Page 1 of 5 12345 LastLast
Results 1 to 10 of 42

Thread: Malware #SL9DW61 message

  1. #1
    Junior Member
    Join Date
    Nov 2016
    Posts
    27

    Default Malware #SL9DW61 message

    Hello
    Thanks for the advice to run FarBar and aswMBR utilities to help identify my problem.
    The message SL9DW61 appears as part of a popup screen that tells me I have a virus and should contact the microsoft telephone number given for help. There is also a spoken message telling me I have a flame virus. On searching he web I find several hits where they identify the same or very similar virus and propose installing their anti-virus software to get rid of it. l have tried manually searching for the problem in installed programs and internet add-ons with no success. When I have run McAfee and SpyBot anti-virus with no success.
    Please find the logs from Farbar below. I tried to send aswMBR as well but I think it was too much data to handle.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016
    Ran by Martin (administrator) on MARTIN-HP (20-11-2016 15:45:01)
    Running from M:\Users\Martin\Downloads
    Loaded Profiles: Martin (Available Profiles: Martin & Anna & DefaultAppPool)
    Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (brother Industries Ltd) C:\Windows\SysWOW64\brsvc01a.exe
    (brother Industries Ltd) C:\Windows\SysWOW64\brss01a.exe
    (Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    (Mirics Semiconductor Ltd) C:\Windows\System32\Hauppauge\hcwD3dvb\DVBT\DVBservice.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
    (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe
    (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
    (Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (McAfee, Inc.) C:\Windows\System32\mfevtps.exe
    (Capital Intellect Inc) C:\Program Files (x86)\Common Files\Winferno\WSS\WSS.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    () C:\Program Files (x86)\WeatherTool\2.0.1.11332\WeatherService.exe
    (Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\vds.exe
    () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    (ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.11332\weather.exe
    () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\vVX3000.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    (Google Inc.) C:\Users\Martin\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
    (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft) C:\Program Files\WindowsApps\Microsoft.BingFinance_4.16.19.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Money.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1611.3123.0_x64__8wekyb3d8bbwe\Calculator.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7571.57651.0_x64__8wekyb3d8bbwe\onenoteim.exe
    (Microsoft Corporation) C:\Windows\System32\PickerHost.exe
    (Microsoft Corporation) C:\Windows\System32\AuthHost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7466.41227.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7466.41227.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [VX3000] => C:\WINDOWS\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
    HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] ()
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-08-15] (Hewlett-Packard )
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1813128 2015-12-11] (NVIDIA Corporation)
    HKLM\...\Run: [IgfxTray] => "C:\WINDOWS\system32\igfxtray.exe"
    HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
    HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
    HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
    HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-04] (Hewlett-Packard)
    HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [612872 2014-01-03] (EasyBits Software AS)
    HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [61440 2006-09-14] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
    HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [616272 2015-05-13] (McAfee, Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-09-11] (Western Digital Technologies, Inc.)
    HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-10-05] (Apple Inc.)
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-10-05] (Apple Inc.)
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.)
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-10-05] (Apple Inc.)
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [Google+ Auto Backup] => C:\Users\Martin\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-10-05] (Apple Inc.)
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\RunOnce: [Uninstall C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Policies\system: [DisableLockWorkstation] 0
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Policies\system: [DisableChangePassword] 0
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\GPhotos.scr [4587520 2015-10-13] (Google Inc.)
    HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE [241280 2014-11-08] (SEIKO EPSON CORPORATION)
    ShellExecuteHooks: - {E54729E8-643D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook64.dll [773192 2014-01-05] ()
    ShellExecuteHooks-x32: - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook32.dll [484936 2014-01-05] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-06]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2011-05-25]
    ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2011-01-23]
    ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
    Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-09-04]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    GroupPolicy: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [S-1-5-21-533333334-2176733419-3778265130-1001] => 188.66.92.221:8080
    AutoConfigURL: [S-1-5-21-533333334-2176733419-3778265130-1001] => hxxp://nonestops.biz/wpad.dat?16935925b63f596b75f24c9b3d0e95ab19814846
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{49fd34a8-7140-4b34-baed-7569201fc946}: [DhcpNameServer] 192.168.22.22 192.168.22.23
    Tcpip\..\Interfaces\{6c148f43-6317-48e1-a91a-95a97bf9803f}: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{d2676523-a682-4f50-bf4b-ac96a89cc311}: [DhcpNameServer] 192.168.1.1
    ManualProxies: 0hxxp://nonestops.biz/wpad.dat?16935925b63f596b75f24c9b3d0e95ab19814846

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    URLSearchHook: HKLM-x32 - (No Name) - {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - No File
    URLSearchHook: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll (McAfee, Inc.)
    URLSearchHook: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll (McAfee, Inc.)
    URLSearchHook: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 - (No Name) - {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - No File
    SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> DefaultScope {0177F507-A638-4EAE-A88E-5D09F41D8713} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=B011GB105D20110220&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {0177F507-A638-4EAE-A88E-5D09F41D8713} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=B011GB105D20110220&p={SearchTerms}
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {482B2BC3-77E1-4CBE-A007-0F4FBAC31351} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2956691
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {AA8A02D2-3EF2-451D-870A-42EA6643AB34} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYCH&apn_uid=315C4D9E-ABDD-4952-9A7E-6B8858B7D9E8&apn_sauid=3652AC62-64AD-4BD1-BD25-83AF9DE0A883
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/5222-111091-7834-0/4?satitle={searchTerms}&mfe=Desktops
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2011-03-21] (TechSmith Corporation)
    BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
    BHO: BT Toolbar -> {aba8d0e6-0d4d-4cb8-836a-04d69824b108} -> C:\Program Files (x86)\bttb\bttbX64.dll [2014-02-07] ()
    BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
    BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2011-03-21] (TechSmith Corporation)
    BHO-x32: BT Toolbar -> {aba8d0e6-0d4d-4cb8-836a-04d69824b108} -> C:\Program Files (x86)\bttb\bttbX.dll [2014-02-07] ()
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
    Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2011-03-21] (TechSmith Corporation)
    Toolbar: HKLM - BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files (x86)\bttb\bttbX64.dll [2014-02-07] ()
    Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2011-01-26] (SEIKO EPSON CORPORATION)
    Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2011-03-21] (TechSmith Corporation)
    Toolbar: HKLM-x32 - No Name - {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - No File
    Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKLM-x32 - BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files (x86)\bttb\bttbX.dll [2014-02-07] ()
    Toolbar: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Toolbar: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    Toolbar: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> No Name - {8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2} - No File
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-08-05] (Belarc, Inc.)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-03] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-03] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-03] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-03] (McAfee, Inc.)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-05-13] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-05-13] (McAfee, Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\1se7cgl9.default-1452077820151 [2016-11-20]
    FF Extension: (Download YouTube Videos as MP4) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\1se7cgl9.default-1452077820151\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-09-04]
    FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-10-18]
    FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\1se7cgl9.default-1452077820151\searchplugins\McSiteAdvisor.xml [2016-03-10]
    FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-17] [not signed]
    FF Extension: (Motive Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2014-10-14] [not signed]
    FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-11-17] [not signed]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-11-28]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-23] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll [No File]
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-05-13] ()
    FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll [2010-10-28] (McAfee, Inc.)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
    FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
    FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation)
    FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2012-04-04] ( )
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-533333334-2176733419-3778265130-1001: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-06] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-11-11] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-11-11] (Apple Inc.)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\376540156.js [2016-11-10] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\376540156.cfg [2016-11-10] <==== ATTENTION

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://uk.yardood.com/?tn=sdkw_inner_hp_01_yardood_uk&guid=bfdd8eb17ff0571a0eba11a8b79cd366
    CHR RestoreOnStartup: Default -> "hxxp://uk.yardood.com/?tn=sdkw_inner_hp_01_yardood_uk&guid=bfdd8eb17ff0571a0eba11a8b79cd366"
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\PepperFlash\pepflashplayer.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\pdf.dll => No File
    CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => No File
    CHR Plugin: (Skype Toolbars) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    CHR Plugin: (McAfee Virtual Technician) - C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
    CHR Plugin: (Photodex Presenter Plugin) - C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
    CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll => No File
    CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll => No File
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
    CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
    CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2015-11-07]
    CHR Extension: (SiteAdvisor) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-10-02]
    CHR Extension: (BT Toolbar) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg [2015-10-02] [UpdateUrl: hxxp://www.bt.com/static/includes/account/toolbar/update/chromeUpdates.xml] <==== ATTENTION
    CHR Extension: (Skype Click to Call) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-17]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-02]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-01]
    CHR HKLM-x32\...\Chrome\Extension: [dhpigdnmefdjeemeldnnmbckmpogpbji] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [eijoglodfkeicibboibphapnoahoaapi] - C:\Users\Martin\AppData\Local\Temp\ccex.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-01]
    CHR HKLM-x32\...\Chrome\Extension: [hdpkpbhapgfjahbajejahjjcghiclegg] - C:\Program Files (x86)\bttb\toolbar.crx [2014-02-07]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
    R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd)
    R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
    S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-11-26] (CyberLink)
    R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-08-01] (CHENGDU YIWO Tech Development Co., Ltd)
    R2 hcwD3bda_dvbt; C:\WINDOWS\system32\hauppauge\hcwD3dvb\DVBT\DVBService.exe [2641920 2010-12-16] (Mirics Semiconductor Ltd)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
    S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [681528 2010-08-06] (Hewlett-Packard)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
    R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [166152 2016-10-03] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [754280 2015-05-13] (McAfee, Inc.)
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.)
    R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
    R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [609592 2015-05-05] (McAfee, Inc.)
    R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
    R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-05-06] (McAfee, Inc.)
    R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
    R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
    R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
    R2 RalinkCountryRegion; C:\Program Files (x86)\Ralink\Common\RaCountryRegion.exe [42496 2012-07-27] (Ralink Technology, Corp.) [File not signed]
    R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [372736 2012-07-04] (Ralink Technology, Corp.) [File not signed]
    R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2012-07-04] (Ralink Technology, Corp.) [File not signed]
    S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
    R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.11332\WeatherService.exe [155784 2016-04-26] ()
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.)
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
    R2 Winferno Subscription Service; C:\Program Files (x86)\Common Files\Winferno\WSS\WSS.exe [132488 2012-05-31] (Capital Intellect Inc)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
    S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
    S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] ()
    S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
    R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
    S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] ()
    S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
    R3 hcwD3bda; C:\WINDOWS\system32\DRIVERS\hcwD3bda64.sys [116352 2010-06-29] (Mirics)
    S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [198448 2015-04-27] (McAfee, Inc.)
    R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
    R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
    R0 mfedisk; C:\WINDOWS\System32\DRIVERS\mfedisk.sys [101872 2015-04-08] (McAfee, Inc.)
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
    R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
    R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
    R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [483240 2015-03-26] (McAfee, Inc.)
    S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [100720 2015-03-26] (McAfee, Inc.)
    R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
    R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
    S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdcwu.inf_amd64_16f6c9b501baeb7d\nvlddmkm.sys [13754928 2016-08-26] (NVIDIA Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
    R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [65576 2015-06-16] (Safer-Networking Ltd.)
    S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
    U3 idsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-20 15:42 - 2016-11-20 15:45 - 00000000 ____D C:\FRST
    2016-11-20 15:33 - 2016-11-20 15:33 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-MARTIN-HP-Windows-10-Pro-(64-bit).dat
    2016-11-20 15:33 - 2016-11-20 15:33 - 00000000 ____D C:\RegBackup
    2016-11-20 15:32 - 2016-11-20 15:32 - 00002345 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2016-11-20 15:32 - 2016-11-20 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-11-20 15:32 - 2016-11-20 15:32 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2016-11-20 15:31 - 2016-11-20 15:32 - 00017993 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2016-11-20 00:52 - 2016-11-20 00:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2016-11-19 09:06 - 2016-11-19 09:06 - 00000000 ____D C:\Users\Martin\AppData\Local\{344578B2-9FC6-46F2-98DB-7BAF73627D4F}
    2016-11-18 20:01 - 2016-11-20 15:34 - 00000000 ____D C:\Users\Martin\AppData\LocalLow\Mozilla
    2016-11-17 23:58 - 2016-11-18 20:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-11-10 20:14 - 2016-11-10 20:14 - 00000000 ____D C:\ProgramData\FFinder LTD
    2016-11-10 11:13 - 2016-11-10 11:13 - 00001859 _____ C:\Users\Public\Desktop\iTunes.lnk
    2016-11-10 11:13 - 2016-11-10 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2016-11-10 11:11 - 2016-11-10 11:13 - 00000000 ____D C:\Program Files\iTunes
    2016-11-10 11:11 - 2016-11-10 11:11 - 00000000 ____D C:\Program Files\iPod
    2016-11-10 05:59 - 2016-11-10 05:59 - 00002258 _____ C:\Users\Public\Desktop\Google Earth.lnk
    2016-11-10 05:59 - 2016-11-10 05:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2016-11-09 08:31 - 2016-11-02 12:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2016-11-09 08:31 - 2016-11-02 11:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2016-11-09 08:31 - 2016-11-02 11:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2016-11-09 08:31 - 2016-11-02 11:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2016-11-09 08:31 - 2016-11-02 11:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-11-09 08:31 - 2016-11-02 11:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2016-11-09 08:31 - 2016-11-02 11:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
    2016-11-09 08:31 - 2016-11-02 11:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2016-11-09 08:31 - 2016-11-02 11:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2016-11-09 08:31 - 2016-11-02 11:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
    2016-11-09 08:31 - 2016-11-02 11:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-11-09 08:31 - 2016-11-02 11:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2016-11-09 08:31 - 2016-11-02 11:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2016-11-09 08:31 - 2016-11-02 10:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
    2016-11-09 08:31 - 2016-11-02 10:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-11-09 08:31 - 2016-11-02 10:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
    2016-11-09 08:31 - 2016-11-02 10:37 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
    2016-11-09 08:31 - 2016-11-02 10:36 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
    2016-11-09 08:31 - 2016-11-02 10:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
    2016-11-09 08:31 - 2016-11-02 10:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
    2016-11-09 08:31 - 2016-11-02 10:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
    2016-11-09 08:31 - 2016-11-02 10:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
    2016-11-09 08:31 - 2016-11-02 10:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2016-11-09 08:31 - 2016-11-02 10:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
    2016-11-09 08:31 - 2016-11-02 10:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
    2016-11-09 08:31 - 2016-11-02 10:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2016-11-09 08:31 - 2016-11-02 10:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
    2016-11-09 08:31 - 2016-11-02 10:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
    2016-11-09 08:31 - 2016-11-02 10:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
    2016-11-09 08:31 - 2016-11-02 10:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
    2016-11-09 08:31 - 2016-11-02 10:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
    2016-11-09 08:31 - 2016-11-02 10:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
    2016-11-09 08:31 - 2016-11-02 10:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
    2016-11-09 08:31 - 2016-11-02 10:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
    2016-11-09 08:31 - 2016-11-02 10:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
    2016-11-09 08:31 - 2016-11-02 10:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
    2016-11-09 08:31 - 2016-11-02 10:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
    2016-11-09 08:31 - 2016-11-02 10:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2016-11-09 08:31 - 2016-11-02 10:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
    2016-11-09 08:31 - 2016-11-02 10:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
    2016-11-09 08:31 - 2016-11-02 08:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
    2016-11-09 08:30 - 2016-11-02 12:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2016-11-09 08:30 - 2016-11-02 11:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-11-09 08:30 - 2016-11-02 11:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-11-09 08:30 - 2016-11-02 11:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-11-09 08:30 - 2016-11-02 11:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-11-09 08:30 - 2016-11-02 11:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-11-09 08:30 - 2016-11-02 11:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-11-09 08:30 - 2016-11-02 11:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-11-09 08:30 - 2016-11-02 11:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-11-09 08:30 - 2016-11-02 11:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-11-09 08:30 - 2016-11-02 11:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2016-11-09 08:30 - 2016-11-02 11:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-11-09 08:30 - 2016-11-02 11:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2016-11-09 08:30 - 2016-11-02 10:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-11-09 08:30 - 2016-11-02 10:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2016-11-09 08:30 - 2016-11-02 10:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
    2016-11-09 08:30 - 2016-11-02 10:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2016-11-09 08:30 - 2016-11-02 10:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2016-11-09 08:30 - 2016-11-02 10:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
    2016-11-09 08:30 - 2016-11-02 10:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2016-11-09 08:30 - 2016-11-02 10:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
    2016-11-09 08:30 - 2016-11-02 10:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
    2016-11-09 08:30 - 2016-11-02 10:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
    2016-11-09 08:30 - 2016-11-02 10:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
    2016-11-09 08:30 - 2016-11-02 10:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
    2016-11-09 08:30 - 2016-11-02 10:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-11-09 08:30 - 2016-11-02 10:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2016-11-09 08:30 - 2016-11-02 10:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2016-11-09 08:30 - 2016-11-02 10:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
    2016-11-09 08:30 - 2016-11-02 10:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
    2016-11-09 08:30 - 2016-11-02 10:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2016-11-09 08:30 - 2016-11-02 10:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-11-09 08:30 - 2016-11-02 10:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
    2016-11-09 08:30 - 2016-11-02 10:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2016-11-09 08:30 - 2016-11-02 10:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
    2016-11-09 08:30 - 2016-11-02 10:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
    2016-11-09 08:30 - 2016-11-02 10:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
    2016-11-09 08:30 - 2016-11-02 10:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
    2016-11-09 08:30 - 2016-11-02 10:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
    2016-11-09 08:30 - 2016-11-02 10:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
    2016-11-09 08:30 - 2016-11-02 10:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
    2016-11-09 08:30 - 2016-11-02 10:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
    2016-11-09 08:30 - 2016-11-02 10:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
    2016-11-09 08:30 - 2016-11-02 10:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
    2016-11-09 08:30 - 2016-11-02 10:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
    2016-11-09 08:30 - 2016-11-02 10:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
    2016-11-09 08:30 - 2016-11-02 10:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
    2016-11-09 08:30 - 2016-11-02 10:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2016-11-09 08:30 - 2016-11-02 10:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2016-11-09 08:30 - 2016-11-02 10:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
    2016-11-09 08:30 - 2016-11-02 10:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
    2016-11-09 08:30 - 2016-11-02 10:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
    2016-11-09 08:30 - 2016-11-02 10:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
    2016-11-09 08:30 - 2016-11-02 10:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2016-11-09 08:30 - 2016-11-02 10:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2016-11-09 08:30 - 2016-11-02 10:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2016-11-09 08:30 - 2016-11-02 10:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-11-09 08:30 - 2016-11-02 10:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-11-09 08:30 - 2016-11-02 10:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
    2016-11-09 08:30 - 2016-11-02 10:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
    2016-11-09 08:30 - 2016-11-02 10:18 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
    2016-11-09 08:30 - 2016-11-02 10:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2016-11-09 08:30 - 2016-11-02 10:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
    2016-11-09 08:30 - 2016-11-02 10:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
    2016-11-09 08:30 - 2016-11-02 10:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
    2016-11-09 08:30 - 2016-11-02 10:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
    2016-11-09 08:30 - 2016-11-02 10:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
    2016-11-09 08:30 - 2016-11-02 10:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2016-11-09 08:30 - 2016-11-02 10:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
    2016-11-09 08:30 - 2016-11-02 10:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
    2016-11-09 08:30 - 2016-11-02 10:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
    2016-11-09 08:30 - 2016-11-02 10:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2016-11-09 08:29 - 2016-11-02 11:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2016-11-09 08:29 - 2016-11-02 11:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-11-09 08:29 - 2016-11-02 11:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2016-11-09 08:29 - 2016-11-02 11:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-11-09 08:29 - 2016-11-02 11:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-11-09 08:29 - 2016-11-02 11:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-11-09 08:29 - 2016-11-02 11:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
    2016-11-09 08:29 - 2016-11-02 11:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2016-11-09 08:29 - 2016-11-02 11:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2016-11-09 08:29 - 2016-11-02 11:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2016-11-09 08:29 - 2016-11-02 11:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-11-09 08:29 - 2016-11-02 11:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
    2016-11-09 08:29 - 2016-11-02 11:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
    2016-11-09 08:29 - 2016-11-02 11:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
    2016-11-09 08:29 - 2016-11-02 11:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2016-11-09 08:29 - 2016-11-02 11:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-11-09 08:29 - 2016-11-02 10:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
    2016-11-09 08:29 - 2016-11-02 10:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2016-11-09 08:29 - 2016-11-02 10:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
    2016-11-09 08:29 - 2016-11-02 10:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2016-11-09 08:29 - 2016-11-02 10:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2016-11-09 08:29 - 2016-11-02 10:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
    2016-11-09 08:29 - 2016-11-02 10:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2016-11-09 08:29 - 2016-11-02 10:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2016-11-09 08:29 - 2016-11-02 10:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
    2016-11-09 08:29 - 2016-11-02 10:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
    2016-11-09 08:29 - 2016-11-02 10:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
    2016-11-09 08:29 - 2016-11-02 10:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-11-09 08:29 - 2016-11-02 10:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-11-09 08:29 - 2016-11-02 10:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-11-09 08:29 - 2016-11-02 10:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
    2016-11-09 08:29 - 2016-11-02 10:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2016-11-09 08:29 - 2016-11-02 10:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2016-11-09 08:29 - 2016-11-02 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
    2016-11-09 08:29 - 2016-11-02 10:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2016-11-09 08:29 - 2016-11-02 10:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
    2016-11-09 08:29 - 2016-11-02 10:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2016-11-09 08:29 - 2016-11-02 10:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-11-09 08:29 - 2016-11-02 10:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
    2016-11-09 08:29 - 2016-11-02 10:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2016-11-09 08:29 - 2016-11-02 10:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
    2016-11-09 08:29 - 2016-11-02 10:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-11-09 08:29 - 2016-11-02 10:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
    2016-11-09 08:29 - 2016-11-02 10:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
    2016-11-09 08:29 - 2016-11-02 10:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
    2016-11-09 08:29 - 2016-11-02 10:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
    2016-11-09 08:29 - 2016-11-02 10:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2016-11-09 08:29 - 2016-11-02 10:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2016-11-09 08:29 - 2016-11-02 10:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-11-09 08:29 - 2016-11-02 10:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
    2016-11-09 08:29 - 2016-11-02 10:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2016-11-09 08:29 - 2016-11-02 10:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
    2016-11-09 08:29 - 2016-11-02 10:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
    2016-11-09 08:29 - 2016-11-02 10:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
    2016-11-09 08:29 - 2016-11-02 10:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2016-11-09 08:29 - 2016-11-02 10:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
    2016-11-09 08:29 - 2016-11-02 10:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-11-09 08:29 - 2016-11-02 10:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
    2016-11-09 08:29 - 2016-11-02 10:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2016-11-09 08:29 - 2016-11-02 10:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
    2016-11-09 08:29 - 2016-11-02 10:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2016-11-09 08:29 - 2016-11-02 10:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2016-11-09 08:29 - 2016-11-02 10:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-11-09 08:29 - 2016-11-02 10:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2016-11-09 08:29 - 2016-11-02 10:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2016-11-09 08:29 - 2016-11-02 10:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
    2016-11-09 08:29 - 2016-11-02 10:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
    2016-11-09 08:29 - 2016-11-02 10:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-11-09 08:29 - 2016-11-02 10:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
    2016-11-09 08:29 - 2016-11-02 10:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2016-11-09 08:29 - 2016-11-02 10:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2016-11-09 08:29 - 2016-11-02 10:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
    2016-11-09 08:29 - 2016-11-02 10:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-11-09 08:29 - 2016-11-02 10:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2016-11-09 08:29 - 2016-11-02 10:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2016-11-09 08:29 - 2016-11-02 10:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
    2016-11-09 08:29 - 2016-11-02 10:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
    2016-11-09 08:29 - 2016-11-02 10:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
    2016-11-09 08:29 - 2016-11-02 10:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2016-11-09 08:29 - 2016-11-02 10:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
    2016-11-09 08:29 - 2016-11-02 10:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-11-09 08:29 - 2016-11-02 10:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2016-11-09 08:29 - 2016-11-02 10:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2016-11-09 08:29 - 2016-11-02 10:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-11-09 08:29 - 2016-11-02 10:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-11-09 08:29 - 2016-11-02 10:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2016-11-09 08:29 - 2016-11-02 10:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2016-11-09 08:29 - 2016-11-02 10:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
    2016-11-09 08:29 - 2016-11-02 10:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2016-11-09 08:29 - 2016-11-02 10:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-11-09 08:29 - 2016-11-02 10:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-11-09 08:29 - 2016-11-02 10:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
    2016-11-09 08:29 - 2016-11-02 10:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
    2016-11-09 08:29 - 2016-11-02 10:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
    2016-11-09 08:29 - 2016-11-02 10:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
    2016-11-09 08:29 - 2016-08-02 04:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2016-11-09 08:28 - 2016-11-02 11:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2016-11-09 08:28 - 2016-11-02 11:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-11-09 08:28 - 2016-11-02 11:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2016-11-09 08:28 - 2016-11-02 11:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
    2016-11-09 08:28 - 2016-11-02 11:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2016-11-09 08:28 - 2016-11-02 11:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2016-11-09 08:28 - 2016-11-02 11:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-11-09 08:28 - 2016-11-02 11:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-11-09 08:28 - 2016-11-02 10:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
    2016-11-09 08:28 - 2016-11-02 10:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
    2016-11-09 08:28 - 2016-11-02 10:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-11-09 08:28 - 2016-11-02 10:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2016-11-09 08:28 - 2016-11-02 10:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
    2016-11-09 08:28 - 2016-11-02 10:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
    2016-11-09 08:28 - 2016-11-02 10:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
    2016-11-09 08:28 - 2016-11-02 10:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
    2016-11-09 08:28 - 2016-11-02 10:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
    2016-11-09 08:28 - 2016-11-02 10:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
    2016-11-09 08:28 - 2016-11-02 10:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
    2016-11-09 08:28 - 2016-11-02 10:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
    2016-11-09 08:28 - 2016-11-02 10:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
    2016-11-09 08:28 - 2016-11-02 10:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
    2016-11-09 08:28 - 2016-11-02 10:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
    2016-11-09 08:28 - 2016-11-02 10:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
    2016-11-09 08:28 - 2016-11-02 10:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
    2016-11-09 08:28 - 2016-11-02 10:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
    2016-11-09 08:28 - 2016-11-02 10:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
    2016-11-09 08:28 - 2016-11-02 10:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
    2016-11-09 08:28 - 2016-11-02 10:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2016-11-09 08:28 - 2016-11-02 10:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2016-11-09 08:28 - 2016-11-02 10:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-11-09 08:28 - 2016-11-02 10:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
    2016-11-09 08:28 - 2016-11-02 10:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2016-11-09 08:28 - 2016-11-02 10:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2016-11-09 08:28 - 2016-11-02 10:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
    2016-11-09 08:28 - 2016-11-02 10:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
    2016-11-09 08:28 - 2016-11-02 10:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2016-11-09 08:28 - 2016-11-02 10:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-11-09 08:28 - 2016-11-02 10:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2016-11-09 08:28 - 2016-11-02 10:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
    2016-11-09 08:28 - 2016-11-02 10:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
    2016-11-09 08:28 - 2016-11-02 10:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-11-09 08:28 - 2016-11-02 10:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
    2016-11-09 08:28 - 2016-11-02 10:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2016-11-09 08:28 - 2016-11-02 10:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-11-09 08:28 - 2016-11-02 10:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2016-11-09 08:28 - 2016-11-02 10:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-11-09 08:28 - 2016-11-02 09:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
    2016-11-09 08:28 - 2016-11-02 09:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
    2016-11-09 00:30 - 2016-11-02 00:30 - 00453380 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161109-003048.backup
    2016-11-06 11:47 - 2016-11-06 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2016-11-02 00:30 - 2016-10-25 23:45 - 00453330 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161102-003054.backup
    2016-10-31 11:18 - 2016-10-31 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2016-10-28 13:09 - 2016-10-15 04:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
    2016-10-28 13:09 - 2016-10-15 04:26 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2016-10-28 13:09 - 2016-10-15 04:26 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2016-10-28 13:09 - 2016-10-15 04:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2016-10-28 13:09 - 2016-10-15 03:53 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2016-10-28 13:09 - 2016-10-15 03:52 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-10-28 13:09 - 2016-08-27 05:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2016-10-28 13:08 - 2016-10-15 04:51 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-10-28 13:08 - 2016-10-15 04:51 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-10-28 13:08 - 2016-10-15 04:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-10-28 13:08 - 2016-10-15 04:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-10-28 13:08 - 2016-10-15 04:51 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-10-28 13:08 - 2016-10-15 04:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2016-10-28 13:08 - 2016-10-15 04:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
    2016-10-28 13:08 - 2016-10-15 04:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
    2016-10-28 13:08 - 2016-10-15 04:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2016-10-28 13:08 - 2016-10-15 04:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2016-10-28 13:08 - 2016-10-15 04:22 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-10-28 13:08 - 2016-10-15 04:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
    2016-10-28 13:08 - 2016-10-15 04:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2016-10-28 13:08 - 2016-10-15 04:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2016-10-28 13:08 - 2016-10-15 04:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
    2016-10-28 13:08 - 2016-10-15 03:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
    2016-10-28 13:08 - 2016-10-15 03:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
    2016-10-28 13:08 - 2016-10-15 03:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
    2016-10-28 13:08 - 2016-10-15 03:58 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
    2016-10-28 13:08 - 2016-10-15 03:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2016-10-28 13:08 - 2016-10-15 03:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
    2016-10-28 13:08 - 2016-10-15 03:56 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
    2016-10-28 13:08 - 2016-10-15 03:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
    2016-10-28 13:08 - 2016-10-15 03:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
    2016-10-28 13:08 - 2016-10-15 03:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
    2016-10-28 13:08 - 2016-10-15 03:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
    2016-10-28 13:08 - 2016-10-15 03:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
    2016-10-28 13:08 - 2016-10-15 03:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
    2016-10-28 13:08 - 2016-10-15 03:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-10-28 13:08 - 2016-10-15 03:50 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-10-28 13:08 - 2016-10-15 03:50 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
    2016-10-28 13:08 - 2016-10-15 03:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
    2016-10-28 13:08 - 2016-10-15 03:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2016-10-28 13:08 - 2016-10-15 03:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
    2016-10-28 13:08 - 2016-10-15 03:49 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-10-28 13:08 - 2016-10-15 03:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
    2016-10-28 13:08 - 2016-10-15 03:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
    2016-10-28 13:08 - 2016-10-15 03:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
    2016-10-28 13:08 - 2016-10-15 03:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
    2016-10-28 13:08 - 2016-10-15 03:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
    2016-10-28 13:08 - 2016-10-15 03:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
    2016-10-28 13:08 - 2016-10-15 03:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
    2016-10-28 13:08 - 2016-10-15 03:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
    2016-10-28 13:08 - 2016-10-15 03:45 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2016-10-28 13:08 - 2016-10-15 03:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
    2016-10-28 13:08 - 2016-10-15 03:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
    2016-10-28 13:08 - 2016-10-15 03:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
    2016-10-28 13:08 - 2016-10-15 03:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
    2016-10-28 13:08 - 2016-10-15 03:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
    2016-10-28 13:08 - 2016-10-15 03:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-10-28 13:08 - 2016-10-15 03:42 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2016-10-28 13:08 - 2016-10-15 03:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
    2016-10-28 13:08 - 2016-10-15 03:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
    2016-10-28 13:08 - 2016-10-15 03:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
    2016-10-28 13:08 - 2016-10-15 03:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-10-28 13:08 - 2016-10-15 03:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
    2016-10-28 13:08 - 2016-10-15 03:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2016-10-28 13:08 - 2016-10-15 03:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
    2016-10-28 13:08 - 2016-10-15 03:36 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-10-28 13:08 - 2016-10-15 03:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
    2016-10-28 13:08 - 2016-10-15 03:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
    2016-10-28 13:08 - 2016-10-15 03:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
    2016-10-28 13:08 - 2016-10-15 03:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
    2016-10-28 13:08 - 2016-10-15 03:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
    2016-10-28 13:08 - 2016-10-15 03:35 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2016-10-28 13:08 - 2016-10-15 03:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
    2016-10-28 13:08 - 2016-09-10 13:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
    2016-10-28 13:07 - 2016-10-15 04:51 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
    2016-10-28 13:07 - 2016-10-15 04:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-10-28 13:07 - 2016-10-15 04:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-10-28 13:07 - 2016-10-15 04:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-10-28 13:07 - 2016-10-15 04:43 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
    2016-10-28 13:07 - 2016-10-15 04:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
    2016-10-28 13:07 - 2016-10-15 04:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2016-10-28 13:07 - 2016-10-15 04:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
    2016-10-28 13:07 - 2016-10-15 04:31 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2016-10-28 13:07 - 2016-10-15 04:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2016-10-28 13:07 - 2016-10-15 04:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2016-10-28 13:07 - 2016-10-15 04:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2016-10-28 13:07 - 2016-10-15 04:29 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-10-28 13:07 - 2016-10-15 04:29 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2016-10-28 13:07 - 2016-10-15 04:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
    2016-10-28 13:07 - 2016-10-15 04:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
    2016-10-28 13:07 - 2016-10-15 04:26 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2016-10-28 13:07 - 2016-10-15 04:25 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
    2016-10-28 13:07 - 2016-10-15 04:25 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
    2016-10-28 13:07 - 2016-10-15 04:21 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
    2016-10-28 13:07 - 2016-10-15 04:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
    2016-10-28 13:07 - 2016-10-15 04:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2016-10-28 13:07 - 2016-10-15 04:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2016-10-28 13:07 - 2016-10-15 04:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2016-10-28 13:07 - 2016-10-15 03:57 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
    2016-10-28 13:07 - 2016-10-15 03:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
    2016-10-28 13:07 - 2016-10-15 03:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
    2016-10-28 13:07 - 2016-10-15 03:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
    2016-10-28 13:07 - 2016-10-15 03:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
    2016-10-28 13:07 - 2016-10-15 03:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
    2016-10-28 13:07 - 2016-10-15 03:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
    2016-10-28 13:07 - 2016-10-15 03:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
    2016-10-28 13:07 - 2016-10-15 03:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
    2016-10-28 13:07 - 2016-10-15 03:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
    2016-10-28 13:07 - 2016-10-15 03:55 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
    2016-10-28 13:07 - 2016-10-15 03:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2016-10-28 13:07 - 2016-10-15 03:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
    2016-10-28 13:07 - 2016-10-15 03:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
    2016-10-28 13:07 - 2016-10-15 03:53 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2016-10-28 13:07 - 2016-10-15 03:52 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
    2016-10-28 13:07 - 2016-10-15 03:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
    2016-10-28 13:07 - 2016-10-15 03:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
    2016-10-28 13:07 - 2016-10-15 03:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
    2016-10-28 13:07 - 2016-10-15 03:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2016-10-28 13:07 - 2016-10-15 03:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2016-10-28 13:07 - 2016-10-15 03:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2016-10-28 13:07 - 2016-10-15 03:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
    2016-10-28 13:07 - 2016-10-15 03:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
    2016-10-28 13:07 - 2016-10-15 03:47 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-10-28 13:07 - 2016-10-15 03:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
    2016-10-28 13:07 - 2016-10-15 03:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
    2016-10-28 13:07 - 2016-10-15 03:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
    2016-10-28 13:07 - 2016-10-15 03:43 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2016-10-28 13:07 - 2016-10-15 03:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
    2016-10-28 13:07 - 2016-10-15 03:41 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-10-28 13:07 - 2016-10-15 03:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-10-28 13:07 - 2016-10-15 03:39 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
    2016-10-28 13:07 - 2016-10-15 03:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2016-10-28 13:07 - 2016-10-15 03:39 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
    2016-10-28 13:07 - 2016-10-15 03:39 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2016-10-28 13:07 - 2016-10-15 03:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2016-10-28 13:07 - 2016-10-15 03:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
    2016-10-28 13:07 - 2016-10-15 03:37 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-10-28 13:07 - 2016-10-15 03:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2016-10-28 13:07 - 2016-10-15 03:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
    2016-10-28 13:07 - 2016-10-15 03:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
    2016-10-28 13:07 - 2016-10-15 03:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2016-10-28 13:07 - 2016-10-15 03:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2016-10-28 13:07 - 2016-10-15 03:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
    2016-10-28 13:07 - 2016-10-15 03:35 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-10-28 13:07 - 2016-10-15 03:35 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2016-10-28 13:07 - 2016-10-15 03:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2016-10-28 13:07 - 2016-10-15 03:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
    2016-10-28 13:07 - 2016-10-15 03:34 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2016-10-28 13:07 - 2016-10-15 03:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2016-10-28 13:07 - 2016-08-06 04:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-10-28 13:06 - 2016-10-15 04:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2016-10-28 13:06 - 2016-10-15 04:31 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-10-28 13:06 - 2016-10-15 04:31 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-10-28 13:06 - 2016-10-15 04:31 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2016-10-28 13:06 - 2016-10-15 04:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2016-10-28 13:06 - 2016-10-15 04:29 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2016-10-28 13:06 - 2016-10-15 04:26 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2016-10-28 13:06 - 2016-10-15 04:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
    2016-10-28 13:06 - 2016-10-15 04:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2016-10-28 13:06 - 2016-10-15 04:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-10-28 13:06 - 2016-10-15 04:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2016-10-28 13:06 - 2016-10-15 04:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2016-10-28 13:06 - 2016-10-15 04:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
    2016-10-28 13:06 - 2016-10-15 04:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-10-28 13:06 - 2016-10-15 04:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2016-10-28 13:06 - 2016-10-15 04:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2016-10-28 13:06 - 2016-10-15 04:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2016-10-28 13:06 - 2016-10-15 04:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2016-10-28 13:06 - 2016-10-15 04:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2016-10-28 13:06 - 2016-10-15 04:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2016-10-28 13:06 - 2016-10-15 04:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
    2016-10-28 13:06 - 2016-10-15 03:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
    2016-10-28 13:06 - 2016-10-15 03:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2016-10-28 13:06 - 2016-10-15 03:56 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
    2016-10-28 13:06 - 2016-10-15 03:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
    2016-10-28 13:06 - 2016-10-15 03:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
    2016-10-28 13:06 - 2016-10-15 03:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
    2016-10-28 13:06 - 2016-10-15 03:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
    2016-10-28 13:06 - 2016-10-15 03:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
    2016-10-28 13:06 - 2016-10-15 03:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2016-10-28 13:06 - 2016-10-15 03:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
    2016-10-28 13:06 - 2016-10-15 03:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
    2016-10-28 13:06 - 2016-10-15 03:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
    2016-10-28 13:06 - 2016-10-15 03:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-10-28 13:06 - 2016-10-15 03:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
    2016-10-28 13:06 - 2016-10-15 03:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2016-10-28 13:06 - 2016-10-15 03:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
    2016-10-28 13:06 - 2016-10-15 03:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
    2016-10-28 13:06 - 2016-10-15 03:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
    2016-10-28 13:06 - 2016-10-15 03:41 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
    2016-10-28 13:06 - 2016-10-15 03:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
    2016-10-28 13:06 - 2016-10-15 03:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
    2016-10-28 13:06 - 2016-10-15 03:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2016-10-28 13:06 - 2016-10-15 03:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
    2016-10-28 13:06 - 2016-10-15 03:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
    2016-10-28 13:06 - 2016-10-15 03:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
    2016-10-28 13:06 - 2016-10-15 03:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2016-10-28 13:06 - 2016-10-15 03:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2016-10-28 01:00 - 2016-11-18 11:50 - 00003252 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMartin
    2016-10-28 01:00 - 2016-11-18 11:50 - 00000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMartin.job
    2016-10-25 23:45 - 2016-10-18 23:30 - 00453330 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20161026-004556.backup

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-20 15:16 - 2016-09-26 20:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2016-11-20 11:49 - 2015-12-01 10:19 - 00000000 ____D C:\Users\Martin\AppData\Roaming\WeatherTool
    2016-11-20 06:59 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-11-19 06:13 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-11-18 20:01 - 2012-05-04 06:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-11-18 02:31 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache
    2016-11-16 19:15 - 2015-05-09 07:10 - 00000000 ___RD C:\Users\Martin\iCloudDrive
    2016-11-16 19:13 - 2015-11-22 20:42 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
    2016-11-16 19:12 - 2016-09-26 21:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-11-16 19:12 - 2016-09-26 20:57 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-11-16 19:12 - 2015-09-19 21:59 - 00144368 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_C6F09094.sys
    2016-11-16 19:11 - 2016-07-16 06:04 - 04980736 _____ C:\WINDOWS\system32\config\BBI
    2016-11-16 10:36 - 2016-09-26 21:02 - 00000000 ____D C:\Users\Martin
    2016-11-16 10:36 - 2015-09-10 05:44 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-11-15 17:48 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
    2016-11-15 17:46 - 2016-09-26 20:55 - 05103704 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-11-15 17:42 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-11-15 17:42 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-11-15 17:42 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
    2016-11-15 17:41 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-11-15 17:41 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
    2016-11-15 17:41 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-11-13 10:31 - 2011-01-23 00:30 - 00000000 ____D C:\ProgramData\PDFC
    2016-11-12 15:39 - 2011-02-14 09:06 - 00000000 ____D C:\Users\Martin\AppData\Local\Microsoft Help
    2016-11-12 09:59 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-11-12 09:31 - 2016-07-16 06:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
    2016-11-11 22:08 - 2016-09-26 21:02 - 00000000 ____D C:\Users\DefaultAppPool
    2016-11-11 22:08 - 2016-09-26 21:02 - 00000000 ____D C:\Users\Anna
    2016-11-11 15:34 - 2016-09-26 21:01 - 01172814 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-11-11 15:30 - 2012-05-04 06:14 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-11-10 11:11 - 2011-02-15 09:03 - 00000000 ____D C:\Program Files\Common Files\Apple
    2016-11-10 05:58 - 2011-02-15 22:32 - 00000000 ____D C:\Program Files (x86)\Google
    2016-11-09 19:48 - 2011-04-14 08:30 - 00000000 ____D C:\Program Files\McAfee
    2016-11-09 09:21 - 2011-02-14 08:02 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-11-09 03:12 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2016-11-09 03:12 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2016-11-07 15:53 - 2016-09-26 21:41 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2016-11-06 11:47 - 2015-11-13 20:24 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2016-11-06 11:47 - 2015-11-13 20:24 - 00000000 ____D C:\Program Files\McAfee Security Scan
    2016-11-04 17:17 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-11-04 17:16 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-11-04 17:10 - 2016-07-16 11:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2016-11-04 17:03 - 2011-04-01 23:32 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMARTIN-HP$.job
    2016-11-04 14:01 - 2015-11-05 18:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-11-01 11:04 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
    2016-10-31 19:52 - 2016-09-26 21:41 - 00003268 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMARTIN-HP$
    2016-10-28 23:56 - 2016-07-16 11:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-10-28 23:56 - 2016-07-16 11:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2011-03-05 12:26 - 2010-04-07 13:08 - 0076351 _____ () C:\Program Files\Photoshop CS5 Read Me.pdf
    2012-06-28 22:12 - 2012-07-02 12:22 - 0000132 _____ () C:\Users\Martin\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2011-03-06 18:27 - 2011-03-06 18:27 - 0000000 _____ () C:\Users\Martin\AppData\Roaming\chrtmp
    2012-07-26 09:58 - 2014-09-04 17:28 - 0038464 _____ () C:\Users\Martin\AppData\Roaming\Comma Separated Values (Windows).ADR
    2011-07-29 17:09 - 2011-09-16 20:45 - 0001854 _____ () C:\Users\Martin\AppData\Roaming\GhostObjGAFix.xml
    2011-03-06 18:26 - 2011-03-06 18:26 - 1574214 _____ () C:\Users\Martin\AppData\Roaming\winrar-x64-40b6.exe
    2011-02-15 23:00 - 2011-05-20 16:53 - 0004608 _____ () C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2016-05-15 11:54 - 2016-05-15 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{39896441-36D6-4A19-85ED-70E46C484B9E}
    2016-05-10 11:54 - 2016-05-10 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{3DC4A054-97E5-49D2-8BD3-B2EFCA7C0289}
    2016-05-08 11:54 - 2016-05-08 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{52ECCB76-F0DE-4A69-BF92-7F326FD8EFFC}
    2016-08-18 19:56 - 2016-08-18 19:56 - 0000000 _____ () C:\Users\Martin\AppData\Local\{6635B36E-BCB8-45A7-9667-46FE8900ABED}
    2016-05-12 11:54 - 2016-05-12 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{6865FABC-F7DA-4FA5-9B22-61E0BC21E0F7}
    2016-08-17 19:56 - 2016-08-17 19:56 - 0000000 _____ () C:\Users\Martin\AppData\Local\{78DEEE97-95B0-486F-AB7C-60B4BEBCA112}
    2016-05-14 11:54 - 2016-05-14 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{8B1AE2C7-3520-47DD-9780-AF265D0476C4}
    2016-05-16 11:54 - 2016-05-16 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{A118CC6C-6CE1-4CB2-A802-3B5BB8236CC9}
    2016-04-04 11:54 - 2016-04-04 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{A820FF9E-AAE3-4D30-8E8F-6786781C086D}
    2016-04-01 11:54 - 2016-04-01 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{B838EDBB-A5DF-4258-9262-6538EABE2B28}
    2016-04-03 11:54 - 2016-04-03 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{B9DACA50-F153-41BC-A339-56E0B1321660}
    2016-05-13 11:54 - 2016-05-13 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{C819706A-1EA4-4AB0-966F-C23FBD4F2234}
    2016-05-11 11:54 - 2016-05-11 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{D3680DE6-A4F8-4DD3-9FCB-CCEAF49D6B41}
    2016-07-17 14:51 - 2016-07-17 14:51 - 0000000 _____ () C:\Users\Martin\AppData\Local\{EB723B99-43B4-4B02-8DF0-AA9C7048738E}
    2016-05-09 11:54 - 2016-05-09 11:54 - 0000000 _____ () C:\Users\Martin\AppData\Local\{F176CB85-633A-44EC-9F1C-2D4E0A736C84}

    Some files in TEMP:
    ====================
    C:\Users\Martin\AppData\Local\Temp\376573040.exe
    C:\Users\Martin\AppData\Local\Temp\376631541.exe


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-11-11 22:25

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,941

    Default

    When Farbar Recovery Scan Tool was first run it should had also created Addition.txt
    Can you post ( copy and paste) this log for me.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Nov 2016
    Posts
    27

    Default

    Quote Originally Posted by Juliet View Post
    When Farbar Recovery Scan Tool was first run it should had also created Addition.txt
    Can you post ( copy and paste) this log for me.
    Hi Juliet

    Yes of course. Here it is.

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016
    Ran by Martin (20-11-2016 15:48:03)
    Running from M:\Users\Martin\Downloads
    Windows 10 Pro Version 1607 (X64) (2016-09-26 21:46:52)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-533333334-2176733419-3778265130-500 - Administrator - Disabled)
    Anna (S-1-5-21-533333334-2176733419-3778265130-1003 - Limited - Enabled) => C:\Users\Anna
    DefaultAccount (S-1-5-21-533333334-2176733419-3778265130-503 - Limited - Disabled)
    Guest (S-1-5-21-533333334-2176733419-3778265130-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-533333334-2176733419-3778265130-1002 - Limited - Enabled)
    Martin (S-1-5-21-533333334-2176733419-3778265130-1001 - Administrator - Enabled) => C:\Users\Martin

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Spybot - Search and Destroy (Enabled - Up to date) {1A0DDE8C-B4BA-EFDD-22A8-0F557C7985F0}
    AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4Team Folder Backup for Outlook (HKLM-x32\...\{E08336DF-56D4-4B43-AC62-C26389E878A8}) (Version: 1.11.0048 - 4Team Corporation)
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
    Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
    Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
    Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
    Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
    Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
    Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
    Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
    Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
    Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 5.0 (HKLM-x32\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
    Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
    Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Akamai NetSession Interface (HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\Akamai) (Version: - )
    Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Belarc Advisor 8.5a (HKLM-x32\...\Belarc Advisor) (Version: 8.5.1.0 - Belarc Inc.)
    BenVista PhotoZoom Pro 4.1 (HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\PhotoZoom Pro 4) (Version: 4.1 - BenVista Ltd.)
    Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version: - )
    BT Toolbar (HKLM-x32\...\bttb) (Version: 1.0.0.43 - )
    Build-a-Lot - The Elizabethan Era (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
    CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3210 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
    DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.2.4412 - Hewlett-Packard)
    DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
    EaseUS Todo Backup Workstation 8.9 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.9 - CHENGDU YIWO Tech Development Co., Ltd)
    EPSON BX535WD Series Printer Uninstall (HKLM\...\EPSON BX535WD Series) (Version: - SEIKO EPSON Corporation)
    Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
    Epson Easy Photo Print 2 (HKLM-x32\...\{FFF841F3-9A15-4F61-BD16-C19F132E5A27}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
    Epson Event Manager (HKLM-x32\...\{FA9D303D-0FB2-49C7-9397-8E6B11EA892D}) (Version: 2.50.0001 - SEIKO EPSON CORPORATION)
    EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    honestech VHS to DVD 7.0 Deluxe (HKLM-x32\...\{AC242562-1F9E-42C9-B461-E8B839093FEB}) (Version: 7.0 - honestech)
    honestech VHS to DVD 7.0 Deluxe (x32 Version: 7.0 - honestech) Hidden
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
    HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.2.4725 - Hewlett-Packard)
    HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.2.4517 - Hewlett-Packard)
    HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.2.4513 - Hewlett-Packard)
    HP MediaSmart SmartMenu (HKLM\...\{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}) (Version: 3.1.2.4 - Hewlett-Packard)
    HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.2.4522 - Hewlett-Packard)
    HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
    HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard)
    HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
    HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
    HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
    HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.37 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
    HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)
    iCloud (HKLM\...\{29AAC3D3-23FC-496D-8266-0E3833686758}) (Version: 6.0.2.10 - Apple Inc.)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6302.0 - IDT)
    Image Scan Tool (HKLM-x32\...\{C1FEE8D6-6775-4B67-BC02-281898C40988}) (Version: 1.00.0062 - 35mm Film Scanner)
    iMazing 1.3.9.0 (HKLM\...\iMazing_is1) (Version: 1.3.9.0 - DigiDNA)
    Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
    iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3130 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.3130 - CyberLink Corp.) Hidden
    LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
    Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.2 - Macromedia)
    Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
    Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 8.2 - EasyBits Software AS)
    McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.1076 - McAfee, Inc.)
    McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.427.2 - McAfee, Inc.)
    McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 6.0.0.0 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.279 - McAfee, Inc.)
    Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
    Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MioMore Desktop 7.50 (HKLM-x32\...\{A2804FE8-4101-48a0-AE1A-575B99014BF4}-Mio-7.50) (Version: 7.50.0108.122 - Mio Technology)
    MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
    Mosaic Creator 3.1 (HKLM-x32\...\Mosaic Creator_is1) (Version: - )
    Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.2.4412 - Hewlett-Packard)
    Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.2.4412 - Hewlett-Packard) Hidden
    Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MusicStation (HKLM-x32\...\MusicStationNetstaller) (Version: 1.0.1.5 - Hewlett-Packard)
    MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version: - SEIKO EPSON Corporation)
    MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
    Network Guide EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Netg) (Version: - )
    NVIDIA 3D Vision Driver 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.82 - NVIDIA Corporation)
    NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5936 - NVIDIA Corporation)
    NVIDIA Graphics Driver 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.82 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
    NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
    NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
    PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.9 - PDF Complete, Inc)
    PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation)
    PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
    PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
    Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
    Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
    PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.33 - Hewlett-Packard Company)
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4329 - CyberLink Corp.)
    Power2Go (x32 Version: 6.1.4329 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3129 - CyberLink Corp.)
    PowerDirector (x32 Version: 8.0.3129 - CyberLink Corp.) Hidden
    QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
    Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.53.0 - Mediatek)
    Recovery Manager (x32 Version: 5.5.3219 - CyberLink Corp.) Hidden
    Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
    Serif CraftArtist (HKLM-x32\...\{C1B148C9-FACF-45F1-8356-4E1C5E3DAA5B}) (Version: 1.0.5.043 - Serif (Europe) Ltd)
    Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.1.008 - Serif (Europe) Ltd)
    Serif PagePlus X6 (HKLM-x32\...\{E2B22002-9C8B-43CC-A75B-464B6ED4FF6B}) (Version: 16.0.3.29 - Serif (Europe) Ltd)
    Serif PanoramaPlus X4 (HKLM-x32\...\{35EDE682-4AE5-47D6-B44F-103F859951DC}) (Version: 4.0.3.010 - Serif (Europe) Ltd)
    Serif Photo Projects (HKLM-x32\...\{D87677F6-5F58-4BB9-8D50-78A1BF9C2F33}) (Version: 1.0.2.024 - Serif (Europe) Ltd)
    Serif PhotoPlus Starter Edition (HKLM-x32\...\{A0765939-76F5-48D8-82B1-8D0BBFAD0702}) (Version: 2.0.0.002 - Serif (Europe) Ltd)
    Serif PhotoPlus Toolbar (HKLM-x32\...\Serif_PhotoPlus Toolbar) (Version: 6.8.5.1 - Serif PhotoPlus)
    Serif PhotoPlus X6 (HKLM\...\{CCD2C5E4-F484-4499-BCB3-61E787416757}) (Version: 16.0.1.029 - Serif (Europe) Ltd)
    Serif WebPlus X5 (HKLM-x32\...\{7D427BD1-1C88-4007-BBFB-C2DD2ED48C63}) (Version: 13.0.3.029 - Serif (Europe) Ltd)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
    Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
    Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Snagit 10.0.1 (HKLM-x32\...\{22FC7536-BE5C-4E88-8069-C24689D34EC5}) (Version: 10.0.1 - TechSmith Corporation)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
    Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    The Desktop Weather 2.0.1.11332 (HKLM\...\WeatherTool) (Version: 2.0.1.11332 - ShenZhen Enode Techology co,.Ltd) <==== ATTENTION
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.2 - Tweaking.com)
    User's Guide EPSON BX535WD Series (HKLM-x32\...\EPSON BX535WD Series Useg) (Version: - )
    VIDBOX Driver (HKLM-x32\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 4.0.0 - honestech)
    Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    WD Quick View (HKLM-x32\...\{5AEBFB66-61FE-4833-ACE3-E966980E40D5}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{739778ED-D095-4725-BF78-ADFF96004C52}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
    WD SmartWare Installer (HKLM-x32\...\{e72369b3-306a-4d10-a766-3433a65e8dc2}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
    Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Winferno Registry Power Cleaner (HKLM-x32\...\RegPowerClean_is1) (Version: 2010 - Winferno.com)
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {02844ECD-451D-462D-B1E3-90B36A830E3A} - System32\Tasks\RPCReminder => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe [2011-02-16] (Capital Intellect Inc)
    Task: {05AE89DC-A543-4920-B0F4-E20E4FFCA8F1} - System32\Tasks\{FFEE2FD5-E28F-4F70-B151-B63B57D9454A} => C:\Program Files (x86)\35mm Film Scanner\FilmScan.exe [2009-07-03] ()
    Task: {0614E216-9586-4DC9-9417-9663E71FFA81} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {09DD22EA-249F-4834-94E9-2F324E944E0D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {0CD58D6C-2089-4F31-B5CC-B899D7FF3FC9} - System32\Tasks\{6228F42C-E425-4399-B21B-E586A00CA1DF} => pcalua.exe -a C:\Users\Martin\Downloads\115-INST-WIN7-A(1).EXE -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: {0E5D93F3-1611-48C8-85E8-05CB0E7D881D} - System32\Tasks\Symantec\Norton Error Processor 18.5.0.125 => C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\SymErr.exe
    Task: {0E8551ED-005D-40C6-90E3-80D5843F8DBB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {12284962-F2BE-4AC1-85AD-AEC697294BC3} - System32\Tasks\Microsoft_Hardware_Launch_vVX3000_exe => C:\WINDOWS\vVX3000.exe [2010-05-20] (Microsoft Corporation)
    Task: {1598057A-7424-46EA-A48E-8D78E4531E85} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-28] ()
    Task: {187099FF-FE18-4331-9C41-B02AADDFF755} - System32\Tasks\{DE2F76FB-B155-4B2E-9846-71432718037E} => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe [2006-04-21] (Macromedia, Inc.)
    Task: {20B5B94F-3107-476A-8CD3-C973F8DCA88E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {215E25A8-2541-437F-9A2C-465441E8307A} - System32\Tasks\Western Digital\SmartWare\____Volume_4b465ed5_26a1_11e0_bb51_806e6f6e6963__dropbox_23dfcfe8_f183_4963_a22e_b9dc3ae8a55e_dropbox_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-10-28] (Western Digital Technologies, Inc.)
    Task: {26E14C57-552E-49CF-8956-A5A72019799B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {27C411B7-E322-486B-938E-48EF225CFC07} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {2F0B2903-9F5B-4E96-8394-51698C1980DD} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {3691FF85-D708-409B-BE7A-284ADA2BCFB2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {392AAB2B-15F7-48B1-B07E-0BE480D834F6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {3C3AF73B-1EA9-4250-8FAD-C9DF989355E3} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-05-06] (McAfee, Inc.)
    Task: {3CE545F3-0B06-4985-B51E-D63CD1773699} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09] (Adobe Systems Incorporated)
    Task: {3CFC37AD-32B2-4DC6-A426-A306BA854455} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {3E0E9501-F7DC-47E5-B011-4F1450ACA57E} - System32\Tasks\{29D7B097-F55A-4436-A447-8977E1986E20} => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe [2006-04-21] (Macromedia, Inc.)
    Task: {4174D0B1-D662-4442-BE05-E74FDA7AB687} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {42DEC54C-DB9E-4D53-8039-70F74ED236C6} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
    Task: {4D89D042-9FB4-4E7D-BA19-9E9C33F1F719} - System32\Tasks\Daily => C:\Program Files (x86)\Spybot - Search & Destroy 2\Scripts\Example 02 - example scans.sds [2012-10-29] ()
    Task: {510AB855-474D-4E43-BCE3-662568D0E596} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
    Task: {56A2763D-6CBC-4348-A246-DECE18E3A875} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
    Task: {598BB8AC-231C-4814-AEAA-291E2B7CB0C6} - System32\Tasks\HPCeeScheduleForMARTIN-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {5A6E19C2-F449-4A3B-B261-0636349A9B58} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {6B45998C-7FEB-479E-90DD-118F2AFA6ACE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {6CB2D1EB-FD9D-4D98-AC55-8745B7153DA9} - System32\Tasks\{CA6260C8-24BA-4054-8620-31BB8A064E86} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-08-17] (Skype Technologies S.A.)
    Task: {74E5A384-9195-4384-A950-4D23C0BBF63D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-09] (Microsoft Corporation)
    Task: {75E207A5-0575-446A-974A-D178024369F1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {7646F415-C0F1-44A5-9228-57F50CEECB8C} - System32\Tasks\HPCeeScheduleForMartin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {7A18682A-8757-4849-8C82-2ADE120EE512} - System32\Tasks\AdobeAAMUpdater-1.0-Martin-HP-Martin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
    Task: {7B02EC8F-F816-43DC-8711-6B20F90F3674} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {7B0DFFF0-6088-41CF-A75A-878BA845C91F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {8465E2C1-36AD-4EA3-8ECA-5C561635B621} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {85581298-1194-4866-AD63-789771491A6A} - System32\Tasks\{E1957BC0-C026-4210-8358-6E37C3F9A090} => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe [2006-04-21] (Macromedia, Inc.)
    Task: {88CA1768-1266-461B-BBA7-ED29216263E3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {8F86C186-9A71-4017-860D-1C7779BDFC26} - System32\Tasks\WSSHelper => C:\Program Files (x86)\Common Files\Winferno\WSS\WSSHelper.exe [2012-05-31] (Winferno)
    Task: {90E542B9-106F-41A5-A1F1-03AE1DD0E68A} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-10-05] (Apple Inc.)
    Task: {97673B7C-FA99-4729-B685-0C72C685757B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
    Task: {9B6C72FF-CEAA-4D76-9477-ED04C092112C} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
    Task: {9D68AD1A-3850-45B6-BC03-009D74EB709E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {9FBABAD9-5D99-48EC-A2AD-F376B2AD00AC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {A0388142-09A4-4C55-A321-61F672D75048} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {A1D35F98-7D4F-4EC2-9239-00601DC46FCE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {A489B528-91C6-4184-A0AF-723508AC6495} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {A5FB32AB-5B09-43E1-AD7D-EA5FB136FE32} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
    Task: {A87B0C08-0B05-4951-BDF8-FA27099AB5F6} - System32\Tasks\Symantec\Norton Error Analyzer 18.5.0.125 => C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\SymErr.exe
    Task: {A894259E-D7D0-41BB-AED3-1D8F66401E39} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {AD8197BA-0FD9-4941-9005-970CBCFD0381} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {AFD362E1-DB14-4E9E-AD21-32A2AC1AFD69} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {B10439E1-E185-4DB2-807B-DD6AC98B530E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {B2C67E43-C09B-42DF-BD65-F85EC7340EB3} - System32\Tasks\Western Digital\SmartWare\____Volume_4b465ed5_26a1_11e0_bb51_806e6f6e6963__uuid_73656761_7465_7375_636b_0090a9dcf81c_SmartWare_ => C:\Program Files (x86)\Western Digital\WD SmartWare\BackupTask.exe [2015-10-28] (Western Digital Technologies, Inc.)
    Task: {B50CF033-A1EB-4EF0-84C9-D9546460808B} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
    Task: {B92A5C1F-2083-497F-B44F-60F380623673} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {B979D5A2-E055-4C5B-A41E-E736D1C5F488} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {B9C2FF09-69BB-45F2-9D0D-F8A85DD93129} - System32\Tasks\{3B3EBCEE-B984-44EF-BC57-F99482C4B642} => C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe [2006-04-21] (Macromedia, Inc.)
    Task: {BAB0C2A1-A46C-4922-94D9-6DB0FCB09067} - System32\Tasks\RegPowerClean => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2011-03-08] (Capital Intellect Inc)
    Task: {BC878DA5-DAED-4628-B8C5-FA73919A9A26} - System32\Tasks\{648E1FA9-CA1A-4568-A552-1C6597A5E983} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsBing
    Task: {C0BFAEC9-4454-4F25-8F89-1D2486119E0E} - System32\Tasks\{82A64CB8-4071-4AC6-AD31-7CF39D8754AB} => pcalua.exe -a C:\Users\Martin\Downloads\delinf_10100(1).EXE -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: {C0C86764-46EE-4D2D-AC66-2975E4FA513A} - System32\Tasks\{F8FD3EBE-EDC5-4CF4-86E8-AB94313C94E1} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2016-08-17] (Skype Technologies S.A.)
    Task: {C35D62DE-3859-448A-AC42-52AB702CF849} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {C36E8E24-AFC1-47B5-904A-A9A7DDD310DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
    Task: {C3D6E275-57AC-417E-BE9B-FE759B44F4FB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
    Task: {C4D5D3CC-58F8-43D2-AC4F-FA91F4439F57} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {C7E0966E-25A1-4F1B-B374-3627873FA6D9} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
    Task: {CEFA543F-CCF0-419B-9667-215AB4EC0C15} - System32\Tasks\{F13810A2-3332-40E8-AAE1-D273D7818EC0} => pcalua.exe -a C:\Users\Martin\Downloads\delinf_10100(2).EXE -d "C:\Program Files (x86)\Mozilla Firefox"
    Task: {D0736407-184C-4629-BAF7-A43330150658} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
    Task: {D2ADBA07-F78C-44DF-9833-3EFCC5481143} - System32\Tasks\{AC45DD11-EBEB-4DB8-B42F-B9E9F883FFF0} => Firefox.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/abandoninstall?page=tsBing
    Task: {D7A8CD4F-7631-478E-9D75-818E7C6FCB98} - System32\Tasks\EPUpdater => C:\Users\Martin\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
    Task: {E367ECC4-E50B-4359-A3B0-F6C92C862936} - System32\Tasks\{E06625AA-4F8B-4518-992E-7B9D49146439} => C:\Program Files (x86)\35mm Film Scanner\FilmScan.exe [2009-07-03] ()
    Task: {E6E7C19D-30C3-44EF-BF9D-322E845BB89A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {E8FA7856-F1C0-48C9-88EE-4613503C97E8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {EBC5A77F-46CF-424A-8730-DA8AA01F0B68} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {F0FB8856-9D73-4FCC-BC55-68B1C3A146E7} - System32\Tasks\{06C25C85-4F6A-46CD-A7AA-D967E15ACD89} => C:\Program Files (x86)\35mm Film Scanner\FilmScan.exe [2009-07-03] ()
    Task: {F3E951DB-A7B4-499C-932D-ABD264F18193} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {F5582C46-1590-4BC3-A83B-21AC7170B8BB} - System32\Tasks\{84BA5F9C-5595-48F4-A30E-01710CDE1C0A} => C:\Program Files (x86)\35mm Film Scanner\FilmScan.exe [2009-07-03] ()
    Task: {F591307A-D18B-4D33-A2C0-6A595CDC5EED} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {F5AD6A46-8ED6-459D-BF33-31B63513D647} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe [2015-06-16] (Safer-Networking Ltd.)
    Task: {F809B3DB-23B7-4759-B88C-17638039582F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {F9E30966-5310-4840-B58B-451BB1300581} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {FC168DBD-8327-4CC8-BEBE-28B294DC8806} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForMARTIN-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForMartin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_vVX3000_exe.job => C:\WINDOWS\vVX3000.exe
    Task: C:\WINDOWS\Tasks\RegPowerClean.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RegPowerClean.exe
    Task: C:\WINDOWS\Tasks\RPCReminder.job => C:\Program Files (x86)\Winferno\RegistryPowerCleaner\RPCReminder.exe
    Task: C:\WINDOWS\Tasks\WSSHelper.job => C:\Program Files (x86)\Common Files\Winferno\WSS\WSSHelper.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-09-30 14:08 - 2016-09-15 17:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-09-26 20:57 - 2016-08-01 12:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2006-09-14 06:56 - 2006-09-14 06:56 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    2009-12-18 22:18 - 2009-12-18 22:18 - 00420864 _____ () C:\WINDOWS\system32\hauppauge\hcwD3dvb\DVBT\cutil64.dll
    2016-04-26 10:47 - 2016-04-26 10:47 - 00155784 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\WeatherService.exe
    2015-11-28 11:58 - 2015-11-03 12:18 - 00249384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    2016-04-26 10:47 - 2016-04-26 10:47 - 01049736 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\WeatherEntryDll.dll
    2011-01-23 00:30 - 2009-02-28 03:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
    2016-09-30 14:08 - 2016-09-15 17:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-09-26 22:08 - 2016-09-26 22:08 - 00959168 _____ () C:\Users\Martin\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\ClientTelemetry.dll
    2016-09-27 05:48 - 2016-09-27 05:48 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2016-11-09 08:30 - 2016-11-02 10:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2016-11-09 08:29 - 2016-11-02 10:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-11-09 08:29 - 2016-11-02 10:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-11-09 08:29 - 2016-11-02 10:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2016-11-09 08:29 - 2016-11-02 10:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-11-09 08:29 - 2016-11-02 10:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-11-09 08:29 - 2016-11-02 10:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2010-09-15 18:31 - 2010-09-15 18:31 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    2016-11-17 12:00 - 2016-11-17 12:00 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2016-11-17 12:00 - 2016-11-17 12:00 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2016-11-17 12:00 - 2016-11-17 12:00 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2016-11-17 11:58 - 2016-11-17 11:58 - 03766272 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1611.3123.0_x64__8wekyb3d8bbwe\Calculator.exe
    2016-09-28 21:55 - 2016-09-28 21:59 - 01046224 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7571.57651.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
    2015-11-28 11:58 - 2015-09-21 17:00 - 00080936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
    2015-11-28 11:58 - 2015-11-03 02:45 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
    2015-11-28 11:58 - 2015-11-03 02:45 - 00186408 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
    2015-11-28 11:58 - 2015-11-03 02:45 - 00165416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
    2015-11-28 11:58 - 2015-11-03 02:45 - 00058408 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
    2015-11-28 11:58 - 2015-11-03 02:45 - 00015912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
    2015-11-28 11:58 - 2015-06-22 16:58 - 00108072 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
    2015-11-28 11:58 - 2015-09-23 16:58 - 00030760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
    2015-11-28 11:58 - 2015-09-23 16:58 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
    2015-11-28 11:58 - 2014-12-14 16:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
    2015-11-28 11:58 - 2015-03-14 03:54 - 00281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
    2015-11-28 11:58 - 2015-09-23 16:58 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
    2015-11-28 11:58 - 2015-09-23 16:58 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
    2015-11-28 11:58 - 2015-06-22 16:58 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
    2015-11-28 11:58 - 2015-11-02 22:03 - 00769064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
    2015-11-28 11:58 - 2015-06-22 16:58 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
    2015-11-28 11:58 - 2015-11-03 12:18 - 00111656 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
    2015-11-28 11:58 - 2015-11-02 22:03 - 00169512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
    2015-11-28 11:58 - 2015-11-10 10:07 - 00501800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
    2015-11-28 11:58 - 2015-06-22 16:58 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
    2015-11-28 11:58 - 2015-08-01 07:10 - 00025128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
    2015-11-28 11:58 - 2015-09-23 16:58 - 00201768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
    2015-11-28 11:58 - 2015-06-22 16:58 - 00136232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
    2015-11-28 11:58 - 2015-09-23 16:58 - 00138792 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
    2015-11-28 11:58 - 2015-09-23 16:58 - 00146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00050216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00061992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00089640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
    2015-11-28 11:58 - 2014-12-15 00:53 - 00056360 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
    2015-09-19 23:09 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-09-19 23:09 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-09-19 23:09 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-09-19 23:09 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2016-04-26 10:46 - 2016-04-26 10:46 - 00543368 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\EVPTask.dll
    2016-04-26 10:46 - 2016-04-26 10:46 - 00406664 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\EVPNet.dll
    2016-04-26 10:46 - 2016-04-26 10:46 - 00428680 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\EVPDR.dll
    2013-11-07 17:58 - 2013-11-07 17:58 - 00244736 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
    2013-11-07 17:58 - 2013-11-07 17:58 - 00271360 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
    2013-11-07 17:57 - 2013-11-07 17:57 - 00237056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
    2013-04-24 07:55 - 2013-04-24 07:55 - 01581056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node
    2013-04-18 16:55 - 2013-04-18 16:55 - 00068608 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
    2015-11-28 11:58 - 2014-12-15 00:53 - 00223784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
    2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-10-05 18:18 - 2016-10-05 18:18 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-01-06 09:52 - 2014-01-06 09:52 - 03244032 _____ () C:\Users\Martin\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
    2016-10-05 18:18 - 2016-10-05 18:18 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2011-01-23 00:30 - 2009-02-20 01:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
    2016-10-14 19:47 - 2016-10-14 19:48 - 00958464 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.16.19.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
    2015-09-20 16:13 - 2015-09-20 16:13 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.16.19.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
    2016-08-23 10:07 - 2016-08-23 10:08 - 03312024 _____ () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.16.19.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [124]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7916 more sites.

    IE trusted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\internet -> internet
    IE trusted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\mcafee.com -> hxxp://mcafee.com
    IE trusted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\mcafee.com -> hxxps://mcafee.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\...\123simsen.com -> www.123simsen.com

    There are 7916 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 02:34 - 2016-11-09 00:30 - 00453430 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15557 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Martin\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [{DB5AE92C-38A8-4EB7-9935-03D6FAD3419C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [{11D778F4-8ED3-4B27-8B01-A21F32D5B210}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{A43C0283-B403-46E4-A34E-AF96FBD9CBD3}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
    FirewallRules: [{DA87C82E-88C8-415F-B861-FC29BF14AE38}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
    FirewallRules: [{0FF00DA6-EE83-4FAB-9C01-86A4C0BF2080}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{048F36B7-5D07-4F60-862E-B0FB756506A9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{CD8623F3-1726-4B88-B83D-753973C6363B}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    FirewallRules: [{4831F8C3-446D-4E1E-89C2-F89538A9EE6D}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    FirewallRules: [{620C6590-7329-401A-B5D9-7DE79D7E6FB5}] => (Allow) LPort=5353
    FirewallRules: [{B29CAEBF-88FE-45E4-9565-FF037DC3DE0D}] => (Allow) C:\Program Files (x86)\EPSON Software\EPSON Printer Finder\WCStart.exe
    FirewallRules: [{0B7D64DA-44E6-41F2-8591-8FAB2D40737F}] => (Allow) C:\Program Files (x86)\EPSON Software\EPSON Printer Finder\WCStart.exe
    FirewallRules: [{EC95B9EB-3DFB-4BD5-B634-7A40C61F4A9D}] => (Allow) C:\Program Files (x86)\EPSON Software\EPSON Printer Finder\WCStart.exe
    FirewallRules: [{DFF31ABD-EBAB-4189-8042-0F417050EE8C}] => (Allow) C:\Program Files (x86)\EPSON Software\EPSON Printer Finder\WCStart.exe
    FirewallRules: [{CD69593C-682F-4515-A495-EA06718B65CB}] => (Allow) C:\Windows\twain_32\escndv\escfg.exe
    FirewallRules: [{42C5C1DB-37D2-4D3F-A45D-3B9195A5F2B8}] => (Allow) C:\Windows\twain_32\escndv\escfg.exe
    FirewallRules: [{75B64F1E-1EC2-4C6C-B092-F85317FD60E9}] => (Allow) C:\Windows\twain_32\escndv\escfg.exe
    FirewallRules: [{AB697919-5C5E-48B0-985E-1DEDD2E62CEA}] => (Allow) C:\Windows\twain_32\escndv\escfg.exe
    FirewallRules: [{E67A7695-D2F3-478C-83C4-77B1839484EE}] => (Allow) C:\Windows\twain_32\escndv\escndv.exe
    FirewallRules: [{4A1961CE-4186-4358-A5E2-2AB5B194FE20}] => (Allow) C:\Windows\twain_32\escndv\escndv.exe
    FirewallRules: [{9A18A027-9EA7-4763-9C1B-209A1C17E070}] => (Allow) C:\Windows\twain_32\escndv\escndv.exe
    FirewallRules: [{D6BC7C85-E576-46A8-8D05-19402F17D113}] => (Allow) C:\Windows\twain_32\escndv\escndv.exe
    FirewallRules: [{BF0C4C55-51C7-4F04-8BCB-A5296C0ED660}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EProjManager.exe
    FirewallRules: [{E01DACD0-073D-4197-865B-FB58DF5EE8AF}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EProjManager.exe
    FirewallRules: [{AF7B53E6-BDA4-42A4-8935-AD589C4283FF}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EProjManager.exe
    FirewallRules: [{E09BE28B-7A99-492C-928B-FEC11831187E}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EProjManager.exe
    FirewallRules: [{EC614D59-A150-4BF7-A53C-5248D95C418C}] => (Allow) C:\Program Files (x86)\bttb\dtuser.exe
    FirewallRules: [{A609A1CC-5686-4311-AF6D-C6BA939D1CFE}] => (Allow) C:\Program Files (x86)\bttb\dtuser.exe
    FirewallRules: [{190ADD7C-5ED9-445C-BEF0-D9DFDCCD48E1}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
    FirewallRules: [{1D34AEED-E6F1-403E-8E7C-ABCC86D53F67}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
    FirewallRules: [{48146D4E-809A-4C7C-8DF8-290C446083F2}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{B7F2A652-9204-4C9D-AD59-98DAD5D1486E}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    FirewallRules: [{7714E108-2262-4E49-AB54-A1D275F73668}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    FirewallRules: [{B0F9658C-33EE-4AD8-86FE-6EB05A1365C4}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    FirewallRules: [{77B44DB2-6E4E-4E79-95E4-FC4ED7612997}] => (Allow) LPort=5000
    FirewallRules: [{B38861C2-AE5E-4963-A263-261F4D5128A6}] => (Allow) LPort=51011
    FirewallRules: [{2B79340D-944C-4297-A67B-698729E9C68E}] => (Allow) C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe
    FirewallRules: [{2B446D4C-092A-40B5-97E6-47C1DE1DF484}] => (Allow) C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe
    FirewallRules: [{FA771CD6-FFD6-4C39-9434-EE32E80153E8}] => (Allow) C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe
    FirewallRules: [{218CCFFA-0B57-4B35-8F42-1BBE5C5FC9AA}] => (Allow) C:\Program Files (x86)\Macromedia\Dreamweaver 8\Dreamweaver.exe
    FirewallRules: [{BDDA1436-0C1C-4E9C-BE36-F2897BF902CF}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
    FirewallRules: [{97FCEE95-199D-40F2-A23C-1390776EC144}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeTray.exe
    FirewallRules: [{794F8D5C-AF6B-4D93-915F-1E0AE42EB895}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
    FirewallRules: [{7B7E1D29-03A4-40A7-BF3A-37915DB37AAC}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
    FirewallRules: [{073E3BEB-1732-4E25-AB88-D13B303048FC}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
    FirewallRules: [{BE70B139-E431-4C43-9995-18E1E230899E}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeEnC2.exe
    FirewallRules: [{E2E473E0-6433-40D1-A468-C8760EBF7C66}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
    FirewallRules: [{696EF457-AC6F-49CD-807B-AD5025E539A6}] => (Allow) C:\Program Files (x86)\Microsoft LifeCam\LifeCam.exe
    FirewallRules: [{9A8BB6A1-4191-4A7F-B2E4-F97685157372}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
    FirewallRules: [{C66AD37F-B1F5-4A62-892B-5D24529AA339}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
    FirewallRules: [{52F0E548-3C5C-4BF8-9108-199D917ED786}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    FirewallRules: [{E0EA391F-1AA6-4F6C-9ADB-15628A404219}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    FirewallRules: [{7E631EF6-669F-4651-809A-62F1DC2E5343}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
    FirewallRules: [{D3D3D90A-C2BF-4B4F-BF8C-FCF89E9F03F5}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgam.exe
    FirewallRules: [{1F92CCAA-E074-44DC-AAA4-76A2CDEEB52C}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
    FirewallRules: [{BC96263A-A25D-49F5-97E2-AC5A23E6B024}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
    FirewallRules: [{DA8B1CDB-4E8F-4392-95D7-374593CD6C8A}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    FirewallRules: [{85EA3B22-2355-498B-936D-1144BD221F8E}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    FirewallRules: [{D848EA26-E465-432C-9E1B-72353E89E690}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
    FirewallRules: [{3247F576-1C26-4ABB-9B95-40150CA992ED}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgdiagex.exe
    FirewallRules: [{84B3FFD7-1937-4E1F-BF8C-E35DE488A425}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{01F33532-5261-4E64-93F4-674397971FE4}] => (Allow) LPort=1900
    FirewallRules: [{5DB8BB49-9CF1-40D2-992A-88AE19E8F700}] => (Allow) LPort=2869
    FirewallRules: [{95130874-0710-4CB4-B393-FBBD87272DF4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{6658DAE7-691A-4490-A73A-EF07EE0CC322}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\Programs\My First Browser\MyFirstBrowser.exe
    FirewallRules: [{96467AA4-EFBC-45DB-AE59-8EBA7A2E6F3C}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\Programs\My First Browser\MyFirstBrowser.exe
    FirewallRules: [{FEE86126-7465-41A6-8751-B4BA18FB4246}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
    FirewallRules: [{0B97665B-15BA-4836-8AA1-69D21A013BD1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
    FirewallRules: [{F23B5980-2488-445E-989E-43899FF50C3C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
    FirewallRules: [{0408339F-96FF-4A80-A7B3-353EC0AEC8A9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
    FirewallRules: [{DFCE5392-1D18-4126-B86A-96A36DB16BB1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
    FirewallRules: [{EB927130-8C37-4279-A69D-57681ABE5AEE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{E43067BA-E8BA-453F-AC50-07F443C75F71}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{50580A1A-6226-4814-961C-9F9C59A07089}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{EF3E0986-85C2-4C33-B69D-A51E7939E6EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{6C5BEB1C-3467-4BA4-94D9-47249DFF4133}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C2BB06C0-28BF-4720-A16E-D734FD76E139}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{7855EA53-8C88-4839-9A52-804B8563DDBA}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
    FirewallRules: [{E2F9CD88-4273-40D3-B596-B2C83D895028}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
    FirewallRules: [{15D6ACE8-4517-4336-877B-4EEDE1C56FE1}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
    FirewallRules: [{0D0F7415-22D6-4D8E-AAE6-C7D887894C85}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
    FirewallRules: [{28B7CAFB-63C8-496E-8FD2-0B1ECDFC7D2A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{34E5431C-6AE1-4868-9801-8E4EC241F714}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{0B0ABBA2-8F37-4FFA-8751-67E643F5F920}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [{40DD41F1-4D07-416B-A911-543305587EB4}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
    FirewallRules: [TCP Query User{E575C42D-6E88-40AF-B287-101B3889CB0F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{1105CD95-EFF7-4733-9CB5-F330B60507FA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [{ED575A35-D137-4DFD-9F1E-9C83F39A7A06}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
    FirewallRules: [{B8DA82DB-48F5-42E3-95A3-122AE10C0FF2}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
    FirewallRules: [{578213BA-71D9-4D62-A895-B0BC36BABD2E}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    FirewallRules: [{82911D5E-EB0B-4669-A80D-0922986BBF1E}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    FirewallRules: [{F90D489A-F8BF-4305-90A1-80FCAA01C21B}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
    FirewallRules: [{9090C362-FACB-4CAF-ABB5-72A2DF6BABB8}] => (Allow) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
    FirewallRules: [{27221EFC-6087-4FC7-8712-DEBFA9B148A6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    12-11-2016 09:53:10 Windows Update
    17-11-2016 17:43:30 Removed 4Team Folder Backup for Outlook.

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/20/2016 03:36:27 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\Tools.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\Tools.dll" on line 2.
    The manifest file root element must be assembly.

    Error: (11/20/2016 03:36:26 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll" on line 2.
    The manifest file root element must be assembly.

    Error: (11/20/2016 03:36:26 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll" on line 2.
    The manifest file root element must be assembly.

    Error: (11/20/2016 03:36:25 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDResources.dll" on line 2.
    The manifest file root element must be assembly.

    Error: (11/20/2016 03:36:25 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDEvents.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDEvents.dll" on line 2.
    The manifest file root element must be assembly.

    Error: (11/20/2016 03:36:25 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDLists.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDLists.dll" on line 2.
    The manifest file root element must be assembly.

    Error: (11/20/2016 03:36:25 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll" on line 2.
    The manifest file root element must be assembly.

    Error: (11/20/2016 03:36:25 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll" on line 2.
    The manifest file root element must be assembly.

    Error: (11/20/2016 03:36:25 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv64.sys".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDHookDrv64.sys" on line 2.
    The manifest file root element must be assembly.

    Error: (11/20/2016 03:36:25 PM) (Source: SideBySide) (EventID: 9) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\spybot - search & destroy 2\SDFileScanHelper.exe".Error in manifest or policy file "c:\program files (x86)\spybot - search & destroy 2\SDFileScanHelper.exe" on line 2.
    The manifest file root element must be assembly.


    System errors:
    =============
    Error: (11/20/2016 11:45:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/19/2016 05:34:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/19/2016 04:42:57 PM) (Source: DCOM) (EventID: 10010) (User: MARTIN-HP)
    Description: The server {D3F6D4DB-A482-4648-8DBB-3565EBCB7A6B} did not register with DCOM within the required timeout.

    Error: (11/19/2016 04:42:26 PM) (Source: DCOM) (EventID: 10010) (User: MARTIN-HP)
    Description: The server {D3F6D4DB-A482-4648-8DBB-3565EBCB7A6B} did not register with DCOM within the required timeout.

    Error: (11/19/2016 02:33:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/19/2016 09:32:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/19/2016 01:07:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/18/2016 09:15:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/18/2016 08:57:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (11/18/2016 04:32:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
    Percentage of memory in use: 71%
    Total physical RAM: 4078.54 MB
    Available physical RAM: 1148.17 MB
    Total Virtual: 8174.54 MB
    Available Virtual: 2782.17 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:937.79 GB) (Free:666.3 GB) NTFS
    Drive d: (HP_RECOVERY) (Fixed) (Total:15.72 GB) (Free:1.9 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive m: (OS) (Fixed) (Total:447.01 GB) (Free:107.76 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 1863 GB) (Disk ID: A1CBFC44)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=937.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
    Partition 4: (Not Active) - (Size=15.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 0605DC0B)

    Partition: GPT.

    ==================== End of Addition.txt ============================

  4. #4
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,941

    Default

    You have a couple of items that need to be removed through your add/remove programs list in the control panel.

    Java 8 Update 31
    Winferno Registry Power Cleaner
    The Desktop Weather 2.0.1.11332
    http://www.isthisfilesafe.com/produc...r_details.aspx
    https://forums.malwarebytes.org/topi...sktop-weather/
    uninstall/delete the above and reboot the computer.
    ~~~

    Running from M:\Users\Martin\Downloads

    It's best we move Farbar's to desktop.

    Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
    Go to an open spot on your desktop, right click and select PASTE
    You should now have Farbar Recovery Scan Tool on your desktop.


    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
    GroupPolicy: Restriction <======= ATTENTION
    URLSearchHook: HKLM-x32 - (No Name) - {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - No File
    URLSearchHook: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 - (No Name) - {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - No File
    SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {482B2BC3-77E1-4CBE-A007-0F4FBAC31351} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2956691
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {AA8A02D2-3EF2-451D-870A-42EA6643AB34} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYCH&apn_uid=315C4D9E-ABDD-4952-9A7E-6B8858B7D9E8&apn_sauid=3652AC62-64AD-4BD1-BD25-83AF9DE0A883
    BHO: BT Toolbar -> {aba8d0e6-0d4d-4cb8-836a-04d69824b108} -> C:\Program Files (x86)\bttb\bttbX64.dll [2014-02-07] ()
    BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
    BHO-x32: BT Toolbar -> {aba8d0e6-0d4d-4cb8-836a-04d69824b108} -> C:\Program Files (x86)\bttb\bttbX.dll [2014-02-07] ()
    BHO-x32: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
    Toolbar: HKLM - BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files (x86)\bttb\bttbX64.dll [2014-02-07] ()
    Toolbar: HKLM-x32 - No Name - {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - No File
    Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKLM-x32 - BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files (x86)\bttb\bttbX.dll [2014-02-07] ()
    Toolbar: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Toolbar: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    Toolbar: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> No Name - {8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2} - No File
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll [No File]
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\376540156.js [2016-11-10] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\376540156.cfg [2016-11-10] <==== ATTENTION
    CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => No File
    CHR Plugin: (Skype Toolbars) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll => No File
    CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll => No File
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
    CHR Extension: (BT Toolbar) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg [2015-10-02] [UpdateUrl: hxxp://www.bt.com/static/includes/account/toolbar/update/chromeUpdates.xml] <==== ATTENTION
    CHR HKLM-x32\...\Chrome\Extension: [eijoglodfkeicibboibphapnoahoaapi] - C:\Users\Martin\AppData\Local\Temp\ccex.crx <not found>
    C:\Users\Martin\AppData\Local\Temp\376573040.exe
    C:\Users\Martin\AppData\Local\Temp\376631541.exe
    Task: {20B5B94F-3107-476A-8CD3-C973F8DCA88E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {6B45998C-7FEB-479E-90DD-118F2AFA6ACE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {7B02EC8F-F816-43DC-8711-6B20F90F3674} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {88CA1768-1266-461B-BBA7-ED29216263E3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {9FBABAD9-5D99-48EC-A2AD-F376B2AD00AC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {A0388142-09A4-4C55-A321-61F672D75048} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [124]
    EmptyTemp:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~~~~~`

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
      In order to use AdwCleaner, you have to agree the Eula:
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Please download Junkware Removal Tool
    or from here http://downloads.malwarebytes.org/file/jrt
    to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ~~
    please post
    Fixlog.txt
    AdwCleaner[C1].txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Nov 2016
    Posts
    27

    Unhappy

    Hi Juliet
    I am running through your instructions now.
    Unfortunately I forgot to reboot after removing the programs you listed.
    Instead I carried on and ran the Farbar utility as requested. This rebooted the machine anyway. I have stopped there.
    DO I need to rerun Farbar utility?
    Last edited by Juliet; 2016-11-22 at 12:34.

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,941

    Default

    We can continue starting with fixlist.txt.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Junior Member
    Join Date
    Nov 2016
    Posts
    27

    Default

    Fix result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01
    Ran by Martin (22-11-2016 00:37:19) Run:1
    Running from M:\Users\Martin\Desktop
    Loaded Profiles: Martin (Available Profiles: Martin & Anna & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
    GroupPolicy: Restriction <======= ATTENTION
    URLSearchHook: HKLM-x32 - (No Name) - {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - No File
    URLSearchHook: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 - (No Name) - {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - No File
    SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {482B2BC3-77E1-4CBE-A007-0F4FBAC31351} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2956691
    SearchScopes: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> {AA8A02D2-3EF2-451D-870A-42EA6643AB34} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYCH&apn_uid=315C4D9E-ABDD-4952-9A7E-6B8858B7D9E8&apn_sauid=3652AC62-64AD-4BD1-BD25-83AF9DE0A883
    BHO: BT Toolbar -> {aba8d0e6-0d4d-4cb8-836a-04d69824b108} -> C:\Program Files (x86)\bttb\bttbX64.dll [2014-02-07] ()
    BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
    BHO-x32: BT Toolbar -> {aba8d0e6-0d4d-4cb8-836a-04d69824b108} -> C:\Program Files (x86)\bttb\bttbX.dll [2014-02-07] ()
    BHO-x32: No Name -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
    Toolbar: HKLM - BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files (x86)\bttb\bttbX64.dll [2014-02-07] ()
    Toolbar: HKLM-x32 - No Name - {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - No File
    Toolbar: HKLM-x32 - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKLM-x32 - BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files (x86)\bttb\bttbX.dll [2014-02-07] ()
    Toolbar: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Toolbar: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    Toolbar: HKU\S-1-5-21-533333334-2176733419-3778265130-1001 -> No Name - {8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2} - No File
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll [No File]
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\376540156.js [2016-11-10] <==== ATTENTION (Points to *.cfg file)
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\376540156.cfg [2016-11-10] <==== ATTENTION
    CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => No File
    CHR Plugin: (Skype Toolbars) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (WacomTabletPlugin) - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll => No File
    CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll => No File
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
    CHR Extension: (BT Toolbar) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg [2015-10-02] [UpdateUrl: hxxp://www.bt.com/static/includes/account/toolbar/update/chromeUpdates.xml] <==== ATTENTION
    CHR HKLM-x32\...\Chrome\Extension: [eijoglodfkeicibboibphapnoahoaapi] - C:\Users\Martin\AppData\Local\Temp\ccex.crx <not found>
    C:\Users\Martin\AppData\Local\Temp\376573040.exe
    C:\Users\Martin\AppData\Local\Temp\376631541.exe
    Task: {20B5B94F-3107-476A-8CD3-C973F8DCA88E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {6B45998C-7FEB-479E-90DD-118F2AFA6ACE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {7B02EC8F-F816-43DC-8711-6B20F90F3674} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {88CA1768-1266-461B-BBA7-ED29216263E3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {9FBABAD9-5D99-48EC-A2AD-F376B2AD00AC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {A0388142-09A4-4C55-A321-61F672D75048} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [124]
    EmptyTemp:
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully
    C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
    C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} => value removed successfully
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} => value removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
    HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
    "HKU\S-1-5-21-533333334-2176733419-3778265130-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
    HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
    "HKU\S-1-5-21-533333334-2176733419-3778265130-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{482B2BC3-77E1-4CBE-A007-0F4FBAC31351}" => key removed successfully
    HKCR\CLSID\{482B2BC3-77E1-4CBE-A007-0F4FBAC31351} => key not found.
    "HKU\S-1-5-21-533333334-2176733419-3778265130-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA8A02D2-3EF2-451D-870A-42EA6643AB34}" => key removed successfully
    HKCR\CLSID\{AA8A02D2-3EF2-451D-870A-42EA6643AB34} => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aba8d0e6-0d4d-4cb8-836a-04d69824b108}" => key removed successfully
    "HKCR\CLSID\{aba8d0e6-0d4d-4cb8-836a-04d69824b108}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
    HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aba8d0e6-0d4d-4cb8-836a-04d69824b108}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{aba8d0e6-0d4d-4cb8-836a-04d69824b108}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
    "HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{aba8d0e6-0d4d-4cb8-836a-04d69824b108} => value removed successfully
    HKCR\CLSID\{aba8d0e6-0d4d-4cb8-836a-04d69824b108} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} => value removed successfully
    HKCR\Wow6432Node\CLSID\{8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
    HKCR\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{aba8d0e6-0d4d-4cb8-836a-04d69824b108} => value removed successfully
    HKCR\Wow6432Node\CLSID\{aba8d0e6-0d4d-4cb8-836a-04d69824b108} => key not found.
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
    HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => value removed successfully
    HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => key not found.
    HKU\S-1-5-21-533333334-2176733419-3778265130-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2} => value removed successfully
    HKCR\CLSID\{8F2767F8-338A-4258-BD1C-4DE5A3D8CDB2} => key not found.
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin => key not found.
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2 => key not found.
    C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll => not found.
    C:\Program Files (x86)\mozilla firefox\defaults\pref\376540156.js => moved successfully
    C:\Program Files (x86)\mozilla firefox\376540156.cfg => moved successfully
    C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll => not found.
    C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => not found.
    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
    C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
    C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
    C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll => not found.
    C:\Program Files (x86)\TabletPlugins\npwacom.dll => not found.
    C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => not found.
    C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll => not found.
    C:\Windows\SysWOW64\npDeployJava1.dll => not found.
    C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg <==== ATTENTION => not found
    "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eijoglodfkeicibboibphapnoahoaapi" => key removed successfully
    C:\Users\Martin\AppData\Local\Temp\376573040.exe => moved successfully
    C:\Users\Martin\AppData\Local\Temp\376631541.exe => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20B5B94F-3107-476A-8CD3-C973F8DCA88E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20B5B94F-3107-476A-8CD3-C973F8DCA88E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B45998C-7FEB-479E-90DD-118F2AFA6ACE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B45998C-7FEB-479E-90DD-118F2AFA6ACE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B02EC8F-F816-43DC-8711-6B20F90F3674}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B02EC8F-F816-43DC-8711-6B20F90F3674}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88CA1768-1266-461B-BBA7-ED29216263E3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88CA1768-1266-461B-BBA7-ED29216263E3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FBABAD9-5D99-48EC-A2AD-F376B2AD00AC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FBABAD9-5D99-48EC-A2AD-F376B2AD00AC}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0388142-09A4-4C55-A321-61F672D75048}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0388142-09A4-4C55-A321-61F672D75048}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
    C:\ProgramData\Temp => ":0B4227B4" ADS removed successfully.

    =========== EmptyTemp: ==========

    BITS transfer queue => 32768 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 215503354 B
    Java, Flash, Steam htmlcache => 2434 B
    Windows/system/drivers => 79427801 B
    Edge => 146832235 B
    Chrome => 61418223 B
    Firefox => 385911320 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 22892 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 26039878 B
    NetworkService => 10550 B
    Martin => 1443472400 B
    Anna => 40649 B
    DefaultAppPool => 16674 B

    RecycleBin => 70817042144 B
    EmptyTemp: => 68.2 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 03:59:25 ====

  8. #8
    Junior Member
    Join Date
    Nov 2016
    Posts
    27

    Default

    # AdwCleaner v6.030 - Logfile created 22/11/2016 at 13:51:29
    # Updated on 19/10/2016 by Malwarebytes
    # Database : 2016-11-21.2 [Server]
    # Operating System : Windows 10 Pro (X64)
    # Username : Martin - MARTIN-HP
    # Running from : M:\Users\Martin\Desktop\AdwCleaner.exe
    # Mode: Clean
    # Support : hxxps://www.malwarebytes.com/support



    ***** [ Services ] *****



    ***** [ Folders ] *****

    [-] Folder deleted: C:\Users\Martin\AppData\Local\PackageAware
    [-] Folder deleted: C:\Users\Martin\AppData\Local\PutLockerDownloader
    [-] Folder deleted: C:\Users\Martin\AppData\LocalLow\Conduit
    [-] Folder deleted: C:\Users\Martin\AppData\LocalLow\PriceGong
    [-] Folder deleted: C:\Users\Martin\AppData\Roaming\Yontoo
    [-] Folder deleted: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com
    [-] Folder deleted: C:\Users\Anna\AppData\LocalLow\AskToolbar
    [-] Folder deleted: C:\Users\Anna\AppData\Roaming\WeatherTool
    [-] Folder deleted: C:\ProgramData\apn
    [-] Folder deleted: C:\ProgramData\Ask
    [-] Folder deleted: C:\ProgramData\Tarma Installer
    [-] Folder deleted: C:\ProgramData\Winferno
    [-] Folder deleted: C:\ProgramData\FFinder LTD
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\apn
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\Ask
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\Tarma Installer
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\Winferno
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\FFinder LTD
    [-] Folder deleted: C:\Users\Public\Documents\Guid
    [-] Folder deleted: C:\Program Files (x86)\Conduit
    [-] Folder deleted: C:\Program Files (x86)\Common Files\Winferno
    [-] Folder deleted: C:\WINDOWS\SysWoW64\BrowserProtect
    [-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\WeatherTool


    ***** [ Files ] *****



    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKCU\Software\a558fdae269ec17
    [-] Key deleted: HKLM\SOFTWARE\a558fdae269ec17
    [-] Key deleted: HKLM\SOFTWARE\Classes\Toolbar.CT2956691
    [-] Key deleted: HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    [-] Key deleted: HKLM\SOFTWARE\Classes\Prod.cap
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Prod.cap
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    [-] Key deleted: HKU\.DEFAULT\Software\AskPartnerNetwork
    [-] Key deleted: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\Software\Conduit
    [-] Key deleted: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\Software\Winferno
    [-] Key deleted: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\Software\AppDataLow\Toolbar
    [-] Key deleted: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\Software\AppDataLow\Software\Conduit
    [-] Key deleted: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\Software\AppDataLow\Software\ConduitSearchScopes
    [-] Key deleted: HKU\S-1-5-21-533333334-2176733419-3778265130-1001\Software\AppDataLow\Software\PriceGong
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-533333334-2176733419-3778265130-1001\Software\SweetIM
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-533333334-2176733419-3778265130-1001\Software\delta
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\AskPartnerNetwork
    [#] Key deleted on reboot: HKCU\Software\Conduit
    [#] Key deleted on reboot: HKCU\Software\Winferno
    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Toolbar
    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Conduit
    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\PriceGong
    [-] Key deleted: HKLM\SOFTWARE\Conduit
    [-] Key deleted: HKLM\SOFTWARE\Winferno
    [-] Key deleted: HKLM\SOFTWARE\FFinder LTD
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-533333334-2176733419-3778265130-1001\Software\SweetIM
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-533333334-2176733419-3778265130-1001\Software\delta
    [#] Key deleted on reboot: [x64] HKCU\Software\Conduit
    [#] Key deleted on reboot: [x64] HKCU\Software\Winferno
    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Toolbar
    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Conduit
    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\PriceGong
    [-] Key deleted: [x64] HKLM\SOFTWARE\Conduit
    [-] Key deleted: [x64] HKLM\SOFTWARE\Tarma Installer
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
    [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\4yendex.com
    [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.4yendex.com
    [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.hao123.com
    [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hao123.com
    [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\us.hao123.com
    [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\4yendex.com
    [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.4yendex.com
    [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.hao123.com
    [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hao123.com
    [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\us.hao123.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\4yendex.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.4yendex.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\en.hao123.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hao123.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\us.hao123.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\4yendex.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.4yendex.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\en.hao123.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hao123.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\us.hao123.com
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\BHO.DLL
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL


    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [10718 Bytes] - [22/11/2016 13:51:29]
    C:\AdwCleaner\AdwCleaner[S0].txt - [10341 Bytes] - [22/11/2016 13:38:16]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10866 Bytes] ##########

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,941

    Default

    Were you able to run the JRT.txt <==tool?

    And how is your computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Junior Member
    Join Date
    Nov 2016
    Posts
    27

    Default

    Hi Juliet

    Log below
    Problem with message seems to have gone away but let me test for a few hours as it is intermittant.
    I am still getting a ranom window opening invitation to open Search Incognito for Firefox
    Will report back on progress ASAP

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.9 (09.30.2016)
    Operating System: Windows 10 Pro x64
    Ran by Martin (Administrator) on 22/11/2016 at 18:04:27.08
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 16

    Successfully deleted: C:\Users\Martin\AppData\Local\{06104B65-D12B-4ECB-BAA2-FB147232DACC} (Empty Folder)
    Successfully deleted: C:\Users\Martin\AppData\Local\{0AC85F00-A290-486A-B777-033211876F79} (Empty Folder)
    Successfully deleted: C:\Users\Martin\AppData\Local\{12A4AFF5-F5A3-4F25-B11B-7FCB895B535B} (Empty Folder)
    Successfully deleted: C:\Users\Martin\AppData\Local\{12A66556-3D04-4FB4-8FBD-E2102CDC6915} (Empty Folder)
    Successfully deleted: C:\Users\Martin\AppData\Local\{1587E290-A55A-4340-9B66-81E558144F70} (Empty Folder)
    Successfully deleted: C:\Users\Martin\AppData\Local\{344578B2-9FC6-46F2-98DB-7BAF73627D4F} (Empty Folder)
    Successfully deleted: C:\Users\Martin\AppData\Local\{3CFC9C2C-284B-41AB-AEF3-5F3AAFB9272D} (Empty Folder)
    Successfully deleted: C:\Users\Martin\AppData\Local\{6D13734A-EBC1-4570-B8D4-8DC39D93851E} (Empty Folder)
    Successfully deleted: C:\Users\Martin\AppData\Local\{6DB0057F-2A36-4B8D-9520-7680F0F4FC09} (Empty Folder)
    Successfully deleted: C:\Users\Martin\AppData\Local\{8850A476-2CD4-40D0-8A3E-3D54C2EF47C9} (Empty Folder)
    Successfully deleted: C:\Users\Martin\AppData\Local\{99053D77-75E2-42BC-9787-803A9B738C3F} (Empty Folder)
    Successfully deleted: C:\Users\Martin\AppData\Local\{A6C85EBC-C691-4B8C-AFC3-A4C49EC718A4} (Empty Folder)
    Successfully deleted: C:\Users\Martin\AppData\Local\{F2A100E8-09E5-4322-AAE6-AA7D6666F8CC} (Empty Folder)
    Successfully deleted: C:\Users\Martin\AppData\Local\breakpad (Folder)
    Successfully deleted: C:\Users\Martin\Appdata\LocalLow\delta (Folder)
    Successfully deleted: C:\WINDOWS\wininit.ini (File)



    Registry: 3

    Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\Winferno Subscription Service (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0177F507-A638-4EAE-A88E-5D09F41D8713} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 22/11/2016 at 20:22:05.34
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •