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2016-11-09 08:29 - 2016-11-02 10:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2016-11-09 08:29 - 2016-11-02 10:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
    2016-11-09 08:29 - 2016-11-02 10:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
    2016-11-09 08:29 - 2016-11-02 10:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-11-09 08:29 - 2016-11-02 10:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
    2016-11-09 08:29 - 2016-11-02 10:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2016-11-09 08:29 - 2016-11-02 10:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2016-11-09 08:29 - 2016-11-02 10:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
    2016-11-09 08:29 - 2016-11-02 10:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-11-09 08:29 - 2016-11-02 10:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2016-11-09 08:29 - 2016-11-02 10:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2016-11-09 08:29 - 2016-11-02 10:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
    2016-11-09 08:29 - 2016-11-02 10:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
    2016-11-09 08:29 - 2016-11-02 10:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
    2016-11-09 08:29 - 2016-11-02 10:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2016-11-09 08:29 - 2016-11-02 10:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
    2016-11-09 08:29 - 2016-11-02 10:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-11-09 08:29 - 2016-11-02 10:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2016-11-09 08:29 - 2016-11-02 10:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2016-11-09 08:29 - 2016-11-02 10:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-11-09 08:29 - 2016-11-02 10:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-11-09 08:29 - 2016-11-02 10:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2016-11-09 08:29 - 2016-11-02 10:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2016-11-09 08:29 - 2016-11-02 10:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
    2016-11-09 08:29 - 2016-11-02 10:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2016-11-09 08:29 - 2016-11-02 10:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-11-09 08:29 - 2016-11-02 10:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-11-09 08:29 - 2016-11-02 10:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
    2016-11-09 08:29 - 2016-11-02 10:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
    2016-11-09 08:29 - 2016-11-02 10:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
    2016-11-09 08:29 - 2016-11-02 10:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
    2016-11-09 08:29 - 2016-08-02 04:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2016-11-09 08:28 - 2016-11-02 11:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2016-11-09 08:28 - 2016-11-02 11:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-11-09 08:28 - 2016-11-02 11:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2016-11-09 08:28 - 2016-11-02 11:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
    2016-11-09 08:28 - 2016-11-02 11:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2016-11-09 08:28 - 2016-11-02 11:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2016-11-09 08:28 - 2016-11-02 11:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-11-09 08:28 - 2016-11-02 11:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-11-09 08:28 - 2016-11-02 10:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
    2016-11-09 08:28 - 2016-11-02 10:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2016-11-09 08:28 - 2016-11-02 10:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-11-09 08:28 - 2016-11-02 10:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2016-11-09 08:28 - 2016-11-02 10:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
    2016-11-09 08:28 - 2016-11-02 10:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
    2016-11-09 08:28 - 2016-11-02 10:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
    2016-11-09 08:28 - 2016-11-02 10:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
    2016-11-09 08:28 - 2016-11-02 10:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
    2016-11-09 08:28 - 2016-11-02 10:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
    2016-11-09 08:28 - 2016-11-02 10:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
    2016-11-09 08:28 - 2016-11-02 10:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
    2016-11-09 08:28 - 2016-11-02 10:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
    2016-11-09 08:28 - 2016-11-02 10:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
    2016-11-09 08:28 - 2016-11-02 10:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
    2016-11-09 08:28 - 2016-11-02 10:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
    2016-11-09 08:28 - 2016-11-02 10:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
    2016-11-09 08:28 - 2016-11-02 10:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
    2016-11-09 08:28 - 2016-11-02 10:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
    2016-11-09 08:28 - 2016-11-02 10:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
    2016-11-09 08:28 - 2016-11-02 10:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2016-11-09 08:28 - 2016-11-02 10:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2016-11-09 08:28 - 2016-11-02 10:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-11-09 08:28 - 2016-11-02 10:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
    2016-11-09 08:28 - 2016-11-02 10:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2016-11-09 08:28 - 2016-11-02 10:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2016-11-09 08:28 - 2016-11-02 10:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
    2016-11-09 08:28 - 2016-11-02 10:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
    2016-11-09 08:28 - 2016-11-02 10:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2016-11-09 08:28 - 2016-11-02 10:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-11-09 08:28 - 2016-11-02 10:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2016-11-09 08:28 - 2016-11-02 10:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
    2016-11-09 08:28 - 2016-11-02 10:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
    2016-11-09 08:28 - 2016-11-02 10:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-11-09 08:28 - 2016-11-02 10:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
    2016-11-09 08:28 - 2016-11-02 10:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2016-11-09 08:28 - 2016-11-02 10:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-11-09 08:28 - 2016-11-02 10:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2016-11-09 08:28 - 2016-11-02 10:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-11-09 08:28 - 2016-11-02 09:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
    2016-11-09 08:28 - 2016-11-02 09:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
    2016-11-09 00:30 - 2016-11-02 00:30 - 00453380 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161109-003048.backup
    2016-11-06 11:47 - 2016-11-06 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2016-11-02 00:30 - 2016-10-25 23:45 - 00453330 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161102-003054.backup
    2016-10-31 11:18 - 2016-10-31 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-30 22:57 - 2015-09-20 15:43 - 00000000 ___RD C:\Users\Martin\OneDrive
    2016-11-30 22:56 - 2015-05-09 07:10 - 00000000 ___RD C:\Users\Martin\iCloudDrive
    2016-11-30 22:54 - 2016-10-28 01:00 - 00000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMartin.job
    2016-11-30 22:54 - 2016-09-26 21:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-11-30 22:54 - 2016-09-26 20:57 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-11-30 22:54 - 2015-09-19 21:59 - 00144368 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_C6F09094.sys
    2016-11-30 22:54 - 2011-04-01 23:32 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMARTIN-HP$.job
    2016-11-30 22:53 - 2016-07-16 06:04 - 07340032 _____ C:\WINDOWS\system32\config\BBI
    2016-11-30 22:34 - 2016-09-26 20:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2016-11-30 20:58 - 2015-09-19 23:02 - 00000000 ____D C:\Users\Martin\AppData\Local\Packages
    2016-11-30 19:52 - 2016-09-26 21:41 - 00003268 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMARTIN-HP$
    2016-11-30 19:43 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2016-11-30 14:06 - 2012-05-04 06:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-11-30 14:03 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-11-29 23:20 - 2016-10-28 01:00 - 00003252 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMartin
    2016-11-29 14:11 - 2016-09-26 21:02 - 00000000 ____D C:\Users\Martin
    2016-11-29 12:25 - 2016-07-16 06:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
    2016-11-29 12:24 - 2016-01-09 13:48 - 622957295 _____ C:\WINDOWS\MEMORY.DMP
    2016-11-29 08:51 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-11-28 22:16 - 2014-10-14 10:02 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\bttb
    2016-11-28 16:41 - 2016-09-26 20:55 - 05109456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-11-28 16:33 - 2015-10-30 09:07 - 00000000 ____D C:\WINDOWS\ShellNew
    2016-11-28 16:33 - 2011-01-23 00:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2016-11-28 16:29 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2016-11-28 11:06 - 2014-05-23 16:50 - 00000000 ____D C:\Program Files (x86)\4Team Corporation
    2016-11-27 13:02 - 2011-01-23 00:30 - 00000000 ____D C:\ProgramData\PDFC
    2016-11-24 17:46 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-11-24 17:36 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
    2016-11-24 11:26 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\System
    2016-11-24 10:29 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
    2016-11-24 10:26 - 2016-09-26 21:02 - 00000000 ____D C:\Users\DefaultAppPool
    2016-11-24 10:26 - 2016-09-26 21:02 - 00000000 ____D C:\Users\Anna
    2016-11-23 14:23 - 2016-09-26 21:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
    2016-11-22 09:34 - 2015-09-20 15:43 - 00002409 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-11-22 09:27 - 2015-09-19 19:14 - 00000008 __RSH C:\ProgramData\ntuser.pol
    2016-11-22 02:20 - 2011-06-30 16:36 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Temp
    2016-11-22 00:41 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
    2016-11-22 00:41 - 2009-07-14 03:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2016-11-18 02:31 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache
    2016-11-16 10:36 - 2015-09-10 05:44 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-11-15 17:42 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-11-15 17:42 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-11-15 17:42 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
    2016-11-15 17:41 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-11-15 17:41 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
    2016-11-15 17:41 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-11-12 15:39 - 2011-02-14 09:06 - 00000000 ____D C:\Users\Martin\AppData\Local\Microsoft Help
    2016-11-12 09:59 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-11-11 15:34 - 2016-09-26 21:01 - 01172814 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-11-11 15:30 - 2012-05-04 06:14 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-11-10 11:11 - 2011-02-15 09:03 - 00000000 ____D C:\Program Files\Common Files\Apple
    2016-11-10 05:58 - 2011-02-15 22:32 - 00000000 ____D C:\Program Files (x86)\Google
    2016-11-09 19:48 - 2011-04-14 08:30 - 00000000 ____D C:\Program Files\McAfee
    2016-11-09 09:21 - 2011-02-14 08:02 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-11-09 03:12 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2016-11-09 03:12 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2016-11-07 15:53 - 2016-09-26 21:41 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2016-11-06 11:47 - 2015-11-13 20:24 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2016-11-06 11:47 - 2015-11-13 20:24 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2016-11-04 17:17 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-11-04 17:16 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-11-04 17:10 - 2016-07-16 11:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2016-11-04 14:01 - 2015-11-05 18:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-11-01 11:04 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp

    ==================== Files in the root of some directories =======

    2011-03-05 12:26 - 2010-04-07 13:08 - 0076351 _____ () C:\Program Files\Photoshop CS5 Read Me.pdf
    2012-06-28 22:12 - 2012-07-02 12:22 - 0000132 _____ () C:\Users\Martin\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2011-03-06 18:27 - 2011-03-06 18:27 - 0000000 _____ () C:\Users\Martin\AppData\Roaming\chrtmp
    2012-07-26 09:58 - 2014-09-04 17:28 - 0038464 _____ () C:\Users\Martin\AppData\Roaming\Comma Separated Values (Windows).ADR
    2011-07-29 17:09 - 2011-09-16 20:45 - 0001854 _____ () C:\Users\Martin\AppData\Roaming\GhostObjGAFix.xml
    2011-03-06 18:26 - 2011-03-06 18:26 - 1574214 _____ () C:\Users\Martin\AppData\Roaming\winrar-x64-40b6.exe
    2011-02-15 23:00 - 2011-05-20 16:53 - 0004608 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2016-05-15 11:54 - 2016-05-15 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{39896441-36D6-4A19-85ED-70E46C484B9E}
    2016-05-10 11:54 - 2016-05-10 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{3DC4A054-97E5-49D2-8BD3-B2EFCA7C0289}
    2016-05-08 11:54 - 2016-05-08 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{52ECCB76-F0DE-4A69-BF92-7F326FD8EFFC}
    2016-08-18 19:56 - 2016-08-18 19:56 - 0000000 _____ () C:\Users\Martin\AppData\Local\{6635B36E-BCB8-45A7-9667-46FE8900ABED}
    2016-05-12 11:54 - 2016-05-12 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{6865FABC-F7DA-4FA5-9B22-61E0BC21E0F7}
    2016-08-17 19:56 - 2016-08-17 19:56 - 0000000 _____ () C:\Users\Martin\AppData\Local\{78DEEE97-95B0-486F-AB7C-60B4BEBCA112}
    2016-05-14 11:54 - 2016-05-14 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{8B1AE2C7-3520-47DD-9780-AF265D0476C4}
    2016-05-16 11:54 - 2016-05-16 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{A118CC6C-6CE1-4CB2-A802-3B5BB8236CC9}
    2016-04-04 11:54 - 2016-04-04 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{A820FF9E-AAE3-4D30-8E8F-6786781C086D}
    2016-04-01 11:54 - 2016-04-01 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{B838EDBB-A5DF-4258-9262-6538EABE2B28}
    2016-04-03 11:54 - 2016-04-03 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{B9DACA50-F153-41BC-A339-56E0B1321660}
    2016-05-13 11:54 - 2016-05-13 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{C819706A-1EA4-4AB0-966F-C23FBD4F2234}
    2016-05-11 11:54 - 2016-05-11 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{D3680DE6-A4F8-4DD3-9FCB-CCEAF49D6B41}
    2016-07-17 14:51 - 2016-07-17 14:51 - 0000000 _____ () C:\Users\Martin\AppData\Local\{EB723B99-43B4-4B02-8DF0-AA9C7048738E}
    2016-05-09 11:54 - 2016-05-09 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{F176CB85-633A-44EC-9F1C-2D4E0A736C84}

    Some files in TEMP:
    ====================
    C:\Users\Martin\AppData\Local\Temp\libeay32.dll
    C:\Users\Martin\AppData\Local\Temp\msvcr120.dll
    C:\Users\Martin\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-11-21 22:02

    ==================== End of FRST.txt ============================

  10. #30
    Junior Member
    Join Date
    Nov 2016
    Posts
    27

    Default

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2016
    Ran by Martin (30-11-2016 23:19:27)
    Running from M:\Users\Martin\Downloads
    Windows 10 Pro Version 1607 (X64) (2016-09-26 21:46:52)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-533333334-2176733419-3778265130-500 - Administrator - Disabled)
    Anna (S-1-5-21-533333334-2176733419-3778265130-1003 - Limited - Enabled) => C:\Users\Anna
    DefaultAccount (S-1-5-21-533333334-2176733419-3778265130-503 - Limited - Disabled)
    Guest (S-1-5-21-533333334-2176733419-3778265130-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-533333334-2176733419-3778265130-1002 - Limited - Enabled)
    Martin (S-1-5-21-533333334-2176733419-3778265130-1001 - Administrator - Enabled) => C:\Users\Martin

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Spybot - Search and Destroy (Disabled - Up to date) {1A0DDE8C-B4BA-EFDD-22A8-0F557C7985F0}
    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
    Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
    Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
    Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
    Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
    Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
    Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
    Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
    Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
    Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
    Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Akamai NetSession Interface (HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Akamai) (Version: - )
    Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Belarc Advisor 8.5a (HKLM-x32\...\Belarc Advisor) (Version: 8.5.1.0 - Belarc Inc.)
    BenVista PhotoZoom Pro 4.1 (HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\PhotoZoom Pro 4) (Version: 4.1 - BenVista Ltd.)
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version: - )
    Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
    DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
    DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
    EaseUS Todo Backup Workstation 8.9 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.9 - CHENGDU YIWO Tech Development Co., Ltd)
    EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version: - SEIKO EPSON Corporation)
    Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
    Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
    Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
    EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
    honestech VHS to DVD 7.0 Deluxe (HKLM-x32\...\{AC242562-1F9E-42C9-B461-E8B839093FEB}) (Version: 7.0 - honestech)
    honestech VHS to DVD 7.0 Deluxe (x32 Version: 7.0 - honestech) Hidden
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
    HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
    HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
    HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard)
    HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
    HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.37 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
    HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
    iCloud (HKLM\...\{29AAC3D3-23FC-496D-8266-0E3833686758}) (Version: 6.0.2.10 - Apple Inc.)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6302.0 - IDT)
    Image Scan Tool (HKLM-x32\...\{C1FEE8D6-6775-4B67-BC02-281898C40988}) (Version: 1.00.0062 - 35mm Film Scanner)
    iMazing 1.3.9.0 (HKLM\...\iMazing_is1) (Version: 1.3.9.0 - DigiDNA)
    Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
    iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
    Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
    LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
    Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.2 - Macromedia)
    Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
    Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 8.2 - EasyBits Software AS)
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.1076 - McAfee, Inc.)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.427.2 - McAfee, Inc.)
    McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 6.0.0.0 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.279 - McAfee, Inc.)
    Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation)
    Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MioMore Desktop 7.50 (HKLM-x32\...\{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50) (Version: 7.50.0108.122 - Mio Technology)
    MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
    Mosaic Creator 3.1 (HKLM-x32\...\Mosaic Creator_is1) (Version: - )
    Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
    Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    Mozilla Firefox 50.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.1 (x86 en-US)) (Version: 50.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.1.6171 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MusicStation (HKLM-x32\...\MusicStationNetstaller) (Version: 1.0.1.5 - Hewlett-Packard)
    MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
    MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
    Network Guide EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Netg) (Version: - )
    NVIDIA 3D Vision Driver 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.82 - NVIDIA Corporation)
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5936 - NVIDIA Corporation)
    NVIDIA Graphics Driver 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.82 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
    NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
    NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7426.1015 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
    PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
    PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
    PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
    Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
    Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
    PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
    Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
    PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
    QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
    Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.53.0 - Mediatek)
    Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
    Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
    Serif CraftArtist (HKLM-x32\...\{C1B148C9-FACF-45F1-8356-4E1C5E3DAA5B}) (Version: 1.0.5.043 - Serif (Europe) Ltd)
    Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.1.008 - Serif (Europe) Ltd)
    Serif PagePlus X6 (HKLM-x32\...\{E2B22002-9C8B-43CC-A75B-464B6ED4FF6B}) (Version: 16.0.3.29 - Serif (Europe) Ltd)
    Serif PanoramaPlus X4 (HKLM-x32\...\{35EDE682-4AE5-47D6-B44F-103F859951DC}) (Version: 4.0.3.010 - Serif (Europe) Ltd)
    Serif Photo Projects (HKLM-x32\...\{D87677F6-5F58-4BB9-8D50-78A1BF9C2F33}) (Version: 1.0.2.024 - Serif (Europe) Ltd)
    Serif PhotoPlus Starter Edition (HKLM-x32\...\{A0765939-76F5-48D8-82B1-8D0BBFAD0702}) (Version: 2.0.0.002 - Serif (Europe) Ltd)
    Serif PhotoPlus X6 (HKLM\...\{CCD2C5E4-F484-4499-BCB3-61E787416757}) (Version: 16.0.1.029 - Serif (Europe) Ltd)
    Serif WebPlus X5 (HKLM-x32\...\{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}) (Version: 13.0.3.029 - Serif (Europe) Ltd)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
    Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
    Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Snagit 10.0.1 (HKLM-x32\...\{22FC7536-BE5C-4E88-8069-C24689D34EC5}) (Version: 10.0.1 - TechSmith Corporation)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
    Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.2 - Tweaking.com)
    User's Guide EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Useg) (Version: - )
    VIDBOX Driver (HKLM-x32\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 4.0.0 - honestech)
    Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    WD Quick View (HKLM-x32\...\{5AEBFB66-61FE-4833-ACE3-E966980E40D5}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{739778ED-D095-4725-BF78-ADFF96004C52}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
    WD SmartWare Installer (HKLM-x32\...\{e72369b3-306a-4d10-a766-3433a65e8dc2}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
    Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.25 - Zemana Ltd.)
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {05AE89DC-A543-4920-B0F4-E20E4FFCA8F1} - System32\Tasks\{FFEE2FD5-E28F-4F70-B151-B63B57D9454A} => C:\Program Files (x86)\35mm Film Scanner\FilmScan.exe [2009-07-03] ()
    Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {0CD58D6C-2089-4F31-B5CC-B899D7FF3FC9} - System32\Tasks\{6228F42C-E425-4399-B21B-E586A00CA1DF} => pcalua.exe -a C:\Users\Martin\Downloads\115-INST-WIN7-A(1).EXE -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: {0E5D93F3-1611-48C8-85E8-05CB0E7D881D} - System32\Tasks\Symantec\Norton Error Processor 18.5.0.125 => C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\SymErr.exe
    Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {12284962-F2BE-4AC1-85AD-AEC697294BC3} - System32\Tasks\Microsoft_Hardware_Launch_vVX3000_exe => C:\WINDOWS\vVX3000.exe [2010-05-20] (Microsoft Corporation)
    Task: {14446A5D-88D3-4FDB-93EE-EE32E4F58142} - System32\Tasks\HPCeeScheduleForMartin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {1598057A-7424-46EA-A48E-8D78E4531E85} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-28] ()
    Task: {187099FF-FE18-4331-9C41-B02AADDFF755} - System32\Tasks\{DE2F76FB-B155-4B2E-9846-71432718037E} => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe [2006-04-21] (Macromedia, Inc.)
    Task: {215E25A8-2541-437F-9A2C-465441E8307A} - System32\Tasks\Western Digital\SmartWare\____Volume_4b465ed5_26a1_11e0_bb51_806e6f6e6963__dropbox_23dfcfe8_f183_4963_a22e_b9dc3ae8a55e_dropbox_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-10-28] (Western Digital Technologies, Inc.)
    Task: {26E14C57-552E-49CF-8956-A5A72019799B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {27C411B7-E322-486B-938E-48EF225CFC07} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {3C3AF73B-1EA9-4250-8FAD-C9DF989355E3} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-05-06] (McAfee, Inc.)
    Task: {3CE545F3-0B06-4985-B51E-D63CD1773699} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09] (Adobe Systems Incorporated)
    Task: {3CFC37AD-32B2-4DC6-A426-A306BA854455} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {3E0E9501-F7DC-47E5-B011-4F1450ACA57E} - System32\Tasks\{29D7B097-F55A-4436-A447-8977E1986E20} => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe [2006-04-21] (Macromedia, Inc.)
    Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {42DEC54C-DB9E-4D53-8039-70F74ED236C6} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
    Task: {4D89D042-9FB4-4E7D-BA19-9E9C33F1F719} - System32\Tasks\Daily => C:\Program Files (x86)\Spybot - Search & Destroy 2\Scripts\Example 02 - example scans.sds [2012-10-29] ()
    Task: {510AB855-474D-4E43-BCE3-662568D0E596} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
    Task: {56A2763D-6CBC-4348-A246-DECE18E3A875} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
    Task: {598BB8AC-231C-4814-AEAA-291E2B7CB0C6} - System32\Tasks\HPCeeScheduleForMARTIN-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {5A6E19C2-F449-4A3B-B261-0636349A9B58} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {6CB2D1EB-FD9D-4D98-AC55-8745B7153DA9} - System32\Tasks\{CA6260C8-24BA-4054-8620-31BB8A064E86} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-08-17] (Skype Technologies S.A.)
    Task: {74E5A384-9195-4384-A950-4D23C0BBF63D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-09] (Microsoft Corporation)
    Task: {75E207A5-0575-446A-974A-D178024369F1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {7A18682A-8757-4849-8C82-2ADE120EE512} - System32\Tasks\AdobeAAMUpdater-1.0-Martin-HP-Martin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
    Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {85581298-1194-4866-AD63-789771491A6A} - System32\Tasks\{E1957BC0-C026-4210-8358-6E37C3F9A090} => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe [2006-04-21] (Macromedia, Inc.)
    Task: {86D55289-1B69-4477-95BD-1F63121FD581} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
    Task: {8F86C186-9A71-4017-860D-1C7779BDFC26} - System32\Tasks\WSSHelper => C:\Program Files (x86)\Common Files\Winferno\WSS\WSSHelper.exe
    Task: {90E542B9-106F-41A5-A1F1-03AE1DD0E68A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-10-05] (Apple Inc.)
    Task: {97673B7C-FA99-4729-B685-0C72C685757B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
    Task: {9B6C72FF-CEAA-4D76-9477-ED04C092112C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
    Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {A489B528-91C6-4184-A0AF-723508AC6495} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {A87B0C08-0B05-4951-BDF8-FA27099AB5F6} - System32\Tasks\Symantec\Norton Error Analyzer 18.5.0.125 => C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\SymErr.exe
    Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {AD8197BA-0FD9-4941-9005-970CBCFD0381} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {AFD362E1-DB14-4E9E-AD21-32A2AC1AFD69} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {B2C67E43-C09B-42DF-BD65-F85EC7340EB3} - System32\Tasks\Western Digital\SmartWare\____Volume_4b465ed5_26a1_11e0_bb51_806e6f6e6963__uuid_73656761_7465_7375_636b_0090a9dcf81c_SmartWare_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-10-28] (Western Digital Technologies, Inc.)
    Task: {B50CF033-A1EB-4EF0-84C9-D9546460808B} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
    Task: {B92A5C1F-2083-497F-B44F-60F380623673} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {B979D5A2-E055-4C5B-A41E-E736D1C5F488} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {B9C2FF09-69BB-45F2-9D0D-F8A85DD93129} - System32\Tasks\{3B3EBCEE-B984-44EF-BC57-F99482C4B642} => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe [2006-04-21] (Macromedia, Inc.)
    Task: {BC878DA5-DAED-4628-B8C5-FA73919A9A26} - System32\Tasks\{648E1FA9-CA1A-4568-A552-1C6597A5E983} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsBing
    Task: {BFF67B77-B173-458D-8412-DF9139FA6F17} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
    Task: {C0BFAEC9-4454-4F25-8F89-1D2486119E0E} - System32\Tasks\{82A64CB8-4071-4AC6-AD31-7CF39D8754AB} => pcalua.exe -a C:\Users\Martin\Downloads\delinf_10100(1).EXE -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: {C0C86764-46EE-4D2D-AC66-2975E4FA513A} - System32\Tasks\{F8FD3EBE-EDC5-4CF4-86E8-AB94313C94E1} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2016-08-17] (Skype Technologies S.A.)
    Task: {C35D62DE-3859-448A-AC42-52AB702CF849} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {C36E8E24-AFC1-47B5-904A-A9A7DDD310DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
    Task: {C3D6E275-57AC-417E-BE9B-FE759B44F4FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
    Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {C7E0966E-25A1-4F1B-B374-3627873FA6D9} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
    Task: {CEFA543F-CCF0-419B-9667-215AB4EC0C15} - System32\Tasks\{F13810A2-3332-40E8-AAE1-D273D7818EC0} => pcalua.exe -a C:\Users\Martin\Downloads\delinf_10100(2).EXE -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: {D0736407-184C-4629-BAF7-A43330150658} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
    Task: {D2ADBA07-F78C-44DF-9833-3EFCC5481143} - System32\Tasks\{AC45DD11-EBEB-4DB8-B42F-B9E9F883FFF0} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsBing
    Task: {D686E3AB-0E50-459E-A154-4E030A0A2BAE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
    Task: {E367ECC4-E50B-4359-A3B0-F6C92C862936} - System32\Tasks\{E06625AA-4F8B-4518-992E-7B9D49146439} => C:\Program Files (x86)\35mm Film Scanner\FilmScan.exe [2009-07-03] ()
    Task: {E6E7C19D-30C3-44EF-BF9D-322E845BB89A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {EBC5A77F-46CF-424A-8730-DA8AA01F0B68} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {F0FB8856-9D73-4FCC-BC55-68B1C3A146E7} - System32\Tasks\{06C25C85-4F6A-46CD-A7AA-D967E15ACD89} => C:\Program Files (x86)\35mm Film Scanner\FilmScan.exe [2009-07-03] ()
    Task: {F3E951DB-A7B4-499C-932D-ABD264F18193} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {F5582C46-1590-4BC3-A83B-21AC7170B8BB} - System32\Tasks\{84BA5F9C-5595-48F4-A30E-01710CDE1C0A} => C:\Program Files (x86)\35mm Film Scanner\FilmScan.exe [2009-07-03] ()
    Task: {F591307A-D18B-4D33-A2C0-6A595CDC5EED} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {F5AD6A46-8ED6-459D-BF33-31B63513D647} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe [2015-06-16] (Safer-Networking Ltd.)
    Task: {F809B3DB-23B7-4759-B88C-17638039582F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {F8ED6EC5-D0C4-43F0-8E1B-60999EB74E24} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-11-24] (Microsoft Corporation)
    Task: {F9E30966-5310-4840-B58B-451BB1300581} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForMARTIN-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForMartin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job => C:\WINDOWS\vVX3000.exe
    Task: C:\WINDOWS\Tasks\WSSHelper.job => C:\Program Files (x86)\Common Files\Winferno\WSS\WSSHelper.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-09-30 14:08 - 2016-09-15 17:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-09-26 20:57 - 2016-08-01 12:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2006-09-14 06:56 - 2006-09-14 06:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    2009-12-18 22:18 - 2009-12-18 22:18 - 00420864 _____ () C:\WINDOWS\system32\hauppauge\hcwD3dvb\DVBT\cutil64.dll
    2015-11-28 11:58 - 2015-11-03 12:18 - 00249384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    2016-09-30 14:08 - 2016-09-15 17:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-11-22 09:33 - 2016-11-22 09:33 - 01864384 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
    2016-11-24 17:19 - 2016-11-24 17:19 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2011-01-23 00:30 - 2009-02-28 03:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
    2016-09-27 05:48 - 2016-09-27 05:48 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2016-11-09 08:30 - 2016-11-02 10:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2016-11-09 08:29 - 2016-11-02 10:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-11-09 08:29 - 2016-11-02 10:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-11-09 08:29 - 2016-11-02 10:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2016-11-09 08:29 - 2016-11-02 10:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-11-09 08:29 - 2016-11-02 10:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-11-09 08:29 - 2016-11-02 10:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2010-09-15 18:31 - 2010-09-15 18:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    2016-11-17 12:00 - 2016-11-17 12:00 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2016-11-17 12:00 - 2016-11-17 12:00 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2016-11-17 12:00 - 2016-11-17 12:00 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2016-09-30 14:09 - 2016-09-15 17:29 - 03388256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
    2016-11-04 04:16 - 2016-11-04 04:16 - 02549248 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.2850.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
    2016-11-04 04:16 - 2016-11-04 04:16 - 00139264 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.2850.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
    2015-11-28 11:58 - 2015-09-21 17:00 - 00080936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
    2015-11-28 11:58 - 2015-11-03 02:45 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
    2015-11-28 11:58 - 2015-11-03 02:45 - 00186408 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
    2015-11-28 11:58 - 2015-11-03 02:45 - 00165416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
    2015-11-28 11:58 - 2015-11-03 02:45 - 00058408 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
    2015-11-28 11:58 - 2015-11-03 02:45 - 00015912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
    2015-11-28 11:58 - 2015-06-22 16:58 - 00108072 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
    2015-11-28 11:58 - 2015-09-23 16:58 - 00030760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
    2015-11-28 11:58 - 2015-09-23 16:58 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
    2015-11-28 11:58 - 2014-12-14 16:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
    2015-11-28 11:58 - 2015-03-14 03:54 - 00281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
    2015-11-28 11:58 - 2015-09-23 16:58 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
    2015-11-28 11:58 - 2015-09-23 16:58 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
    2015-11-28 11:58 - 2015-06-22 16:58 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
    2015-11-28 11:58 - 2015-11-02 22:03 - 00769064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
    2015-11-28 11:58 - 2015-06-22 16:58 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
    2015-11-28 11:58 - 2015-11-03 12:18 - 00111656 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
    2015-11-28 11:58 - 2015-11-02 22:03 - 00169512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
    2015-11-28 11:58 - 2015-11-10 10:07 - 00501800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
    2015-11-28 11:58 - 2015-06-22 16:58 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
    2015-11-28 11:58 - 2015-08-01 07:10 - 00025128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
    2015-11-28 11:58 - 2015-09-23 16:58 - 00201768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
    2015-11-28 11:58 - 2015-06-22 16:58 - 00136232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
    2015-11-28 11:58 - 2015-09-23 16:58 - 00138792 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
    2015-11-28 11:58 - 2015-09-23 16:58 - 00146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00050216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00061992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00089640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00056360 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
    2015-09-19 23:09 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-09-19 23:09 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-09-19 23:09 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-09-19 23:09 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2013-11-07 17:58 - 2013-11-07 17:58 - 00244736 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
    2013-11-07 17:58 - 2013-11-07 17:58 - 00271360 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
    2013-11-07 17:57 - 2013-11-07 17:57 - 00237056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
    2013-04-24 07:55 - 2013-04-24 07:55 - 01581056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node
    2013-04-18 16:55 - 2013-04-18 16:55 - 00068608 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
    2015-11-28 11:58 - 2014-12-15 00:53 - 00223784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
    2016-10-05 18:18 - 2016-10-05 18:18 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-10-05 18:18 - 2016-10-05 18:18 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2014-01-06 09:52 - 2014-01-06 09:52 - 03244032 _____ () C:\Users\Martin\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
    2016-11-22 09:33 - 2016-11-22 09:33 - 01383616 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
    2016-11-22 09:33 - 2016-11-22 09:33 - 00118976 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
    2011-01-23 00:30 - 2009-02-20 01:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7916 more sites.

    IE trusted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\internet -> internet
    IE trusted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\mcafee.com -> hxxp://mcafee.com
    IE trusted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\mcafee.com -> hxxps://mcafee.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\123simsen.com -> www.123simsen.com

    There are 7916 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 02:34 - 2016-11-28 23:56 - 00453188 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com
    127.0.0.1 123simsen.com
    127.0.0.1 www.123simsen.com
    127.0.0.1 123topsearch.com

    There are 15547 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => LPort=139
    FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
    FirewallRules: [{DB5AE92C-38A8-4EB7-9935-03D6FAD3419C}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [{11D778F4-8ED3-4B27-8B01-A21F32D5B210}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{A43C0283-B403-46E4-A34E-AF96FBD9CBD3}] => C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
    FirewallRules: [{DA87C82E-88C8-415F-B861-FC29BF14AE38}] => C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
    FirewallRules: [{0FF00DA6-EE83-4FAB-9C01-86A4C0BF2080}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{048F36B7-5D07-4F60-862E-B0FB756506A9}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{CD8623F3-1726-4B88-B83D-753973C6363B}] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    FirewallRules: [{4831F8C3-446D-4E1E-89C2-F89538A9EE6D}] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    FirewallRules: [{620C6590-7329-401A-B5D9-7DE79D7E6FB5}] => LPort=5353
    FirewallRules: [{B29CAEBF-88FE-45E4-9565-FF037DC3DE0D}] => C:\Program Files (x86)\EPSON Software\EPSON Printer Finder\WCStart.exe
    FirewallRules: [{0B7D64DA-44E6-41F2-8591-8FAB2D40737F}] => C:\Program Files (x86)\EPSON Software\EPSON Printer Finder\WCStart.exe
    FirewallRules: [{EC95B9EB-3DFB-4BD5-B634-7A40C61F4A9D}] => C:\Program Files (x86)\EPSON Software\EPSON Printer Finder\WCStart.exe
    FirewallRules: [{DFF31ABD-EBAB-4189-8042-0F417050EE8C}] => C:\Program Files (x86)\EPSON Software\EPSON Printer Finder\WCStart.exe
    FirewallRules: [{CD69593C-682F-4515-A495-EA06718B65CB}] => C:\Windows\twain_32\escndv\escfg.exe
    FirewallRules: [{42C5C1DB-37D2-4D3F-A45D-3B9195A5F2B8}] => C:\Windows\twain_32\escndv\escfg.exe
    FirewallRules: [{75B64F1E-1EC2-4C6C-B092-F85317FD60E9}] => C:\Windows\twain_32\escndv\escfg.exe
    FirewallRules: [{AB697919-5C5E-48B0-985E-1DEDD2E62CEA}] => C:\Windows\twain_32\escndv\escfg.exe
    FirewallRules: [{E67A7695-D2F3-478C-83C4-77B1839484EE}] => C:\Windows\twain_32\escndv\escndv.exe
    FirewallRules: [{4A1961CE-4186-4358-A5E2-2AB5B194FE20}] => C:\Windows\twain_32\escndv\escndv.exe
    FirewallRules: [{9A18A027-9EA7-4763-9C1B-209A1C17E070}] => C:\Windows\twain_32\escndv\escndv.exe
    FirewallRules: [{D6BC7C85-E576-46A8-8D05-19402F17D113}] => C:\Windows\twain_32\escndv\escndv.exe
    FirewallRules: [{BF0C4C55-51C7-4F04-8BCB-A5296C0ED660}] => C:\Program Files (x86)\EPSON Software\Event Manager\EProjManager.exe
    FirewallRules: [{E01DACD0-073D-4197-865B-FB58DF5EE8AF}] => C:\Program Files (x86)\EPSON Software\Event Manager\EProjManager.exe
    FirewallRules: [{AF7B53E6-BDA4-42A4-8935-AD589C4283FF}] => C:\Program Files (x86)\EPSON Software\Event Manager\EProjManager.exe
    FirewallRules: [{E09BE28B-7A99-492C-928B-FEC11831187E}] => C:\Program Files (x86)\EPSON Software\Event Manager\EProjManager.exe
    FirewallRules: [{EC614D59-A150-4BF7-A53C-5248D95C418C}] => C:\Program Files (x86)\bttb\dtuser.exe
    FirewallRules: [{A609A1CC-5686-4311-AF6D-C6BA939D1CFE}] => C:\Program Files (x86)\bttb\dtuser.exe
    FirewallRules: [{190ADD7C-5ED9-445C-BEF0-D9DFDCCD48E1}] => C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
    FirewallRules: [{1D34AEED-E6F1-403E-8E7C-ABCC86D53F67}] => C:\Windows\system32\ezSharedSvcHost.exe
    FirewallRules: [{48146D4E-809A-4C7C-8DF8-290C446083F2}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{B7F2A652-9204-4C9D-AD59-98DAD5D1486E}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{7714E108-2262-4E49-AB54-A1D275F73668}] => C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    FirewallRules: [{B0F9658C-33EE-4AD8-86FE-6EB05A1365C4}] => C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    FirewallRules: [{77B44DB2-6E4E-4E79-95E4-FC4ED7612997}] => LPort=5000
    FirewallRules: [{B38861C2-AE5E-4963-A263-261F4D5128A6}] => LPort=51011
    FirewallRules: [{2B79340D-944C-4297-A67B-698729E9C68E}] => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe
    FirewallRules: [{2B446D4C-092A-40B5-97E6-47C1DE1DF484}] => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe
    FirewallRules: [{FA771CD6-FFD6-4C39-9434-EE32E80153E8}] => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe
    FirewallRules: [{218CCFFA-0B57-4B35-8F42-1BBE5C5FC9AA}] => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe
    FirewallRules: [{BDDA1436-0C1C-4E9C-BE36-F2897BF902CF}] => C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
    FirewallRules: [{97FCEE95-199D-40F2-A23C-1390776EC144}] => C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
    FirewallRules: [{794F8D5C-AF6B-4D93-915F-1E0AE42EB895}] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
    FirewallRules: [{7B7E1D29-03A4-40A7-BF3A-37915DB37AAC}] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
    FirewallRules: [{073E3BEB-1732-4E25-AB88-D13B303048FC}] => C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
    FirewallRules: [{BE70B139-E431-4C43-9995-18E1E230899E}] => C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
    FirewallRules: [{E2E473E0-6433-40D1-A468-C8760EBF7C66}] => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
    FirewallRules: [{696EF457-AC6F-49CD-807B-AD5025E539A6}] => C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
    FirewallRules: [{9A8BB6A1-4191-4A7F-B2E4-F97685157372}] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
    FirewallRules: [{C66AD37F-B1F5-4A62-892B-5D24529AA339}] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
    FirewallRules: [{52F0E548-3C5C-4BF8-9108-199D917ED786}] => C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    FirewallRules: [{E0EA391F-1AA6-4F6C-9ADB-15628A404219}] => C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    FirewallRules: [{7E631EF6-669F-4651-809A-62F1DC2E5343}] => C:\Program Files (x86)\AVG\AVG10\avgam.exe
    FirewallRules: [{D3D3D90A-C2BF-4B4F-BF8C-FCF89E9F03F5}] => C:\Program Files (x86)\AVG\AVG10\avgam.exe
    FirewallRules: [{1F92CCAA-E074-44DC-AAA4-76A2CDEEB52C}] => C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
    FirewallRules: [{BC96263A-A25D-49F5-97E2-AC5A23E6B024}] => C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
    FirewallRules: [{DA8B1CDB-4E8F-4392-95D7-374593CD6C8A}] => C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    FirewallRules: [{85EA3B22-2355-498B-936D-1144BD221F8E}] => C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    FirewallRules: [{D848EA26-E465-432C-9E1B-72353E89E690}] => C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
    FirewallRules: [{3247F576-1C26-4ABB-9B95-40150CA992ED}] => C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
    FirewallRules: [{84B3FFD7-1937-4E1F-BF8C-E35DE488A425}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{01F33532-5261-4E64-93F4-674397971FE4}] => LPort=1900
    FirewallRules: [{5DB8BB49-9CF1-40D2-992A-88AE19E8F700}] => LPort=2869
    FirewallRules: [{95130874-0710-4CB4-B393-FBBD87272DF4}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{6658DAE7-691A-4490-A73A-EF07EE0CC322}] => C:\Program Files (x86)\EasyBits For Kids\Programs\My First Browser\MyFirstBrowser.exe
    FirewallRules: [{96467AA4-EFBC-45DB-AE59-8EBA7A2E6F3C}] => C:\Program Files (x86)\EasyBits For Kids\Programs\My First Browser\MyFirstBrowser.exe
    FirewallRules: [{FEE86126-7465-41A6-8751-B4BA18FB4246}] => C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
    FirewallRules: [{0B97665B-15BA-4836-8AA1-69D21A013BD1}] => C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
    FirewallRules: [{F23B5980-2488-445E-989E-43899FF50C3C}] => C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
    FirewallRules: [{0408339F-96FF-4A80-A7B3-353EC0AEC8A9}] => C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
    FirewallRules: [{DFCE5392-1D18-4126-B86A-96A36DB16BB1}] => c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
    FirewallRules: [{EB927130-8C37-4279-A69D-57681ABE5AEE}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{E43067BA-E8BA-453F-AC50-07F443C75F71}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{50580A1A-6226-4814-961C-9F9C59A07089}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{EF3E0986-85C2-4C33-B69D-A51E7939E6EE}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{6C5BEB1C-3467-4BA4-94D9-47249DFF4133}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C2BB06C0-28BF-4720-A16E-D734FD76E139}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{7855EA53-8C88-4839-9A52-804B8563DDBA}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
    FirewallRules: [{E2F9CD88-4273-40D3-B596-B2C83D895028}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
    FirewallRules: [{15D6ACE8-4517-4336-877B-4EEDE1C56FE1}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
    FirewallRules: [{0D0F7415-22D6-4D8E-AAE6-C7D887894C85}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
    FirewallRules: [{28B7CAFB-63C8-496E-8FD2-0B1ECDFC7D2A}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{34E5431C-6AE1-4868-9801-8E4EC241F714}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{0B0ABBA2-8F37-4FFA-8751-67E643F5F920}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{40DD41F1-4D07-416B-A911-543305587EB4}] => C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [TCP Query User{E575C42D-6E88-40AF-B287-101B3889CB0F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{1105CD95-EFF7-4733-9CB5-F330B60507FA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [{ED575A35-D137-4DFD-9F1E-9C83F39A7A06}] => C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
    FirewallRules: [{B8DA82DB-48F5-42E3-95A3-122AE10C0FF2}] => C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
    FirewallRules: [{578213BA-71D9-4D62-A895-B0BC36BABD2E}] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    FirewallRules: [{82911D5E-EB0B-4669-A80D-0922986BBF1E}] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    FirewallRules: [{F90D489A-F8BF-4305-90A1-80FCAA01C21B}] => C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
    FirewallRules: [{9090C362-FACB-4CAF-ABB5-72A2DF6BABB8}] => C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
    FirewallRules: [{27221EFC-6087-4FC7-8712-DEBFA9B148A6}] => C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{3B8550A9-6F9A-4918-80DD-DC63FD1047D4}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/30/2016 10:56:27 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: AppleSyncNotifier.exe, version: 1.6.77.0, time stamp: 0x4e8235f7
    Faulting module name: MSVCR80.dll, version: 8.0.50727.9268, time stamp: 0x573d297f
    Exception code: 0xc000000d
    Fault offset: 0x00008aa0
    Faulting process id: 0x22b0
    Faulting application start time: 0x01d24b5cf876a0b1
    Faulting application path: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    Faulting module path: C:\WINDOWS\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\MSVCR80.dll
    Report Id: 8912fff7-c47d-4194-bb03-46da5dbf1a85
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/30/2016 10:55:10 PM) (Source: Perflib) (EventID: 1023) (User: )
    Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

    Error: (11/30/2016 10:54:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: HPAuto.exe, version: 1.0.12494.3472, time stamp: 0x4c5b77b7
    Faulting module name: HPAuto.exe, version: 1.0.12494.3472, time stamp: 0x4c5b77b7
    Exception code: 0xc0000005
    Fault offset: 0x0000000000007bd2
    Faulting process id: 0xbac
    Faulting application start time: 0x01d24b5ca56e71ad
    Faulting application path: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    Faulting module path: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    Report Id: 64cfef0f-f05e-4896-9885-b8ffe0cc3c36
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (11/30/2016 10:32:02 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\Tools.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\Tools.dll" on line 2.
    The manifest file root element must be assembly.

    Error: (11/30/2016 10:32:00 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll" on line 2.
    The manifest file root element must be assembly.

    Error: (11/30/2016 10:32:00 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll" on line 2.
    The manifest file root element must be assembly.

    Error: (11/30/2016 10:31:59 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll" on line 2.
    The manifest file root element must be assembly.

    Error: (11/30/2016 10:31:59 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDEvents.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDEvents.dll" on line 2.
    The manifest file root element must be assembly.

    Error: (11/30/2016 10:31:59 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDLists.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDLists.dll" on line 2.
    The manifest file root element must be assembly.

    Error: (11/30/2016 10:31:59 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll" on line 2.
    The manifest file root element must be assembly.


    System errors:
    =============
    Error: (11/30/2016 11:07:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Intel(R) Management and Security Application User Notification Service service hung on starting.

    Error: (11/30/2016 11:06:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/30/2016 11:03:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Software Protection service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (11/30/2016 11:03:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

    Error: (11/30/2016 11:00:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The HP Support Solutions Framework Service service hung on starting.

    Error: (11/30/2016 10:58:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The McAfee Home Network service hung on starting.

    Error: (11/30/2016 10:54:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The HP Auto service terminated unexpectedly. It has done this 1 time(s).

    Error: (11/30/2016 10:54:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the ZAMSvc service to connect.

    Error: (11/30/2016 10:54:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NetMsmqActivator service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (11/30/2016 10:54:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NetPipeActivator service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.


    CodeIntegrity:
    ===================================
    Date: 2016-11-30 23:24:01.289
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

    Date: 2016-11-30 23:13:29.017
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-11-30 22:55:21.624
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-11-30 22:54:27.805
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

    Date: 2016-11-30 22:32:35.191
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

    Date: 2016-11-30 22:23:09.774
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

    Date: 2016-11-30 22:16:00.533
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

    Date: 2016-11-30 21:47:36.019
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

    Date: 2016-11-30 21:27:00.931
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.

    Date: 2016-11-30 21:17:34.534
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll that did not meet the Windows signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
    Percentage of memory in use: 65%
    Total physical RAM: 4078.54 MB
    Available physical RAM: 1400.98 MB
    Total Virtual: 8942.54 MB
    Available Virtual: 5021.32 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:937.79 GB) (Free:749.63 GB) NTFS
    Drive d: (HP_RECOVERY) (Fixed) (Total:15.72 GB) (Free:1.9 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive m: (OS) (Fixed) (Total:447.01 GB) (Free:107.19 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: A1CBFC44)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=937.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
    Partition 4: (Not Active) - (Size=15.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 0605DC0B)

    Partition: GPT.

    ==================== End of Addition.txt ============================

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •