Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2016 Ran by JButler (administrator) on MERISA (29-08-2016 17:07:48) Running from C:\Users\JButler\Desktop Loaded Profiles: JButler (Available Profiles: JButler & DefaultAppPool) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe (arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe (CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Dropbox, Inc.) C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe (Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe (Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\splwow64.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe (CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe (Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-02] (IDT, Inc.) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-10-22] (Atheros Commnucations) HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [716224 2016-03-23] (Autodesk, Inc.) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.) HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2014-07-30] (CANON INC.) HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4612544 2016-02-19] (iolo technologies, LLC) HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION HKLM Group Policy restriction on software: ** <====== ATTENTION HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION HKLM Group Policy restriction on software: *.png.com <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [DiamondView] => C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe [949760 2012-01-06] (Manulife Financial) HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [deskPDF Creator] => C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe [2346664 2013-11-02] (Docudesk Corporation) HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [Dropbox Update] => C:\Users\JButler\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.) HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [HP Officejet Pro X476dw MFP (NET)] => C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.) HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [HP Officejet Pro X476dw MFP (NET) #2] => C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.) HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [Google Update] => C:\Users\JButler\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-21] (Google Inc.) HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1336320 2015-11-25] (Autodesk, Inc.) HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation) HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.) HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-04-22] (Apple Inc.) HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-04-22] (Apple Inc.) HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\RunOnce: [Uninstall C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\RunOnce: [Uninstall C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\RunOnce: [Uninstall C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\RunOnce: [Uninstall C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64" HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\RunOnce: [Uninstall C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64" HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Policies\Explorer: [] HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1336320 2015-11-25] (Autodesk, Inc.) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-26] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-26] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-26] (Microsoft Corporation) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-05] (Autodesk, Inc.) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll No File ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll No File ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-26] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-26] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-26] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-08-25] ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-08-25] ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-08-25] ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.) Startup: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-23] ShortcutTarget: Dropbox.lnk -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk [2015-10-17] ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.) BootExecute: autocheck autochk * autocheck smrgdf C:\Users\JButler\AppData\Roaming\iolo\ GroupPolicy: Restriction - Chrome <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.114 Tcpip\..\Interfaces\{741988cf-45ef-475a-8565-48234b797e9e}: [DhcpNameServer] 192.168.1.254 75.153.171.114 Tcpip\..\Interfaces\{b6e2de1c-2cbb-4c2e-b03f-3ab93f3b8626}: [DhcpNameServer] 192.168.1.254 75.153.171.114 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {EDFBB4EE-982F-443F-9340-23CB4FD46E9A} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} SearchScopes: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2011-11-03] () BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-16] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-10-22] (Atheros Commnucations) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2011-11-03] () BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-16] (Oracle Corporation) BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] () Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2011-11-03] () Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKU\.DEFAULT -> No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} - No File Toolbar: HKU\.DEFAULT -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] () Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] () DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {E008A543-CEFB-4559-912F-C27C2B89F13B} hxxps://www.avdlext.com/dwa7W.cab Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2011-11-03] () Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2011-11-03] () FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-14] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-16] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-16] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin HKU\S-1-5-21-2255940260-1588004598-2344460268-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\JButler\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2255940260-1588004598-2344460268-1001: @talk.google.com/O1DPlugin -> C:\Users\JButler\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-2255940260-1588004598-2344460268-1001: @tools.google.com/Google Update;version=3 -> C:\Users\JButler\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin HKU\S-1-5-21-2255940260-1588004598-2344460268-1001: @tools.google.com/Google Update;version=9 -> C:\Users\JButler\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin HKU\S-1-5-21-2255940260-1588004598-2344460268-1001: facebook.com/fbDesktopPlugin -> C:\Users\JButler\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\JButler\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\JButler\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) Chrome: ======= CHR StartupUrls: Profile 1 -> "hxxps://www.google.ca/" CHR Profile: C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-22] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-10] CHR Extension: (Adblock Plus) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-18] CHR Extension: (IE Tab Multi (Enhance)) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea [2014-04-22] CHR Extension: (Google Voice (by Google)) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-10-10] CHR Extension: (TweetDeck Launcher) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmjdnkpkpnjblbgbnkeedepgnomafojk [2014-04-22] CHR Extension: (Google Wallet) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22] CHR Profile: C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Drive) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28] CHR Extension: (Google Search) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (Newark element14 Canada) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dmgphfdogbejgokkokppoijjkjaneomb [2016-01-21] CHR Extension: (TweetDeck by Twitter) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-09-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Extension: (Chrome Media Router) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29] CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JButler\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-16] CHR HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1231376 2016-03-23] (Autodesk Inc.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.) S4 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-12-12] (Fitbit, Inc.) [File not signed] S4 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [142336 2010-04-12] (HP) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.) S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-11-02] (Realsil Microelectronics Inc.) [File not signed] R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2014-05-15] () R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4759600 2016-02-19] (iolo technologies, LLC) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed] R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc) S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) R2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2014-03-25] (CYREN Inc.) R2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2014-03-25] (CYREN Inc.) S3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2014-03-25] (CYREN Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-22] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.) R2 AMP; C:\WINDOWS\system32\Drivers\amp.sys [174856 2014-03-25] (CYREN Inc.) R2 AMPSE; C:\WINDOWS\system32\Drivers\ampse.sys [1728776 2014-03-25] (CYREN Inc.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-17] (Advanced Micro Devices) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.) R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-09-18] (EldoS Corporation) S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed] R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [4767488 2015-10-29] (Realtek Semiconductor Corporation ) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-10-18] (HP) U3 idsvc; no ImagePath S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-29 17:07 - 2016-08-29 17:12 - 00055164 _____ C:\Users\JButler\Desktop\FRST.txt 2016-08-29 17:04 - 2016-08-29 17:06 - 02397696 _____ (Farbar) C:\Users\JButler\Desktop\FRST64.exe 2016-08-29 14:52 - 2016-08-29 14:52 - 00000000 _____ C:\WINDOWS\system32\smrgdf.txt 2016-08-29 09:43 - 2016-08-29 09:43 - 00003562 _____ C:\WINDOWS\System32\Tasks\{B9C883CF-FFE6-42AE-8B5F-5A3E67539BF0} 2016-08-29 00:28 - 2016-08-29 00:28 - 00000000 ____D C:\ProgramData\Sophos 2016-08-29 00:27 - 2016-08-29 00:27 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk 2016-08-29 00:27 - 2016-08-29 00:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2016-08-29 00:27 - 2016-08-29 00:27 - 00000000 ____D C:\Program Files (x86)\Sophos 2016-08-29 00:22 - 2016-08-29 00:24 - 151888864 _____ (Sophos Limited) C:\Users\JButler\Downloads\Sophos Virus Removal Tool.exe 2016-08-28 23:42 - 2016-08-28 23:42 - 00000408 _____ C:\WINDOWS\SysWOW64\iolo.ini 2016-08-28 23:42 - 2016-08-28 23:42 - 00000408 _____ C:\WINDOWS\system32\iolo.ini 2016-08-28 21:35 - 2016-08-28 21:35 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2016-08-28 21:34 - 2016-08-28 23:35 - 00264014 _____ C:\WINDOWS\ntbtlog.txt 2016-08-28 21:14 - 2016-08-28 21:14 - 00000000 ____D C:\ProgramData\Commtouch 2016-08-28 21:14 - 2016-08-28 21:14 - 00000000 ____D C:\Program Files\Common Files\Commtouch 2016-08-28 21:14 - 2014-03-25 15:59 - 01728776 ____R (CYREN Inc.) C:\WINDOWS\system32\Drivers\ampse.sys 2016-08-28 21:14 - 2014-03-25 15:59 - 00174856 ____R (CYREN Inc.) C:\WINDOWS\system32\Drivers\amp.sys 2016-08-28 21:08 - 2016-08-29 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC Desktop 2016-08-28 21:08 - 2016-08-29 00:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner 2016-08-28 21:08 - 2016-08-28 21:08 - 00000258 __RSH C:\Users\JButler\ntuser.pol 2016-08-28 21:06 - 2016-08-28 21:06 - 00001558 _____ C:\Users\Public\Desktop\System Mechanic Professional.lnk 2016-08-28 21:06 - 2016-02-19 07:20 - 02182248 _____ (iolo technologies, LLC) C:\WINDOWS\system32\Incinerator64.dll 2016-08-28 20:46 - 2016-08-28 20:46 - 00003312 _____ C:\WINDOWS\System32\Tasks\{E7AD7AB2-8D65-4874-822D-3B6245BD1D64} 2016-08-28 14:46 - 2016-08-28 15:21 - 00000000 ____D C:\ProgramData\b9aca1e9-2f15-1 2016-08-28 14:46 - 2016-08-28 15:21 - 00000000 ____D C:\ProgramData\b9aca1e9-0265-0 2016-08-28 14:45 - 2016-08-28 14:53 - 00000000 ____D C:\Program Files (x86)\OneSystemCare 2016-08-28 14:45 - 2016-08-28 14:45 - 00000258 __RSH C:\ProgramData\ntuser.pol 2016-08-28 14:41 - 2016-08-28 14:42 - 03904175 _____ C:\Users\JButler\Downloads\CyberLink PowerDirector 14 Crack.rar 2016-08-26 18:22 - 2016-08-26 18:22 - 00003332 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task 2016-08-26 18:20 - 2016-08-26 18:20 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Skype 2016-08-26 17:27 - 2016-08-26 17:27 - 00003224 _____ C:\WINDOWS\System32\Tasks\{590280A9-2B45-49CC-AE52-D87180C79760} 2016-08-25 22:48 - 2016-08-22 14:00 - 1675086704 _____ C:\Users\JButler\Documents\Tragically Hip Concert.mp4 2016-08-25 22:13 - 2016-08-25 22:13 - 00000000 ____D C:\Users\JButler\Documents\NeroVideo 2016-08-25 22:13 - 2016-08-25 22:13 - 00000000 ____D C:\Users\JButler\AppData\Local\Nero 2016-08-25 21:39 - 2016-08-25 21:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Nero 2016-08-25 21:38 - 2016-08-25 21:38 - 00002929 ____N C:\Users\Public\Desktop\Nero 2016.lnk 2016-08-25 21:34 - 2016-08-25 21:39 - 00000000 ____D C:\Program Files (x86)\Nero 2016-08-25 21:34 - 2016-08-25 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2016 2016-08-25 21:34 - 2016-08-25 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2016-08-25 21:19 - 2016-08-25 21:19 - 00000000 ____D C:\Users\JButler\Desktop\NERO 2016-08-25 21:05 - 2016-08-25 22:13 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Nero 2016-08-25 20:48 - 2016-08-25 22:13 - 00000000 ____D C:\ProgramData\Nero 2016-08-25 20:35 - 2016-08-25 20:35 - 00003534 _____ C:\WINDOWS\System32\Tasks\Adobe 2016-08-25 20:33 - 2016-08-25 20:37 - 00000000 ____D C:\ProgramData\Isolated Storage 2016-08-25 20:33 - 2016-08-25 20:33 - 00000000 ____D C:\Program Files (x86)\%npp.6.9.2.Installen% 2016-08-25 20:06 - 2016-08-25 20:06 - 00000000 ____D C:\Users\JButler\Documents\Tragically Hip Project 2016-08-25 20:04 - 2016-08-25 20:04 - 00000000 ____D C:\Users\JButler\.thumb 2016-08-25 19:53 - 2016-08-25 19:55 - 42062499 _____ (Thüring IT-Consulting ) C:\Users\JButler\Downloads\DVDStyler-3.0.2-win64.exe 2016-08-25 17:09 - 2016-08-25 17:12 - 55263032 _____ ( ) C:\Users\JButler\Downloads\DVD_Menus_Pack_Standard.exe 2016-08-25 17:08 - 2016-08-25 17:08 - 00000000 ____D C:\ProgramData\Wondershare 2016-08-25 16:40 - 2016-08-25 17:13 - 00000000 ____D C:\Users\JButler\Documents\Wondershare DVD Creator 2016-08-25 16:40 - 2016-08-25 16:40 - 00001267 ____N C:\Users\JButler\Desktop\Wondershare DVD Creator.lnk 2016-08-25 16:40 - 2016-08-25 16:40 - 00000000 ____D C:\Users\JButler\AppData\Local\Wondershare 2016-08-25 16:40 - 2016-08-25 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2016-08-25 16:40 - 2016-08-25 16:40 - 00000000 ____D C:\Program Files (x86)\Wondershare 2016-08-25 16:36 - 2016-08-25 21:19 - 00000000 ____D C:\Users\JButler\AppData\Local\WinZip 2016-08-25 16:36 - 2016-08-25 16:36 - 00002248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Update Notifier.lnk 2016-08-25 16:36 - 2016-08-25 16:36 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip BG Tools.lnk 2016-08-25 16:36 - 2016-08-25 16:36 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk 2016-08-25 16:36 - 2016-08-25 16:36 - 00002185 ____N C:\Users\Public\Desktop\WinZip.lnk 2016-08-25 16:36 - 2016-08-25 16:36 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 20.5 2016-08-25 16:36 - 2016-08-25 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 20.5 2016-08-25 16:36 - 2016-08-25 16:36 - 00000000 ____D C:\Program Files\WinZip 2016-08-25 16:35 - 2016-08-25 16:35 - 00000000 ____D C:\ProgramData\UniqueId 2016-08-25 16:34 - 2016-08-25 16:35 - 00706032 _____ (WinZip Computing, S.L.) C:\Users\JButler\Downloads\winzip20-home.exe 2016-08-25 13:03 - 2016-08-25 13:03 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence 2016-08-25 12:02 - 2016-08-29 17:02 - 00000296 _____ C:\WINDOWS\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D}.job 2016-08-25 12:02 - 2016-08-25 12:02 - 00002836 _____ C:\WINDOWS\System32\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D} 2016-08-25 12:02 - 2016-08-25 12:02 - 00002569 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk 2016-08-25 12:02 - 2016-08-25 12:02 - 00000000 ____D C:\Users\JButler\AppData\Roaming\{2F6919D2-0A3B-74A4-610D-5376BDDFAE48} 2016-08-25 12:02 - 2016-08-25 12:02 - 00000000 ____D C:\Users\JButler\AppData\Local\Setup1724781 2016-08-25 12:02 - 2016-08-25 12:02 - 00000000 ____D C:\Users\JButler\AppData\Local\chromium 2016-08-25 12:02 - 2016-08-25 12:02 - 00000000 ____D C:\Users\JButler\AppData\Local\{2F341968-0B9C-75D0-6604-5038426CACA0} 2016-08-25 12:01 - 2016-08-25 12:02 - 00000000 ____D C:\Users\JButler\AppData\Local\reto 2016-08-25 12:01 - 2016-08-25 12:01 - 03838492 _____ (LIGHTNING UK!) C:\Users\JButler\Downloads\SetupImgBurn_2.5.8.0.exe 2016-08-24 20:13 - 2016-08-24 20:13 - 00641460 _____ C:\Users\JButler\Downloads\OffLimitsGameitsjustlikeTabooFREEPACK.pdf 2016-08-23 18:28 - 2016-08-23 18:28 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-08-19 16:23 - 2016-08-19 17:30 - 00000000 ____D C:\Users\JButler\Documents\Comic Life 2016-08-19 16:23 - 2016-08-19 16:23 - 00001058 ____N C:\Users\Public\Desktop\Comic Life.lnk 2016-08-19 16:23 - 2016-08-19 16:23 - 00000004 __RSH C:\ProgramData\sysqcl1129139270.dat 2016-08-19 16:23 - 2016-08-19 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\plasq 2016-08-19 16:23 - 2016-08-19 16:23 - 00000000 ____D C:\Program Files (x86)\plasq 2016-08-19 16:22 - 2016-08-19 16:22 - 11770368 _____ C:\Users\JButler\Downloads\comiclife-win.exe 2016-08-16 22:12 - 2016-08-16 22:12 - 00590402 _____ C:\Users\JButler\Downloads\Dexter_-_Season_1_-_480p_-_BRRip_-_x264_-_AC3_5.1_-={SPARROW}=-.zip 2016-08-09 15:44 - 2016-08-03 05:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-08-09 15:44 - 2016-08-03 05:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-08-09 15:44 - 2016-08-03 05:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-08-09 15:44 - 2016-08-03 04:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-08-09 15:44 - 2016-08-03 04:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-08-09 15:44 - 2016-08-03 04:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2016-08-09 15:44 - 2016-08-03 04:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-08-09 15:44 - 2016-08-03 04:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-08-09 15:44 - 2016-08-03 04:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-08-09 15:44 - 2016-08-03 04:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-08-09 15:44 - 2016-08-03 04:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2016-08-09 15:44 - 2016-08-03 04:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-08-09 15:44 - 2016-08-03 04:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-08-09 15:44 - 2016-08-03 04:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-08-09 15:44 - 2016-08-03 04:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-08-09 15:44 - 2016-08-03 04:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2016-08-09 15:44 - 2016-08-03 04:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2016-08-09 15:44 - 2016-08-03 04:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-08-09 15:44 - 2016-08-03 04:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-08-09 15:44 - 2016-08-03 04:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-08-09 15:44 - 2016-08-03 04:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-08-09 15:44 - 2016-08-03 04:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-08-09 15:44 - 2016-08-03 03:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe 2016-08-09 15:44 - 2016-08-03 03:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-08-09 15:44 - 2016-08-03 03:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-08-09 15:44 - 2016-08-03 03:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll 2016-08-09 15:44 - 2016-08-03 03:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2016-08-09 15:44 - 2016-08-03 03:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-08-09 15:44 - 2016-08-03 03:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys 2016-08-09 15:44 - 2016-08-03 03:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2016-08-09 15:44 - 2016-08-03 03:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2016-08-09 15:44 - 2016-08-03 03:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll 2016-08-09 15:44 - 2016-08-03 03:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys 2016-08-09 15:44 - 2016-08-03 03:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll 2016-08-09 15:44 - 2016-08-03 03:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2016-08-09 15:44 - 2016-08-03 03:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2016-08-09 15:44 - 2016-08-03 03:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-08-09 15:44 - 2016-08-03 03:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2016-08-09 15:44 - 2016-08-03 03:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-08-09 15:44 - 2016-08-03 03:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2016-08-09 15:44 - 2016-08-03 03:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-08-09 15:44 - 2016-08-03 03:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2016-08-09 15:44 - 2016-08-03 03:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2016-08-09 15:44 - 2016-08-03 03:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2016-08-09 15:44 - 2016-08-03 03:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2016-08-09 15:44 - 2016-08-03 03:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe 2016-08-09 15:44 - 2016-08-03 03:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-08-09 15:44 - 2016-08-03 03:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-08-09 15:44 - 2016-08-03 03:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2016-08-09 15:44 - 2016-08-03 03:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-08-09 15:44 - 2016-08-03 03:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2016-08-09 15:44 - 2016-08-03 03:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-08-09 15:44 - 2016-08-03 03:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2016-08-09 15:44 - 2016-08-03 03:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-08-09 15:44 - 2016-08-03 03:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-08-09 15:44 - 2016-08-03 03:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2016-08-09 15:44 - 2016-08-03 03:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-08-09 15:44 - 2016-08-03 03:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-08-09 15:44 - 2016-08-03 03:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-08-09 15:44 - 2016-08-03 03:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-08-09 15:44 - 2016-08-03 03:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-08-09 15:44 - 2016-08-03 03:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2016-08-09 15:44 - 2016-08-03 03:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-08-09 15:44 - 2016-08-03 03:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-08-09 15:44 - 2016-08-03 03:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-08-09 15:44 - 2016-08-03 03:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2016-08-09 15:44 - 2016-08-03 03:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-08-09 15:44 - 2016-08-03 03:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-08-09 15:44 - 2016-08-03 03:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2016-08-09 15:44 - 2016-08-03 03:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-08-09 15:44 - 2016-08-02 23:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2016-08-09 15:44 - 2016-08-02 23:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-08-09 15:44 - 2016-08-02 23:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-08-09 15:44 - 2016-08-02 23:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll 2016-08-09 15:44 - 2016-08-02 23:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-08-09 15:44 - 2016-08-02 23:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-08-09 15:44 - 2016-08-02 23:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-08-09 15:44 - 2016-08-02 23:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-08-09 15:44 - 2016-08-02 23:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-08-09 15:44 - 2016-08-02 23:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-08-09 15:44 - 2016-08-02 22:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe 2016-08-09 15:44 - 2016-08-02 22:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll 2016-08-09 15:44 - 2016-08-02 22:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-08-09 15:44 - 2016-08-02 22:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll 2016-08-09 15:44 - 2016-08-02 22:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll 2016-08-09 15:44 - 2016-08-02 22:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2016-08-09 15:44 - 2016-08-02 22:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll 2016-08-09 15:44 - 2016-08-02 22:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-08-09 15:44 - 2016-08-02 22:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-08-09 15:44 - 2016-08-02 22:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe 2016-08-09 15:44 - 2016-08-02 22:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-08-09 15:44 - 2016-08-02 22:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-08-09 15:44 - 2016-08-02 22:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-08-09 15:44 - 2016-08-02 22:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-08-09 15:44 - 2016-08-02 22:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-08-09 15:44 - 2016-08-02 22:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-08-09 15:44 - 2016-08-02 22:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-08-09 15:44 - 2016-08-02 22:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-08-09 15:44 - 2016-08-02 22:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2016-08-09 15:44 - 2016-08-02 22:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-08-09 15:44 - 2016-08-02 22:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-08-09 15:44 - 2016-08-02 22:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-08-09 15:44 - 2016-08-02 22:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2016-08-09 15:44 - 2016-08-02 22:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-08-09 15:44 - 2016-08-02 22:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-08-09 15:44 - 2016-08-02 22:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-08-09 15:44 - 2016-08-02 22:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-08-09 15:44 - 2016-08-02 22:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2016-08-09 15:44 - 2016-08-02 22:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2016-08-09 15:43 - 2016-08-03 04:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-08-09 15:43 - 2016-08-03 04:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll 2016-08-09 15:43 - 2016-08-03 04:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-08-09 15:43 - 2016-08-03 04:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-08-09 15:43 - 2016-08-03 03:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-08-09 15:43 - 2016-08-03 03:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll 2016-08-09 15:43 - 2016-08-03 03:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-08-09 15:43 - 2016-08-03 03:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-08-09 15:43 - 2016-08-03 03:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-08-09 15:43 - 2016-08-03 03:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-08-09 15:43 - 2016-08-03 03:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2016-08-09 15:43 - 2016-08-03 03:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll 2016-08-09 15:43 - 2016-08-03 03:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-08-09 15:43 - 2016-08-03 03:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-08-09 15:43 - 2016-08-03 03:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-08-09 15:43 - 2016-08-03 03:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-08-09 15:43 - 2016-08-03 03:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-08-09 15:43 - 2016-08-03 03:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-08-09 15:43 - 2016-08-03 03:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-08-09 15:43 - 2016-08-03 03:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-08-09 15:43 - 2016-08-03 03:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-08-09 15:43 - 2016-08-02 22:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-08-09 15:43 - 2016-08-02 22:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll 2016-08-09 15:43 - 2016-08-02 22:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-08-09 15:43 - 2016-08-02 22:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-08-04 16:35 - 2016-08-04 16:35 - 00000082 _____ C:\Users\JButler\AppData\Roaming\mbam.context.scan 2016-07-31 13:13 - 2016-07-31 13:13 - 00000000 ____D C:\WINDOWS\system32\config\SM Registry Backup 2016-07-31 13:13 - 2016-07-31 13:13 - 00000000 ____D C:\WINDOWS\system32\config\Before Compact 2016-07-31 12:37 - 2016-07-31 12:37 - 00000000 ____D C:\WINDOWS\system32\config\Original ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-29 17:07 - 2014-04-22 11:04 - 00000000 ____D C:\FRST 2016-08-29 17:01 - 2015-11-21 11:30 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA.job 2016-08-29 16:47 - 2012-04-03 22:56 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-08-29 16:40 - 2015-03-12 17:23 - 00000000 ____D C:\Program Files (x86)\Workspace 2016-08-29 16:39 - 2015-03-12 17:23 - 00000000 ____D C:\Users\JButler\Documents\Workspace Logs 2016-08-29 16:22 - 2016-03-05 10:45 - 00000000 ____D C:\ProgramData\Freemake 2016-08-29 16:17 - 2015-06-16 17:01 - 00000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA.job 2016-08-29 16:01 - 2015-11-21 11:30 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core.job 2016-08-29 14:05 - 2014-07-29 22:36 - 00000000 ___RD C:\Users\JButler\Dropbox 2016-08-29 00:17 - 2015-06-16 17:01 - 00000874 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core.job 2016-08-29 00:01 - 2011-10-06 16:07 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{68809F62-1306-49BA-99C4-8BAF2943F43D} 2016-08-28 23:42 - 2013-10-10 13:16 - 00000392 _____ C:\WINDOWS\SysWOW64\iolo.ini.txt 2016-08-28 23:41 - 2016-06-17 16:58 - 00000000 ___RD C:\Users\JButler\iCloudDrive 2016-08-28 23:38 - 2015-12-24 06:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-08-28 23:37 - 2015-10-30 00:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI 2016-08-28 22:06 - 2011-05-17 12:59 - 00000000 ____D C:\ProgramData\WildTangent 2016-08-28 22:06 - 2011-05-17 12:59 - 00000000 ____D C:\Program Files (x86)\HP Games 2016-08-28 22:06 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-08-28 21:29 - 2016-04-15 14:00 - 00000000 ____D C:\ProgramData\CanonIJPLM 2016-08-28 21:12 - 2013-10-10 12:47 - 00000000 ____D C:\ProgramData\iolo 2016-08-28 21:08 - 2015-12-24 05:56 - 00000000 ____D C:\Users\JButler 2016-08-28 21:06 - 2013-10-10 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional 2016-08-28 21:05 - 2015-10-30 01:24 - 00000000 __RSD C:\WINDOWS\Media 2016-08-28 21:05 - 2013-12-14 15:41 - 00003222 _____ C:\WINDOWS\System32\Tasks\iolo Process Governor 2016-08-28 21:05 - 2013-12-14 15:41 - 00000000 ____D C:\ProgramData\ioloGovernor 2016-08-28 15:21 - 2015-12-25 02:46 - 00000000 ____D C:\WINDOWS\Minidump 2016-08-28 14:54 - 2016-03-09 18:43 - 00000000 ____D C:\Program Files (x86)\Raptr Inc 2016-08-28 14:53 - 2011-10-06 17:36 - 00000000 ____D C:\Program Files (x86)\Google 2016-08-28 14:45 - 2009-07-13 21:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy 2016-08-28 14:44 - 2012-11-04 12:55 - 00002295 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk 2016-08-28 14:44 - 2011-10-06 17:35 - 00000000 ___RD C:\Users\JButler\Desktop\Utilities 2016-08-28 14:28 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-08-27 11:52 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-08-27 00:35 - 2015-05-14 21:10 - 00000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJButler.job 2016-08-27 00:28 - 2016-03-10 18:58 - 00000000 ____D C:\Users\JButler\AppData\Roaming\qBittorrent 2016-08-26 18:22 - 2015-10-18 09:20 - 00002409 ____N C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-26 18:22 - 2015-01-07 18:07 - 00000000 ___RD C:\Users\JButler\OneDrive 2016-08-26 17:28 - 2016-03-03 23:41 - 00000000 ____D C:\Program Files\Handbrake 2016-08-26 16:40 - 2016-03-11 07:15 - 00007318 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-08-26 16:29 - 2015-05-14 21:10 - 00003254 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJButler 2016-08-26 15:37 - 2015-12-24 05:43 - 00545368 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-08-25 18:23 - 2015-09-29 18:56 - 00000000 ____D C:\Users\JButler\Desktop\CADD201 2016-08-25 16:37 - 2014-12-19 21:36 - 00000000 ____D C:\ProgramData\WinZip 2016-08-25 11:40 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF 2016-08-23 18:28 - 2012-06-22 15:59 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Dropbox 2016-08-22 16:56 - 2016-06-17 16:56 - 00003490 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics 2016-08-19 03:21 - 2012-09-28 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-08-13 00:57 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache 2016-08-10 18:43 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2016-08-10 18:43 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-08-09 20:01 - 2015-09-09 23:42 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-08-09 19:56 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-08-09 19:55 - 2015-10-30 03:07 - 00000000 ____D C:\Program Files\Windows Journal 2016-08-09 19:55 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-08-09 16:50 - 2013-08-21 10:21 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-08-09 16:50 - 2011-10-09 00:03 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-07-31 13:36 - 2015-12-24 06:41 - 00000000 ___DC C:\WINDOWS\Panther 2016-07-31 13:36 - 2014-08-30 16:42 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Kodi 2016-07-31 13:12 - 2015-10-30 01:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files 2016-07-31 13:12 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\Offline Web Pages ==================== Files in the root of some directories ======= 2012-10-12 11:38 - 2012-10-12 11:38 - 0000474 _____ () C:\Program Files (x86)\INSTALL.LOG 2012-10-12 11:38 - 1999-06-25 10:55 - 0149504 _____ () C:\Program Files (x86)\UNWISE.EXE 2016-08-04 16:35 - 2016-08-04 16:35 - 0000082 _____ () C:\Users\JButler\AppData\Roaming\mbam.context.scan 2012-10-05 13:45 - 2012-10-05 13:45 - 0003584 _____ () C:\Users\JButler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-03-16 14:21 - 2012-03-16 14:21 - 0000095 _____ () C:\Users\JButler\AppData\Local\fusioncache.dat 2012-10-10 12:30 - 2012-10-10 12:30 - 0000017 _____ () C:\Users\JButler\AppData\Local\resmon.resmoncfg 2016-06-04 00:55 - 2016-06-04 00:55 - 0000000 _____ () C:\Users\JButler\AppData\Local\{D4BA9573-CB99-4635-A967-719C89D162EA} 2015-08-16 13:51 - 2015-08-16 13:51 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-08-19 16:23 - 2016-08-19 16:23 - 0000004 __RSH () C:\ProgramData\sysqcl1129139270.dat Files to move or delete: ==================== C:\ProgramData\sysqcl1129139270.dat C:\Windows\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D}.job ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-29 14:34 ==================== End of FRST.txt ============================