Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Yahoo browser hijack


  • This topic is locked This topic is locked

#1
groch

groch

    Member

  • Member
  • PipPipPip
  • 180 posts
Chrome is my default browser, but two days ago I started to get yahoo as my default browser. Also got a SearchMore icon in my systray. Using Windows Defender as my anti virus. Used Malwarebytes to scan and delete discovered malware. Now anytime I try to access Google, Malwarebytes blocks potentially malicious website. I can't access the Farbar download to start this diagnostics posting without disabling Malwarebytes. I get no warning from Windows defender which is turned on. Any help would be appreciated
Thank you
Groch
  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Can yo then disable Malwarebytes and post the two farber logs, frst.txt and additions.txt
  • 0

#3
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-11-2015
Ran by Family (administrator) on OFFICE (27-11-2015 23:01:33)
Running from C:\Users\Family\Downloads
Loaded Profiles: Family (Available Profiles: Family & Rijoyce Rentals & ATK Work & Jessie & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(sonix) C:\Windows\PLF1330.exe
(Sonix) C:\Windows\vspc1330.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.5.11021.0_x64__8wekyb3d8bbwe\Solitaire.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15361.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Comodo Security Solutions) C:\Program Files\COMODO\COMODO BackUp\CBU.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [PLF1330] => C:\WINDOWS\PLF1330.exe [40960 2010-01-05] (sonix)
HKLM\...\Run: [spc1330] => C:\WINDOWS\vspc1330.exe [684032 2010-01-05] (Sonix)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803392 2015-10-09] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-05] (Google Inc.)
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [8538648 2015-11-16] (Binary Fortress Software)
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\RunOnce: [Uninstall C:\Users\Family\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Family\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64"
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-4159210540-2217699198-1934608907-1003\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-05] (Google Inc.)
HKU\S-1-5-21-4159210540-2217699198-1934608907-1003\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [8538648 2015-11-16] (Binary Fortress Software)
HKU\S-1-5-21-4159210540-2217699198-1934608907-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-4159210540-2217699198-1934608907-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-4159210540-2217699198-1934608907-1003\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77528 2015-05-16] (Intuit Inc.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [COSDriveIconOverlay] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2011-10-05] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSDriveOverlayIcon] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2011-10-05] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemInSyncIconOverlay] -> {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2011-10-05] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemModifiedIconOverlay] -> {AE67D273-7253-4236-B55E-D40055B305D6} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2011-10-05] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemNewIconOverlay] -> {022F23E9-DA0F-4A86-A728-CAF6150C0B63} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2011-10-05] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
Startup: C:\Users\ATK Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-03-11]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-02-15]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-02-15]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-02-15]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2013-03-25]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Rijoyce Rentals\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-03-05]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-4159210540-2217699198-1934608907-1000] =>  
ProxyServer: [S-1-5-21-4159210540-2217699198-1934608907-1003] =>  
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{151cf470-c66f-409c-9e84-596109b35ef5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2bae998e-b4d7-4c14-9eff-a8dd3ba5b2d9}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-4159210540-2217699198-1934608907-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-4159210540-2217699198-1934608907-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> URL hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQgMB10SEFdFbVsPVFxcFQVFcRRZV1tHDAQbc1wMWVgVFVFAch9aFQQTSEcFME0FCFwEURNNfWpdAEsSSXhMMlxzD1YG&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {5918FE3F-A4C4-49B7-94B4-305976513CFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4159210540-2217699198-1934608907-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-4159210540-2217699198-1934608907-1000 -> {5918FE3F-A4C4-49B7-94B4-305976513CFE} URL = 
SearchScopes: HKU\S-1-5-21-4159210540-2217699198-1934608907-1003 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-dlink-chromesbox-en-us
SearchScopes: HKU\S-1-5-21-4159210540-2217699198-1934608907-1003 -> {5918FE3F-A4C4-49B7-94B4-305976513CFE} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg64.dll [2011-11-21] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll [2011-11-21] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll [2013-06-15] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll [2013-06-02] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2010-10-28] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-17] (NVIDIA Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4159210540-2217699198-1934608907-1003: @citrixonline.com/appdetectorplugin -> C:\Users\Rijoyce Rentals\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-02] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Family\AppData\Roaming\mozilla\plugins\npatgpc.dll [2011-05-25] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggSdF9cAggTRxhBdwxdTA1BRwQOIQ9aVxRAGQZGdAFZBQ0VQgcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE8TkdGC1dXFg=="
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggSdF9cAggTRxhBdwxdTA1BRwQOIQ9aVxRAGQZGdAFZBQ0VQgcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE8TkdGC1dXFg=="
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQgMB10SEFdFbVsPVFxcFQVFcRRZV1tHDAQbc1wMWVgVFVFAch9aFQQTQkcFME0FBloEURNNfWpdAEsSSXhMMlxzD1YG&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAQXJl1bUFsXDFcUdVwVVQkXEBhCdlsOTAhJElAXeFhcVV0SExNBNARaAktXUUEeJ1pNER8fHGZGIUtbCXQeU1BoLlZP
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Family\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll => No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Citrix Access Gateway) - C:\Program Files\Citrix\Secure Access Client\npagee.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => No File
CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACPService; C:\Program Files (x86)\Philips\CamSuite\1.0.9.0\ACPService.exe [741376 2008-06-11] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S4 COSService.exe; C:\Program Files\COMODO\COMMON\COSService.exe [2270512 2011-10-05] (Comodo Security Solutions)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-23] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-23] (Dropbox, Inc.)
S2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [4608040 2015-11-16] (Binary Fortress Software)
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 SynchronizationService.exe; C:\Program Files\COMODO\COMMON\SynchronizationService.exe [1903920 2011-10-05] (Comodo Security Solutions)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 bdisk; C:\Windows\System32\drivers\bdisk.sys [81912 2011-10-05] (COMODO Security Solutions Inc.)
R0 CBUfs; C:\Windows\System32\drivers\CBUFS.sys [210632 2011-10-05] (COMODO Security Solutions Inc.)
R0 cbvd; C:\Windows\System32\DRIVERS\cbvd.sys [540232 2011-10-05] (COMODO Security Solutions Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 phaudlwr; C:\Windows\system32\DRIVERS\phaudlwr.sys [114608 2009-10-20] (Philips Applied Technologies)
S3 reparse; C:\Windows\System32\DRIVERS\cbreparse.sys [517560 2011-10-05] (COMODO Security Solutions Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R3 SPC1330; C:\Windows\system32\DRIVERS\spc1330.sys [3297792 2010-01-05] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 vdbus; C:\Windows\System32\drivers\vdbus.sys [677728 2011-10-05] (COMODO Security Solutions Inc.)
R3 VST64HWBS2; C:\Windows\system32\DRIVERS\VSTBS26.SYS [411136 2015-07-10] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [1485312 2015-07-10] (Conexant Systems, Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [39936 2015-07-10] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-27 23:01 - 2015-11-27 23:03 - 00033521 _____ C:\Users\Family\Downloads\FRST.txt
2015-11-27 23:01 - 2015-11-27 23:01 - 00000000 ____D C:\FRST
2015-11-27 23:00 - 2015-11-27 23:00 - 02349056 _____ (Farbar) C:\Users\Family\Downloads\FRST64.exe
2015-11-27 22:57 - 2015-11-27 22:57 - 00016148 _____ C:\WINDOWS\system32\OFFICE_Family_HistoryPrediction.bin
2015-11-27 18:44 - 2015-11-27 18:44 - 00107965 _____ C:\Users\Family\Documents\VFA-103.pptx
2015-11-27 18:44 - 2015-11-27 18:44 - 00000000 ____D C:\Users\Family\Documents\Blade trophys
2015-11-27 11:03 - 2015-11-27 22:26 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-27 11:02 - 2015-11-27 11:02 - 00001203 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-27 11:02 - 2015-11-27 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-27 11:02 - 2015-11-27 11:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-27 11:02 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-27 11:02 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-27 11:02 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-27 10:59 - 2015-11-27 11:00 - 22908888 _____ (Malwarebytes ) C:\Users\Family\Downloads\mbam-setup-org-2.2.0.1024.exe
2015-11-27 10:44 - 2015-11-27 10:44 - 04411208 _____ (Google) C:\Users\Family\Downloads\chrome_cleanup_tool (1).exe
2015-11-24 19:55 - 2015-11-24 19:55 - 00000000 ____D C:\Users\Family\Documents\FlashIntegro
2015-11-24 19:55 - 2015-11-24 19:55 - 00000000 ____D C:\Users\Family\AppData\Roaming\VideoEditor
2015-11-24 19:55 - 2015-11-24 19:55 - 00000000 ____D C:\Users\Family\AppData\Roaming\FlashIntegro
2015-11-24 19:18 - 2015-11-24 19:18 - 00000013 _____ C:\Users\Family\.pluto.tv
2015-11-24 19:17 - 2015-11-24 19:22 - 00000000 ____D C:\Users\Family\AppData\Local\PlutoTV
2015-11-24 19:17 - 2015-11-24 19:22 - 00000000 ____D C:\Program Files (x86)\Pluto TV
2015-11-24 19:16 - 2015-11-24 19:16 - 00001328 _____ C:\Users\Family\Desktop\VSDC Free Video Editor.lnk
2015-11-24 19:16 - 2015-11-24 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeVideoEditor
2015-11-24 19:15 - 2015-11-24 19:16 - 00000000 ____D C:\Program Files (x86)\FreeVideoEditor
2015-11-24 19:15 - 2014-12-09 12:21 - 00081792 _____ (Flash-Integro LLC) C:\WINDOWS\SysWOW64\mslvddsfilter2.ax
2015-11-24 19:15 - 2011-12-07 18:32 - 00216064 _____ ( ) C:\WINDOWS\SysWOW64\Lagarith.dll
2015-11-24 19:15 - 2005-08-01 18:43 - 00245760 _____ () C:\WINDOWS\SysWOW64\lame.ax
2015-11-24 19:15 - 2004-09-06 15:06 - 00053248 _____ C:\WINDOWS\SysWOW64\xvid.ax
2015-11-24 19:15 - 2004-07-03 20:08 - 00139264 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll
2015-11-24 19:15 - 2004-07-03 19:59 - 00524288 _____ C:\WINDOWS\SysWOW64\xvidcore.dll
2015-11-24 19:15 - 2004-02-04 20:11 - 00081920 _____ (fccHandler) C:\WINDOWS\SysWOW64\AC3ACM.acm
2015-11-24 19:15 - 2003-05-22 11:26 - 00638976 _____ (DivXNetworks, Inc.) C:\WINDOWS\SysWOW64\divx.dll
2015-11-24 19:15 - 2003-05-22 11:26 - 00221215 _____ (DivXNetworks, Inc.) C:\WINDOWS\SysWOW64\divxdec.ax
2015-11-24 19:15 - 2003-05-21 22:50 - 00261632 _____ (MainConcept) C:\WINDOWS\SysWOW64\mcdvd_32.dll
2015-11-24 19:15 - 2003-05-21 22:50 - 00156910 _____ C:\WINDOWS\WMSysPr8.prx
2015-11-24 19:15 - 2003-05-21 22:50 - 00082944 _____ (Voxware, Inc.) C:\WINDOWS\SysWOW64\vct3216.acm
2015-11-24 19:15 - 2003-05-21 22:50 - 00038912 _____ (NCT Company) C:\WINDOWS\SysWOW64\alf2cd.acm
2015-11-24 19:15 - 2003-05-21 22:50 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2015-11-24 19:15 - 2003-03-25 04:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\SysWOW64\L3CODECX.AX
2015-11-24 19:15 - 2002-08-19 23:41 - 00413760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg4c32.dll
2015-11-24 19:15 - 2000-03-14 19:55 - 00013239 _____ (SHARP Corporation) C:\WINDOWS\SysWOW64\Scg726.acm
2015-11-24 19:12 - 2015-11-24 19:12 - 00011873 _____ C:\Users\Family\Documents\FCLP R1.wlmp
2015-11-24 19:10 - 2015-11-24 19:11 - 30868728 _____ (Flash-Integro LLC ) C:\Users\Family\Downloads\video_editor_download.exe
2015-11-24 18:18 - 2015-11-24 18:18 - 00000000 ____D C:\Users\Family\AppData\Local\{707EA4A2-ED34-4395-9F28-3D9D662C8FE4}
2015-11-24 09:01 - 2015-11-24 09:04 - 382187627 _____ C:\Users\Family\Downloads\FCLP (1).wmv
2015-11-23 21:36 - 2015-11-23 21:40 - 382187627 _____ C:\Users\Family\Downloads\FCLP.wmv
2015-11-23 17:33 - 2015-11-23 17:33 - 00000000 ____D C:\Users\Family\AppData\Local\{458E73EE-FCD6-4DDD-8503-BFDE748C23DC}
2015-11-23 17:24 - 2015-11-23 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-23 17:22 - 2015-11-27 22:27 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-23 17:22 - 2015-11-27 17:27 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-23 17:22 - 2015-11-23 17:25 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-23 17:22 - 2015-11-23 17:22 - 00660960 _____ (Dropbox, Inc.) C:\Users\Family\Downloads\DropboxInstaller.exe
2015-11-23 17:22 - 2015-11-23 17:22 - 00003982 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2015-11-23 17:22 - 2015-11-23 17:22 - 00003750 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2015-11-22 22:14 - 2015-11-22 22:15 - 18361784 _____ (Binary Fortress Software ) C:\Users\Family\Downloads\DisplayFusionSetup-7.3.2.exe
2015-11-22 21:49 - 2015-11-22 21:49 - 00000000 ____D C:\Users\Family\AppData\Local\CEF
2015-11-22 21:46 - 2015-11-26 08:24 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-22 21:46 - 2015-11-22 21:46 - 00002152 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-22 11:46 - 2015-11-22 11:46 - 00023040 _____ C:\Users\Family\Downloads\claimDetailsRGROCH1448210785764.xls
2015-11-22 11:46 - 2015-11-22 11:46 - 00006498 _____ C:\Users\Family\Downloads\claimDetails20835732821.pdf
2015-11-11 06:30 - 2015-11-11 06:30 - 00016148 _____ C:\WINDOWS\system32\OFFICE_Rijoyce Rentals_HistoryPrediction.bin
2015-11-10 17:31 - 2015-11-05 00:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 17:31 - 2015-11-05 00:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 17:31 - 2015-11-05 00:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 17:31 - 2015-11-05 00:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 17:31 - 2015-11-05 00:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 17:31 - 2015-11-05 00:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 17:31 - 2015-11-05 00:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 17:31 - 2015-11-05 00:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 17:31 - 2015-11-04 23:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 17:31 - 2015-11-04 23:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 17:31 - 2015-11-04 23:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 17:31 - 2015-11-04 23:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 17:31 - 2015-11-04 23:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 17:31 - 2015-11-04 23:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 17:31 - 2015-11-04 23:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 17:31 - 2015-11-04 23:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 17:31 - 2015-11-04 23:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 17:31 - 2015-11-04 23:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 17:31 - 2015-11-04 23:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 17:31 - 2015-11-04 23:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 17:31 - 2015-11-04 23:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 17:31 - 2015-11-04 23:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 17:31 - 2015-11-04 23:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 17:31 - 2015-11-04 23:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 17:31 - 2015-11-04 23:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 17:31 - 2015-11-04 23:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 17:31 - 2015-11-04 23:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 17:31 - 2015-11-04 23:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 17:31 - 2015-11-04 23:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 17:31 - 2015-11-04 23:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 17:31 - 2015-11-04 23:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 17:31 - 2015-11-04 23:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 17:31 - 2015-11-04 23:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 17:31 - 2015-11-04 22:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 17:31 - 2015-11-04 22:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 17:31 - 2015-11-04 22:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 17:31 - 2015-11-04 22:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 17:31 - 2015-11-04 22:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 17:31 - 2015-11-04 22:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 17:31 - 2015-11-04 22:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 17:31 - 2015-11-04 22:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 17:31 - 2015-11-04 22:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 17:31 - 2015-11-04 22:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 17:31 - 2015-11-04 22:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 17:31 - 2015-11-04 22:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 17:31 - 2015-11-04 22:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 17:31 - 2015-11-04 22:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 17:31 - 2015-11-04 22:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 17:31 - 2015-11-04 22:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 17:31 - 2015-11-04 22:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 17:31 - 2015-11-04 22:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 17:31 - 2015-11-04 22:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 17:31 - 2015-11-04 22:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-07 16:54 - 2015-11-07 16:54 - 00001430 _____ C:\Users\Family\Downloads\Transaction.qfx
2015-11-07 16:54 - 2015-11-07 16:54 - 00000301 _____ C:\Users\Family\Downloads\Transaction.csv
2015-11-07 16:54 - 2015-11-07 16:54 - 00000000 ____D C:\Users\Family\AppData\Local\Intuit_Inc
2015-11-06 12:42 - 2015-11-06 12:42 - 00001991 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-11-06 12:42 - 2015-11-06 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-10-28 19:59 - 2015-10-28 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-10-28 19:55 - 2015-10-28 19:55 - 00001850 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-28 19:55 - 2015-10-28 19:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-28 19:53 - 2015-10-28 19:55 - 00000000 ____D C:\Program Files\iTunes
2015-10-28 19:53 - 2015-10-28 19:53 - 00000000 ____D C:\Program Files\iPod
2015-10-28 19:53 - 2015-10-28 19:53 - 00000000 ____D C:\Program Files (x86)\iTunes
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-27 23:02 - 2012-08-27 20:54 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-27 23:02 - 2011-09-23 22:50 - 00000356 _____ C:\WINDOWS\Tasks\CBU taskID 63303634257 0.job
2015-11-27 23:01 - 2015-07-10 04:05 - 00000000 ____D C:\Windows
2015-11-27 22:57 - 2011-09-23 22:50 - 00000356 _____ C:\WINDOWS\Tasks\CBU taskID 63303634228 0.job
2015-11-27 22:57 - 2011-03-05 14:00 - 00000000 ____D C:\Users\Family\Documents\Outlook Files
2015-11-27 22:33 - 2015-02-02 09:53 - 00000636 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4159210540-2217699198-1934608907-1003.job
2015-11-27 22:23 - 2011-03-05 22:35 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-27 22:07 - 2011-03-06 19:33 - 00000000 ____D C:\Users\Family\Backups
2015-11-27 22:00 - 2011-09-23 22:43 - 00000356 _____ C:\WINDOWS\Tasks\CBU taskID 63303633790 0.job
2015-11-27 22:00 - 2011-08-12 21:41 - 00000356 _____ C:\WINDOWS\Tasks\CBU taskID 63300001281 0.job
2015-11-27 21:29 - 2015-05-31 10:17 - 00000732 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4159210540-2217699198-1934608907-1003.job
2015-11-27 14:30 - 2014-11-23 08:39 - 00000000 ____D C:\Users\Family\AppData\Local\CrashDumps
2015-11-27 14:23 - 2011-03-05 22:35 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-27 12:19 - 2015-08-30 21:51 - 01009666 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-27 12:19 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2015-11-27 12:17 - 2015-04-04 11:47 - 00000000 ___RD C:\Users\Family\iCloudDrive
2015-11-27 12:17 - 2011-09-11 22:44 - 00000000 ___RD C:\Users\Family\Dropbox
2015-11-27 12:17 - 2011-09-11 22:43 - 00000000 ____D C:\Users\Family\AppData\Roaming\Dropbox
2015-11-27 12:15 - 2015-08-30 21:48 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-27 12:15 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-27 12:13 - 2015-07-10 06:06 - 00000000 ____D C:\WINDOWS\Setup
2015-11-27 12:13 - 2012-01-24 23:04 - 333183868 ____H C:\WINDOWS\cbufsscansysdmp.bin
2015-11-27 12:11 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-27 11:02 - 2013-04-28 15:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-27 11:02 - 2005-10-08 16:19 - 00000000 ____D C:\Users\Family\Documents\Word Files
2015-11-27 09:51 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-26 08:25 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-25 17:25 - 2013-05-16 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-24 19:18 - 2015-08-30 21:52 - 00000000 ____D C:\Users\Family
2015-11-23 21:48 - 2011-05-10 11:54 - 00000000 ____D C:\Users\Family\AppData\Local\Windows Live
2015-11-23 17:35 - 2015-07-07 17:23 - 00000000 ____D C:\Users\Family\AppData\Local\Dropbox
2015-11-23 17:25 - 2011-09-11 22:44 - 00001331 _____ C:\Users\Family\Desktop\Dropbox.lnk
2015-11-22 22:21 - 2012-01-08 10:36 - 00000000 ____D C:\Users\Family\Documents\DisplayFusion Backups
2015-11-22 22:19 - 2015-05-14 08:03 - 02023936 ___SH C:\Users\Family\Downloads\Thumbs.db
2015-11-22 22:19 - 2012-05-02 23:38 - 00001345 _____ C:\Users\Public\Desktop\DisplayFusion.lnk
2015-11-22 22:19 - 2011-03-13 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
2015-11-22 22:19 - 2011-03-13 12:43 - 00000000 ____D C:\Program Files (x86)\DisplayFusion
2015-11-22 21:49 - 2011-03-05 16:01 - 00000000 ____D C:\Users\Family\AppData\Local\Adobe
2015-11-22 21:47 - 2014-12-30 17:56 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-22 21:46 - 2011-03-05 16:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-22 21:46 - 2011-02-15 12:29 - 00000000 ____D C:\ProgramData\Adobe
2015-11-18 11:18 - 2015-10-11 19:53 - 00000000 ____D C:\Users\Family\Desktop\Kevin photos to Olga
2015-11-17 10:35 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-17 03:31 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-10 18:08 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-10 18:08 - 2011-03-05 13:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-10 18:00 - 2013-08-15 03:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-10 17:45 - 2011-03-05 17:45 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 13:10 - 2015-05-31 10:17 - 00003904 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-4159210540-2217699198-1934608907-1003
2015-11-10 13:10 - 2015-02-02 09:53 - 00003808 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4159210540-2217699198-1934608907-1003
2015-11-06 12:43 - 2014-09-08 14:53 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-06 12:42 - 2015-05-23 20:53 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2015-11-06 12:42 - 2011-06-19 19:12 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-11-03 13:20 - 2015-07-10 06:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 13:20 - 2015-07-10 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-28 19:59 - 2014-07-16 22:35 - 00000000 ____D C:\Users\Rijoyce Rentals\AppData\Local\CrashDumps
2015-10-28 19:53 - 2011-03-06 19:03 - 00000000 ____D C:\Program Files\Common Files\Apple
 
==================== Files in the root of some directories =======
 
2015-03-08 12:54 - 2015-03-08 12:54 - 0003584 _____ () C:\Users\Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-05 17:30 - 2011-03-05 17:30 - 0000879 _____ () C:\ProgramData\CamSuite.ini
2011-03-06 17:08 - 2011-03-06 17:08 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
 
Some files in TEMP:
====================
C:\Users\Family\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp11jiwq.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-23 08:07
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-11-2015
Ran by Family (2015-11-27 23:03:57)
Running from C:\Users\Family\Downloads
Windows 10 Home (X64) (2015-08-31 03:35:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4159210540-2217699198-1934608907-500 - Administrator - Disabled)
ATK Work (S-1-5-21-4159210540-2217699198-1934608907-1004 - Administrator - Enabled) => C:\Users\ATK Work
DefaultAccount (S-1-5-21-4159210540-2217699198-1934608907-503 - Limited - Disabled)
Family (S-1-5-21-4159210540-2217699198-1934608907-1000 - Administrator - Enabled) => C:\Users\Family
Guest (S-1-5-21-4159210540-2217699198-1934608907-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4159210540-2217699198-1934608907-1034 - Limited - Enabled)
Jessie (S-1-5-21-4159210540-2217699198-1934608907-1005 - Limited - Enabled) => C:\Users\Jessie
Rijoyce Rentals (S-1-5-21-4159210540-2217699198-1934608907-1003 - Administrator - Enabled) => C:\Users\Rijoyce Rentals
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BRC QIF to IIF Converter (HKLM-x32\...\QIF to IIF Converter) (Version: 7.27 - Big Red Consulting)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.)
Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG5500 series User Registration (HKLM-x32\...\Canon MG5500 series User Registration) (Version:  - ‭Canon Inc.)
Canon MP600 User Registration (HKLM-x32\...\Canon MP600 User Registration) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Canon Utilities Easy-PhotoPrint (HKLM-x32\...\Easy-PhotoPrint) (Version:  - )
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
COMODO BackUp (HKLM\...\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}) (Version: 4.0.6.12 - COMODO)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DisplayFusion 7.3.2 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.3.2.0 - Binary Fortress Software)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elevated Installer (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b292f4e5-60ca-4bb8-8810-e5f908c3c1ff}) (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google SketchUp 7 (HKLM-x32\...\{E5D52570-5EF1-4576-A434-6CCD92268F0F}) (Version: 2.0.10247 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
HD Writer LE 1.0 (HKLM-x32\...\{6BFDCF0D-5C60-4C5A-9A31-D5D7002E74E5}) (Version: 1.00.009.1033 - Panasonic Corporation)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.81 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Philips CamSuite (HKLM-x32\...\{E6C773DF-41C4-4A4F-B6C5-7830FF10342F}) (Version: 1.0.9.0 - Philips)
Philips SPC1330NC Webcam (HKLM-x32\...\{12F8DD7F-331C-4DA1-969B-DE8065AF6605}) (Version: 1.0.0.0 - Philips)
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.8.1 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
VSDC Free Video Editor version 3.3.0.394 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 3.3.0.394 - Flash-Integro LLC)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4159210540-2217699198-1934608907-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Family\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
 
==================== Restore Points =========================
 
19-11-2015 09:02:51 Scheduled Checkpoint
27-11-2015 10:53:12 Removed iSEEK AnswerWorks English Runtime
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03B8F1BA-9548-4D04-A69F-5024C50125AE} - System32\Tasks\G2MUploadTask-S-1-5-21-4159210540-2217699198-1934608907-1003 => C:\Users\Rijoyce Rentals\AppData\Local\Citrix\GoToMeeting\3880\g2mupload.exe [2015-11-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {07E5D756-C2D5-49C4-B9A3-E4FDA165109F} - System32\Tasks\G2MUpdateTask-S-1-5-21-4159210540-2217699198-1934608907-1003 => C:\Users\Rijoyce Rentals\AppData\Local\Citrix\GoToMeeting\3880\g2mupdate.exe [2015-11-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {09387EE3-7F87-4A04-87DF-CCCC2287C9D8} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0BC543AA-B8C4-44BB-9B38-3B19980D0DD0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {0DAAEC0F-E8F6-4B6C-B84B-23A775DD49E9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {105C4AB0-F12C-4234-BBF2-3493EC51D00D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {16DE37E3-63E9-4A09-8035-33C11D1D8CE9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {18DB85A7-C631-405D-B9B7-AE63A300D331} - System32\Tasks\{1A43782E-0C8C-4B47-9131-2AA9EB13FE5C} => pcalua.exe -a C:\Users\Family\Downloads\winsdk_web.exe -d C:\Users\Family\Downloads
Task: {1AF1B9A3-8B5D-40BB-B4BB-0BC2B8CE559F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {1F7EAAA0-42A7-4AC1-8052-F13FF42AC380} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {24D8B78B-9808-4F27-ABD9-4F1C3C20FCE8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {29B0C9BD-9D9D-4FDE-9FAA-E4CF6CF8202F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {2D9B0994-8EAB-4118-BCFE-2EB45D21A5F7} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {3D7AFDFA-D7C7-4A50-861E-860CC5739642} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3E03C1A2-C0FC-4063-999F-285353BD9B58} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {48FD6B2E-0015-4A86-979C-99B5AED2D2CF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-23] (Dropbox, Inc.)
Task: {4B754A15-7598-4252-A48B-A077A4FCEC6C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {52B24306-9524-4C0D-BEB5-71BD9099E972} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {52EA0B97-1379-4DAA-82C3-84F84897D562} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {595FC9DB-E32D-47F9-9490-4E1BF83971D3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {5E4959DB-D8A9-4832-9765-204C4EBD18AF} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-23] (Dropbox, Inc.)
Task: {5E4D056C-37FA-486A-B4AE-4F29EDA01D1F} - System32\Tasks\CBU taskID 63286252732 2 => C:\Program Files\COMODO\COMODO BackUp\CBU.exe [2011-10-05] (Comodo Security Solutions)
Task: {66196B8B-AE0C-4348-89F7-BDBAE49EA961} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {67E0B463-3C78-4F8C-97A1-879ED4B7ACB8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {6BC4E8E2-C599-4550-ACB9-B0B9EA73FA0E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {7091D338-0BAD-4076-A017-15587C10FC02} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-10] (Microsoft Corporation)
Task: {891DA446-39A7-4408-AAC5-F0353B2D5DDE} - System32\Tasks\{D24B031F-2659-4B3F-9EB2-B92B9F78D3C0} => pcalua.exe -a C:\Users\Family\Dropbox\D-Toys-DraggableDan.exe -d C:\Users\Family\Dropbox
Task: {8A2B4F35-D1E1-4F74-8B73-CAA219590BEF} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {8C6D7E1C-6F9E-4407-ACC7-80E6D66CA7B7} - System32\Tasks\CBU taskID 63303633790 0 => C:\Program Files\COMODO\COMODO BackUp\CBU.exe [2011-10-05] (Comodo Security Solutions)
Task: {97B9DF5B-3E5A-454A-8677-7E806B1F1FF6} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {97F393E3-9553-486F-8291-6DACAAF2C835} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {9BE25CBD-F928-4CD8-A2F5-08F8F9BCEB15} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A126DD0F-7218-4A19-BEF2-D44D87F1EE53} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {A330231C-A8D5-47C8-B163-31C6BD3EFBEA} - System32\Tasks\{4259CC97-CF03-4A72-AC50-EABDC61E743F} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {A57E6EB1-B80F-4F8A-9EC1-6F9B49108577} - System32\Tasks\CBU taskID 63303634257 0 => C:\Program Files\COMODO\COMODO BackUp\CBU.exe [2011-10-05] (Comodo Security Solutions)
Task: {A7599B76-2E99-4EE1-9CF6-5D7D30689C04} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-15] (Adobe Systems Incorporated)
Task: {A869BD8F-A086-401E-868A-9B78E400C72C} - System32\Tasks\CBU taskID 63303634228 0 => C:\Program Files\COMODO\COMODO BackUp\CBU.exe [2011-10-05] (Comodo Security Solutions)
Task: {A8B6C844-7E59-4191-B900-D66C3C3D2CA9} - System32\Tasks\{80329D4F-804E-4E14-B2A9-8E227199890B} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {A9547D6C-608C-45A7-B607-C43C9D9EF952} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A972EF7D-7E9F-4210-AA71-7513C2F01B50} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {AA5DB05A-7FF6-47ED-928E-1B53AFC84FDD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {B373866E-FA14-4A98-8E2B-3BDB2FC66B6C} - System32\Tasks\CBU taskID 63300001620 1 => C:\Program Files\COMODO\COMODO BackUp\CBU.exe [2011-10-05] (Comodo Security Solutions)
Task: {B38AC0BB-2FB8-4AEE-A5BB-AA303D9CFAFC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {B5B924FC-E1F9-4A55-8EF7-4C28DEFE38C5} - System32\Tasks\{2BA83EF1-7CC3-4A34-BCEA-E5CD780AA0A4} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {BDB96390-1945-48D9-B2C1-918D9B28EF3A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C079BE3A-65FD-4B8C-B046-4ACBDE21C419} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C657273E-DBFF-47B7-B024-F4821B50068E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C94C04B6-E4C1-4931-BCF7-D531B2F8C641} - \Google Software Updater -> No File <==== ATTENTION
Task: {CBB225DA-3EBF-425C-A135-B077D909B933} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {D4D596CC-A1AE-4680-8B72-28B56D883586} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe
Task: {D7B4A46B-51B1-46AE-9D1C-E58BCA0EC230} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {D9262F06-C3E3-4C4A-9717-30EDF635BB4A} - System32\Tasks\CBU taskID 63300001281 0 => C:\Program Files\COMODO\COMODO BackUp\CBU.exe [2011-10-05] (Comodo Security Solutions)
Task: {DA93BA52-1203-4E37-A514-746463C53DC4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DEE2C1D8-3A8A-4FA6-96EA-7B89B47695D9} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DF4ACAFA-BBEB-4933-9A1C-E4E3D4F529C4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {DFC2F6F3-FB26-4538-833B-9D06A0142DA8} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {F1CD2E2A-ECC7-4BC0-9ACD-7FED897EB704} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {F3E39BCF-7536-4388-A1E0-13322E2E07E2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {F9C19D0D-C61E-40B8-B9AB-0BE02CD186FB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {FD3A7CF3-4C14-4DDB-8B7C-DC2F565955A8} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-10-29] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CBU taskID 63286252732 2.job => C:\Program Files\COMODO\COMODO BackUp\CBU.exe
Task: C:\WINDOWS\Tasks\CBU taskID 63300001281 0.job => C:\Program Files\COMODO\COMODO BackUp\CBU.exe
Task: C:\WINDOWS\Tasks\CBU taskID 63300001620 1.job => C:\Program Files\COMODO\COMODO BackUp\CBU.exe
Task: C:\WINDOWS\Tasks\CBU taskID 63303633790 0.job => C:\Program Files\COMODO\COMODO BackUp\CBU.exe
Task: C:\WINDOWS\Tasks\CBU taskID 63303634228 0.job => C:\Program Files\COMODO\COMODO BackUp\CBU.exe
Task: C:\WINDOWS\Tasks\CBU taskID 63303634257 0.job => C:\Program Files\COMODO\COMODO BackUp\CBU.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4159210540-2217699198-1934608907-1003.job => C:\Users\Rijoyce Rentals\AppData\Local\Citrix\GoToMeeting\3880\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4159210540-2217699198-1934608907-1003.job => C:\Users\Rijoyce Rentals\AppData\Local\Citrix\GoToMeeting\3880\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-31 01:41 - 2015-08-31 01:41 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-30 21:48 - 2015-08-17 19:07 - 00115376 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-03-24 14:24 - 2009-11-05 07:40 - 00085504 _____ () C:\WINDOWS\System32\cpwmon64.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-31 02:09 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-01 10:32 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 10:32 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-10-01 10:32 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-01 10:32 - 2015-09-17 00:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 10:31 - 2015-09-17 00:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 10:31 - 2015-09-17 00:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 10:32 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-11-10 07:32 - 2015-11-10 07:33 - 00173056 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.5.11021.0_x64__8wekyb3d8bbwe\CellNativeClientUniversal.dll
2015-11-21 12:22 - 2015-11-21 12:22 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-11-21 12:22 - 2015-11-21 12:22 - 11526656 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-19 17:17 - 2015-11-19 17:17 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2011-10-05 15:05 - 2011-10-05 15:05 - 01048880 _____ () C:\Program Files\COMODO\COMODO BackUp\CSCDll.dll
2011-10-05 15:05 - 2011-10-05 15:05 - 01506096 _____ () C:\Program Files\COMODO\COMODO BackUp\LIBEAY32.dll
2011-10-05 15:05 - 2011-10-05 15:05 - 00336176 _____ () C:\Program Files\COMODO\COMODO BackUp\SSLEAY32.dll
2011-10-05 15:05 - 2011-10-05 15:05 - 00789808 _____ () C:\Program Files\COMODO\COMODO BackUp\UtilsDll.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-13 04:46 - 2015-10-13 04:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-23 17:24 - 2015-11-04 18:44 - 00166416 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2015-11-27 12:17 - 2015-11-27 12:17 - 00071168 _____ () c:\users\family\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp11jiwq.dll
2015-11-23 17:24 - 2015-09-02 19:11 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-11-23 17:24 - 2015-09-02 19:11 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-11-23 17:24 - 2015-09-02 19:11 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-11-23 17:24 - 2015-09-02 19:11 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-11 04:25 - 2015-11-06 23:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 04:25 - 2015-11-06 23:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\intuit.com -> hxxps://ttlc.intuit.com
IE restricted site: HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\intellitxt.com -> intellitxt.com
IE restricted site: HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\vibrantmedia.com -> vibrantmedia.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Family\AppData\Local\DisplayFusion\Wallpaper_2.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ACPService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: avast! Antivirus => 2
MSCONFIG\Services: COSService.exe => 2
MSCONFIG\Services: DisplayFusionService => 2
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RoxMediaDB12OEM => 3
MSCONFIG\Services: RoxWatch12 => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: SynchronizationService.exe => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HD Writer.lnk => C:\Windows\pss\HD Writer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SpywareGuard.lnk => C:\Windows\pss\SpywareGuard.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DisplayFusion => "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
MSCONFIG\startupreg: PLF1330 => C:\Windows\PLF1330.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SPC1330 => C:\Windows\vspc1330.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{31A915D1-1238-4F86-99BC-2DFAE08B22F6}] => (Allow) C:\Users\Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [UDP Query User{EE19E095-1D6A-440A-A6A8-C54D5B6AD459}C:\windows\system32\wfs.exe] => (Block) C:\windows\system32\wfs.exe
FirewallRules: [TCP Query User{6BF2B809-D524-4A3A-9483-0F1CEFEE317B}C:\windows\system32\wfs.exe] => (Block) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{92B9C6A8-9B5C-4EEC-9496-948A3FCECC1E}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{59B93A21-9CBF-423B-851F-7CC8027F62FE}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{9BDF68F7-2938-4603-88CE-5257CBD9C9E0}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{426ACCD4-870C-4BF3-9A71-40F65B97EBB7}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{BDE8242A-9082-417C-BB2A-43CEA7A39288}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{1F4E5F2F-F62F-46A2-81B6-E993023D598D}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{71600017-A015-45C4-BB38-0B103AA2AAAB}C:\users\family\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\family\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{96193F53-7777-4DCE-9D97-BD3EC0616810}C:\users\family\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\family\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{EE03F43C-D1D4-4082-AB79-6D93D4A855BC}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [TCP Query User{CBC7DEA4-0785-4ED1-9C4C-E603EFDEA237}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [{E32512F2-5944-455B-80EA-332FD7CD6273}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{A518C1AD-BBEE-48A3-A9E9-848C8637E41D}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [UDP Query User{FF29653A-2670-4AE7-A24A-C4A4CB25B0CA}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{D32A81B3-83C7-477F-AC01-FA80B42DB0A8}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{A9C3C6D1-89AD-4004-823E-0C4037FC3962}] => (Allow) LPort=7000
FirewallRules: [{1B6F2550-5A93-405D-8B09-A35A3033C1DD}] => (Allow) LPort=7000
FirewallRules: [{660CAAAC-46A8-499E-AA54-F434DA8E11F3}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{807ACD5C-8184-436D-8283-745DD1074DB6}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{06328C4F-68AA-4FB3-BC75-96421FEB151C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{743009DC-6FC3-40CE-8954-1D7E77F27E4E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{EEA0B453-B9F3-4AB6-96A0-26BDFE76F3DA}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{DEA9F3AA-9F4E-4C37-9248-BC45F7F8638E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{611B30BD-662B-4765-BC0D-A34302EB9A92}] => (Allow) LPort=1900
FirewallRules: [{9FB5337D-8B0E-4DE3-BF95-C26F200C8CEA}] => (Allow) LPort=2869
FirewallRules: [{D3E5ADA1-BFCE-4C7E-AE38-F2FAF7E6E399}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DB9EDCB4-A2D6-4832-B0C9-9CF505A4342D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3A02B0FD-8A38-4C8B-AE55-5307207D73BB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A0047DB-0B10-47EA-864C-2FF4F85A5E4C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5849C8CE-B4AE-4D64-A56C-6EC17E84D145}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1EA04A7-5D7A-4F29-976B-A6D9C0216179}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{65F31207-9499-443D-859C-382BEE71AAC3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{36967E05-A00A-40EE-8127-16D0F1896CE0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{20647B1A-BD98-4D6C-88AC-B3B3B6153ED3}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{8E5463F4-0F31-4379-BA1A-D687298546BB}] => (Allow) C:\Program Files (x86)\FreeVideoEditor\VideoEditor\VideoEditor.exe
FirewallRules: [{76346D19-CBB1-4D5E-A729-177C3FB89C45}] => (Allow) C:\Program Files (x86)\FreeVideoEditor\VideoEditor\VideoEditor.exe
FirewallRules: [{B66E04BE-0DFD-4186-A5D6-E45F33629022}] => (Allow) C:\Program Files (x86)\FreeVideoEditor\VideoEditor\Updater.exe
FirewallRules: [{1F906B07-1F46-4002-BE24-07CFE3DB83A1}] => (Allow) C:\Program Files (x86)\FreeVideoEditor\VideoEditor\Updater.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/27/2015 10:18:34 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
   Writer Name: MSMQ Writer (MSMQ)
   Writer Instance Name: MSMQ Writer (MSMQ)
   Writer Instance ID: {1b766c22-94a5-4552-ae17-5c9b46987313}
 
Error: (11/27/2015 10:18:34 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b7c546cf-cdb1-48e6-aa86-67ac1512bb68}
 
Error: (11/27/2015 02:30:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 15.1120.13270.0, time stamp: 0x564f95c1
Faulting module name: SharedLibrary.dll, version: 1.0.23115.1, time stamp: 0x55a642fb
Exception code: 0x80004003
Fault offset: 0x00000000003f5317
Faulting process id: 0x1ce8
Faulting application start time: 0xMicrosoft.Photos.exe0
Faulting application path: Microsoft.Photos.exe1
Faulting module path: Microsoft.Photos.exe2
Report Id: Microsoft.Photos.exe3
Faulting package full name: Microsoft.Photos.exe4
Faulting package-relative application ID: Microsoft.Photos.exe5
 
Error: (11/27/2015 11:03:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Exception code: 0xc0000005
Fault offset: 0x001e7650
Faulting process id: 0x3188
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5
 
Error: (11/27/2015 10:53:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (11/26/2015 10:27:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5625
 
Error: (11/26/2015 10:27:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5625
 
Error: (11/26/2015 10:27:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/26/2015 10:27:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3921
 
Error: (11/26/2015 10:27:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3921
 
 
System errors:
=============
Error: (11/27/2015 04:28:15 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.
 
Error: (11/27/2015 00:18:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (11/27/2015 00:15:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error: 
%%1053
 
Error: (11/27/2015 00:15:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.
 
Error: (11/27/2015 00:15:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DisplayFusionService service failed to start due to the following error: 
%%1053
 
Error: (11/27/2015 00:15:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the DisplayFusionService service to connect.
 
Error: (11/27/2015 00:15:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: 
%%1058
 
Error: (11/27/2015 00:11:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/27/2015 00:11:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/27/2015 00:11:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2015-11-27 23:06:45.009
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-27 23:06:44.935
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-26 09:30:05.992
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-26 09:30:05.902
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-26 09:30:03.451
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-26 09:30:03.185
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-25 07:33:29.992
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-24 10:05:01.010
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-24 10:05:00.982
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-24 10:04:46.454
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 54%
Total physical RAM: 4094.98 MB
Available physical RAM: 1845.13 MB
Total Virtual: 8190.98 MB
Available Virtual: 5018.83 MB
 
==================== Drives ================================
 
Drive c: (OS Primary 750 GB Hard Drive) (Fixed) (Total:684.79 GB) (Free:502.63 GB) NTFS
Drive e: (WD 1 TB External HD (Backup)) (Fixed) (Total:931.51 GB) (Free:567.96 GB) NTFS
Drive f: (Hitachi 250 GB 2nd Hard Drive) (Fixed) (Total:232.88 GB) (Free:175.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=684.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 2B382B37)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0029116E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Hello,


Download the enclosed Attached File  fixlist.txt   2.83KB   129 downloads Save it in the location FRST64 is.=>(C:\Users\Family\Downloads)<= Run FRST64 and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST64 is,=>(C:\Users\Family\Downloads)<= (Fixlog.txt). Please post it to your reply.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    In your next reply post;
  • Fixlog.txt
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

  • 0

#5
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

Ran all three.   Log files attached.  When I go into Chrome to get to the Geeks To Go website, to post these log files, I am still getting the Yahoo page, although the Google page comes up first for a brief second before going to Yahoo. The FARBAR fix asked to insert a disk into Drive G.   I have no idea what disk to insert into Drive G, so I hit cancel for that request.  FARBAR then ran to completion.   The AdwCleaner created two logfiles [S1] and [C1], not a [S0], I believe because I forgot to disable WIndows Defender antivirus before initiating AdwCleaner.  When I realized my mistake, I exited out of the AdwCleaner, disabled Windows Defender and re-ran AdwCleaner,   I am attaching the [S1] log file, there is no [S0] file.   My apologies if I've messed this up.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-11-2015
Ran by Family (2015-11-28 09:58:59) Run:1
Running from C:\Users\Family\Downloads
Loaded Profiles: Family (Available Profiles: Family & Rijoyce Rentals & ATK Work & Jessie & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION 
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> URL hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQgMB10SEFdFbVsPVFxcFQVFcRRZV1tHDAQbc1wMWVgVFVFAch9aFQQTSEcFME0FCFwEURNNfWpdAEsSSXhMMlxzD1YG&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {5918FE3F-A4C4-49B7-94B4-305976513CFE} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4159210540-2217699198-1934608907-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-4159210540-2217699198-1934608907-1000 -> {5918FE3F-A4C4-49B7-94B4-305976513CFE} URL = 
SearchScopes: HKU\S-1-5-21-4159210540-2217699198-1934608907-1003 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-dlink-chromesbox-en-us
SearchScopes: HKU\S-1-5-21-4159210540-2217699198-1934608907-1003 -> {5918FE3F-A4C4-49B7-94B4-305976513CFE} URL = 
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggSdF9cAggTRxhBdwxdTA1BRwQOIQ9aVxRAGQZGdAFZBQ0VQgcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE8TkdGC1dXFg=="
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggSdF9cAggTRxhBdwxdTA1BRwQOIQ9aVxRAGQZGdAFZBQ0VQgcFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlE8TkdGC1dXFg=="
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQgMB10SEFdFbVsPVFxcFQVFcRRZV1tHDAQbc1wMWVgVFVFAch9aFQQTQkcFME0FBloEURNNfWpdAEsSSXhMMlxzD1YG&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAQXJl1bUFsXDFcUdVwVVQkXEBhCdlsOTAhJElAXeFhcVV0SExNBNARaAktXUUEeJ1pNER8fHGZGIUtbCXQeU1BoLlZP
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
Task: {C94C04B6-E4C1-4931-BCF7-D531B2F8C641} - \Google Software Updater -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
 CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
 
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{5918FE3F-A4C4-49B7-94B4-305976513CFE}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5918FE3F-A4C4-49B7-94B4-305976513CFE} => key not found. 
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5918FE3F-A4C4-49B7-94B4-305976513CFE}" => key removed successfully
HKCR\CLSID\{5918FE3F-A4C4-49B7-94B4-305976513CFE} => key not found. 
HKU\S-1-5-21-4159210540-2217699198-1934608907-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => key not found. 
HKCR\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => key not found. 
HKU\S-1-5-21-4159210540-2217699198-1934608907-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5918FE3F-A4C4-49B7-94B4-305976513CFE} => key not found. 
HKCR\CLSID\{5918FE3F-A4C4-49B7-94B4-305976513CFE} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
Chrome RestoreOnStartup => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultNewTabURL => removed successfully
idsvc => service removed successfully
wfpcapture => service removed successfully
wpcsvc => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C94C04B6-E4C1-4931-BCF7-D531B2F8C641}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C94C04B6-E4C1-4931-BCF7-D531B2F8C641}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Google Software Updater => key not found. 
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 7.6 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 10:15:31 ====
 
# AdwCleaner v5.022 - Logfile created 28/11/2015 at 10:44:08
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Family - OFFICE
# Running from : C:\Users\Family\Desktop\adwcleaner_5.022.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\ATK Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
 
***** [ Files ] *****
 
File Found : C:\Users\Rijoyce Rentals\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Rijoyce Rentals\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Rijoyce Rentals\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Rijoyce Rentals\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKCU\Software\YahooPartnerToolbar
 
***** [ Web browsers ] *****
 
[C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : searchinterneat-a.akamaihd.net
[C:\Users\Rijoyce Rentals\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Rijoyce Rentals\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\ATK Work\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\ATK Work\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\ATK Work\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : mcbkbpnkkkipelfledbfocopglifcfmi
 
*************************
 
C:\AdwCleaner[R1].txt - [1524 bytes] - [30/04/2013 16:52:22]
C:\AdwCleaner[R2].txt - [1584 bytes] - [30/04/2013 16:53:23]
C:\AdwCleaner[S1].txt - [1499 bytes] - [30/04/2013 16:54:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2764 bytes] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64 
Ran by Family (Administrator) on Sat 11/28/2015 at 12:01:31.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/28/2015 at 12:07:00.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Hello,

Looks like you did things correctly, the log file you posted for adwCleaner is the scan only log, as long as you ran the Clean option that's ok, the clean option is what removes the files and creates the [SO.txt] log.

Lets run a Malwarebytes scan, you already have it installed so you may skip the download part of the instructions;
 
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

  • 0

#7
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

Here's the AdwCleaner [C] logfile.   I'll run the Malwarebyetes and post it.

Thank you

 

# AdwCleaner v5.022 - Logfile created 28/11/2015 at 11:42:23
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Family - OFFICE
# Running from : C:\Users\Family\Desktop\adwcleaner_5.022.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\ATK Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Rijoyce Rentals\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\Rijoyce Rentals\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Rijoyce Rentals\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Rijoyce Rentals\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : searchinterneat-a.akamaihd.net
[-] [C:\Users\Rijoyce Rentals\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Rijoyce Rentals\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\ATK Work\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\ATK Work\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\ATK Work\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mcbkbpnkkkipelfledbfocopglifcfmi
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner[R1].txt - [1524 bytes] - [30/04/2013 16:52:22]
C:\AdwCleaner[R2].txt - [1584 bytes] - [30/04/2013 16:53:23]
C:\AdwCleaner[S1].txt - [1499 bytes] - [30/04/2013 16:54:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2964 bytes] ##########

  • 0

#8
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/28/2015
Scan Time: 1:43 PM
Logfile: MBAM logfile.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.28.04
Rootkit Database: v2015.11.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Family
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 591909
Time Elapsed: 52 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Hello,

Reset your Chrome browser settings
1.In the top-right corner of the browser window, click the Chrome menu
2.Select Settings.
3.At the bottom, click Show advanced settings.
4.Under the section "Reset settings,” click Reset settings.
5.In the dialog that appears, click Reset.

Resetting your browser settings will reset the unwanted changes caused by installing other programs. However, your saved bookmarks and passwords will not be cleared or changed.

Next

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#10
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-11-2015
Ran by Family (administrator) on OFFICE (28-11-2015 16:54:00)
Running from C:\Users\Family\Downloads
Loaded Profiles: Family (Available Profiles: Family & Rijoyce Rentals & ATK Work & Jessie & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15361.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.5.11021.0_x64__8wekyb3d8bbwe\Solitaire.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [PLF1330] => C:\WINDOWS\PLF1330.exe [40960 2010-01-05] (sonix)
HKLM\...\Run: [spc1330] => C:\WINDOWS\vspc1330.exe [684032 2010-01-05] (Sonix)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803392 2015-10-09] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-05] (Google Inc.)
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [8538648 2015-11-16] (Binary Fortress Software)
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\RunOnce: [Uninstall C:\Users\Family\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Family\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64"
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [COSDriveIconOverlay] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2011-10-05] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSDriveOverlayIcon] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2011-10-05] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemInSyncIconOverlay] -> {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2011-10-05] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemModifiedIconOverlay] -> {AE67D273-7253-4236-B55E-D40055B305D6} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2011-10-05] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemNewIconOverlay] -> {022F23E9-DA0F-4A86-A728-CAF6150C0B63} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2011-10-05] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
Startup: C:\Users\ATK Work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-03-11]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-02-15]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-02-15]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2011-02-15]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2013-03-25]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Rijoyce Rentals\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-03-05]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{151cf470-c66f-409c-9e84-596109b35ef5}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2bae998e-b4d7-4c14-9eff-a8dd3ba5b2d9}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg64.dll [2011-11-21] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-03] (Oracle Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-03] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll [2013-06-15] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll [2013-06-02] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll [2013-06-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2010-10-28] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-17] (NVIDIA Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Family\AppData\Roaming\mozilla\plugins\npatgpc.dll [2011-05-25] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\Family\AppData\Roaming\Mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll => No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Citrix Access Gateway) - C:\Program Files\Citrix\Secure Access Client\npagee.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => No File
CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ACPService; C:\Program Files (x86)\Philips\CamSuite\1.0.9.0\ACPService.exe [741376 2008-06-11] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S4 COSService.exe; C:\Program Files\COMODO\COMMON\COSService.exe [2270512 2011-10-05] (Comodo Security Solutions)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-23] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-23] (Dropbox, Inc.)
S2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [4608040 2015-11-16] (Binary Fortress Software)
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 SynchronizationService.exe; C:\Program Files\COMODO\COMMON\SynchronizationService.exe [1903920 2011-10-05] (Comodo Security Solutions)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 bdisk; C:\Windows\System32\drivers\bdisk.sys [81912 2011-10-05] (COMODO Security Solutions Inc.)
R0 CBUfs; C:\Windows\System32\drivers\CBUFS.sys [210632 2011-10-05] (COMODO Security Solutions Inc.)
R0 cbvd; C:\Windows\System32\DRIVERS\cbvd.sys [540232 2011-10-05] (COMODO Security Solutions Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-28] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 phaudlwr; C:\Windows\system32\DRIVERS\phaudlwr.sys [114608 2009-10-20] (Philips Applied Technologies)
S3 reparse; C:\Windows\System32\DRIVERS\cbreparse.sys [517560 2011-10-05] (COMODO Security Solutions Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R3 SPC1330; C:\Windows\system32\DRIVERS\spc1330.sys [3297792 2010-01-05] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 vdbus; C:\Windows\System32\drivers\vdbus.sys [677728 2011-10-05] (COMODO Security Solutions Inc.)
R3 VST64HWBS2; C:\Windows\system32\DRIVERS\VSTBS26.SYS [411136 2015-07-10] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [1485312 2015-07-10] (Conexant Systems, Inc.)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [39936 2015-07-10] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-28 16:51 - 2015-11-28 16:51 - 00016148 _____ C:\WINDOWS\system32\OFFICE_Family_HistoryPrediction.bin
2015-11-28 16:42 - 2015-11-28 16:42 - 00001048 _____ C:\Users\Family\Downloads\MBAM logfile.txt
2015-11-28 12:40 - 2015-11-28 12:40 - 00002898 _____ C:\Users\Family\Downloads\fixlist.txt
2015-11-28 12:07 - 2015-11-28 12:07 - 00000712 _____ C:\Users\Family\Desktop\JRT.txt
2015-11-28 11:55 - 2015-11-28 11:55 - 01599336 _____ (Malwarebytes) C:\Users\Family\Downloads\JRT.exe
2015-11-28 10:44 - 2015-11-28 11:42 - 00000000 ____D C:\AdwCleaner
2015-11-28 10:37 - 2015-11-28 10:38 - 01733632 _____ C:\Users\Family\Desktop\adwcleaner_5.022.exe
2015-11-28 09:58 - 2015-11-28 10:15 - 00008321 _____ C:\Users\Family\Downloads\Fixlog.txt
2015-11-27 23:03 - 2015-11-27 23:07 - 00054538 _____ C:\Users\Family\Downloads\Addition.txt
2015-11-27 23:01 - 2015-11-28 16:54 - 00028140 _____ C:\Users\Family\Downloads\FRST.txt
2015-11-27 23:01 - 2015-11-28 16:54 - 00000000 ____D C:\FRST
2015-11-27 23:00 - 2015-11-27 23:00 - 02349056 _____ (Farbar) C:\Users\Family\Downloads\FRST64.exe
2015-11-27 18:44 - 2015-11-27 18:44 - 00107965 _____ C:\Users\Family\Documents\VFA-103.pptx
2015-11-27 18:44 - 2015-11-27 18:44 - 00000000 ____D C:\Users\Family\Documents\Blade trophys
2015-11-27 11:03 - 2015-11-28 16:43 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-27 11:02 - 2015-11-27 11:02 - 00001203 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-27 11:02 - 2015-11-27 11:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-27 11:02 - 2015-11-27 11:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-27 11:02 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-27 11:02 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-27 11:02 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-27 10:59 - 2015-11-27 11:00 - 22908888 _____ (Malwarebytes ) C:\Users\Family\Downloads\mbam-setup-org-2.2.0.1024.exe
2015-11-27 10:44 - 2015-11-27 10:44 - 04411208 _____ (Google) C:\Users\Family\Downloads\chrome_cleanup_tool (1).exe
2015-11-24 19:55 - 2015-11-24 19:55 - 00000000 ____D C:\Users\Family\Documents\FlashIntegro
2015-11-24 19:55 - 2015-11-24 19:55 - 00000000 ____D C:\Users\Family\AppData\Roaming\VideoEditor
2015-11-24 19:55 - 2015-11-24 19:55 - 00000000 ____D C:\Users\Family\AppData\Roaming\FlashIntegro
2015-11-24 19:18 - 2015-11-24 19:18 - 00000013 _____ C:\Users\Family\.pluto.tv
2015-11-24 19:17 - 2015-11-24 19:22 - 00000000 ____D C:\Users\Family\AppData\Local\PlutoTV
2015-11-24 19:17 - 2015-11-24 19:22 - 00000000 ____D C:\Program Files (x86)\Pluto TV
2015-11-24 19:16 - 2015-11-24 19:16 - 00001328 _____ C:\Users\Family\Desktop\VSDC Free Video Editor.lnk
2015-11-24 19:16 - 2015-11-24 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeVideoEditor
2015-11-24 19:15 - 2015-11-24 19:16 - 00000000 ____D C:\Program Files (x86)\FreeVideoEditor
2015-11-24 19:15 - 2014-12-09 12:21 - 00081792 _____ (Flash-Integro LLC) C:\WINDOWS\SysWOW64\mslvddsfilter2.ax
2015-11-24 19:15 - 2011-12-07 18:32 - 00216064 _____ ( ) C:\WINDOWS\SysWOW64\Lagarith.dll
2015-11-24 19:15 - 2005-08-01 18:43 - 00245760 _____ () C:\WINDOWS\SysWOW64\lame.ax
2015-11-24 19:15 - 2004-09-06 15:06 - 00053248 _____ C:\WINDOWS\SysWOW64\xvid.ax
2015-11-24 19:15 - 2004-07-03 20:08 - 00139264 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll
2015-11-24 19:15 - 2004-07-03 19:59 - 00524288 _____ C:\WINDOWS\SysWOW64\xvidcore.dll
2015-11-24 19:15 - 2004-02-04 20:11 - 00081920 _____ (fccHandler) C:\WINDOWS\SysWOW64\AC3ACM.acm
2015-11-24 19:15 - 2003-05-22 11:26 - 00638976 _____ (DivXNetworks, Inc.) C:\WINDOWS\SysWOW64\divx.dll
2015-11-24 19:15 - 2003-05-22 11:26 - 00221215 _____ (DivXNetworks, Inc.) C:\WINDOWS\SysWOW64\divxdec.ax
2015-11-24 19:15 - 2003-05-21 22:50 - 00261632 _____ (MainConcept) C:\WINDOWS\SysWOW64\mcdvd_32.dll
2015-11-24 19:15 - 2003-05-21 22:50 - 00156910 _____ C:\WINDOWS\WMSysPr8.prx
2015-11-24 19:15 - 2003-05-21 22:50 - 00082944 _____ (Voxware, Inc.) C:\WINDOWS\SysWOW64\vct3216.acm
2015-11-24 19:15 - 2003-05-21 22:50 - 00038912 _____ (NCT Company) C:\WINDOWS\SysWOW64\alf2cd.acm
2015-11-24 19:15 - 2003-05-21 22:50 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2015-11-24 19:15 - 2003-03-25 04:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\WINDOWS\SysWOW64\L3CODECX.AX
2015-11-24 19:15 - 2002-08-19 23:41 - 00413760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg4c32.dll
2015-11-24 19:15 - 2000-03-14 19:55 - 00013239 _____ (SHARP Corporation) C:\WINDOWS\SysWOW64\Scg726.acm
2015-11-24 19:12 - 2015-11-24 19:12 - 00011873 _____ C:\Users\Family\Documents\FCLP R1.wlmp
2015-11-24 19:10 - 2015-11-24 19:11 - 30868728 _____ (Flash-Integro LLC ) C:\Users\Family\Downloads\video_editor_download.exe
2015-11-24 09:01 - 2015-11-24 09:04 - 382187627 _____ C:\Users\Family\Downloads\FCLP (1).wmv
2015-11-23 21:36 - 2015-11-23 21:40 - 382187627 _____ C:\Users\Family\Downloads\FCLP.wmv
2015-11-23 17:24 - 2015-11-23 17:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-23 17:22 - 2015-11-28 15:27 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-23 17:22 - 2015-11-28 11:48 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-23 17:22 - 2015-11-23 17:25 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-23 17:22 - 2015-11-23 17:22 - 00660960 _____ (Dropbox, Inc.) C:\Users\Family\Downloads\DropboxInstaller.exe
2015-11-23 17:22 - 2015-11-23 17:22 - 00003982 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2015-11-23 17:22 - 2015-11-23 17:22 - 00003750 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2015-11-22 22:14 - 2015-11-22 22:15 - 18361784 _____ (Binary Fortress Software ) C:\Users\Family\Downloads\DisplayFusionSetup-7.3.2.exe
2015-11-22 21:49 - 2015-11-22 21:49 - 00000000 ____D C:\Users\Family\AppData\Local\CEF
2015-11-22 21:46 - 2015-11-26 08:24 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-22 21:46 - 2015-11-22 21:46 - 00002152 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-22 11:46 - 2015-11-22 11:46 - 00023040 _____ C:\Users\Family\Downloads\claimDetailsRGROCH1448210785764.xls
2015-11-22 11:46 - 2015-11-22 11:46 - 00006498 _____ C:\Users\Family\Downloads\claimDetails20835732821.pdf
2015-11-11 06:30 - 2015-11-11 06:30 - 00016148 _____ C:\WINDOWS\system32\OFFICE_Rijoyce Rentals_HistoryPrediction.bin
2015-11-10 17:31 - 2015-11-05 00:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 17:31 - 2015-11-05 00:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 17:31 - 2015-11-05 00:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 17:31 - 2015-11-05 00:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 17:31 - 2015-11-05 00:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 17:31 - 2015-11-05 00:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 17:31 - 2015-11-05 00:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 17:31 - 2015-11-05 00:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 17:31 - 2015-11-04 23:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 17:31 - 2015-11-04 23:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 17:31 - 2015-11-04 23:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 17:31 - 2015-11-04 23:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 17:31 - 2015-11-04 23:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 17:31 - 2015-11-04 23:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 17:31 - 2015-11-04 23:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 17:31 - 2015-11-04 23:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 17:31 - 2015-11-04 23:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 17:31 - 2015-11-04 23:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 17:31 - 2015-11-04 23:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 17:31 - 2015-11-04 23:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 17:31 - 2015-11-04 23:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 17:31 - 2015-11-04 23:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 17:31 - 2015-11-04 23:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 17:31 - 2015-11-04 23:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 17:31 - 2015-11-04 23:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 17:31 - 2015-11-04 23:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 17:31 - 2015-11-04 23:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 17:31 - 2015-11-04 23:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 17:31 - 2015-11-04 23:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 17:31 - 2015-11-04 23:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 17:31 - 2015-11-04 23:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 17:31 - 2015-11-04 23:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 17:31 - 2015-11-04 23:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 17:31 - 2015-11-04 22:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 17:31 - 2015-11-04 22:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 17:31 - 2015-11-04 22:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 17:31 - 2015-11-04 22:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 17:31 - 2015-11-04 22:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 17:31 - 2015-11-04 22:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 17:31 - 2015-11-04 22:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 17:31 - 2015-11-04 22:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 17:31 - 2015-11-04 22:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 17:31 - 2015-11-04 22:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 17:31 - 2015-11-04 22:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 17:31 - 2015-11-04 22:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 17:31 - 2015-11-04 22:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 17:31 - 2015-11-04 22:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 17:31 - 2015-11-04 22:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 17:31 - 2015-11-04 22:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 17:31 - 2015-11-04 22:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 17:31 - 2015-11-04 22:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 17:31 - 2015-11-04 22:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 17:31 - 2015-11-04 22:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-07 16:54 - 2015-11-07 16:54 - 00001430 _____ C:\Users\Family\Downloads\Transaction.qfx
2015-11-07 16:54 - 2015-11-07 16:54 - 00000301 _____ C:\Users\Family\Downloads\Transaction.csv
2015-11-07 16:54 - 2015-11-07 16:54 - 00000000 ____D C:\Users\Family\AppData\Local\Intuit_Inc
2015-11-06 12:42 - 2015-11-06 12:42 - 00001991 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-11-06 12:42 - 2015-11-06 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-28 16:02 - 2012-08-27 20:54 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-28 15:33 - 2015-02-02 09:53 - 00000636 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4159210540-2217699198-1934608907-1003.job
2015-11-28 15:29 - 2015-05-31 10:17 - 00000732 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4159210540-2217699198-1934608907-1003.job
2015-11-28 15:23 - 2011-03-05 22:35 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-28 14:23 - 2011-03-05 22:35 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-28 14:21 - 2011-03-05 14:00 - 00000000 ____D C:\Users\Family\Documents\Outlook Files
2015-11-28 12:11 - 2014-11-23 08:39 - 00000000 ____D C:\Users\Family\AppData\Local\CrashDumps
2015-11-28 11:52 - 2015-08-30 21:51 - 01009666 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-28 11:52 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2015-11-28 11:50 - 2015-04-04 11:47 - 00000000 ___RD C:\Users\Family\iCloudDrive
2015-11-28 11:50 - 2011-09-11 22:44 - 00000000 ___RD C:\Users\Family\Dropbox
2015-11-28 11:50 - 2011-09-11 22:43 - 00000000 ____D C:\Users\Family\AppData\Roaming\Dropbox
2015-11-28 11:47 - 2015-08-30 21:48 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-28 11:47 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-28 11:46 - 2015-07-10 04:05 - 00000000 ____D C:\Windows
2015-11-28 11:46 - 2012-01-24 23:04 - 330133646 ____H C:\WINDOWS\cbufsscansysdmp.bin
2015-11-28 11:44 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-28 10:25 - 2012-06-08 23:14 - 00577024 ___SH C:\Users\Family\Desktop\Thumbs.db
2015-11-28 10:00 - 2015-09-01 04:52 - 00000000 ____D C:\Users\Family\AppData\LocalLow\Temp
2015-11-28 09:56 - 2011-07-17 22:18 - 00370688 ___SH C:\Users\Family\Documents\Thumbs.db
2015-11-27 23:02 - 2011-09-23 22:50 - 00000356 _____ C:\WINDOWS\Tasks\CBU taskID 63303634257 0.job
2015-11-27 22:57 - 2011-09-23 22:50 - 00000356 _____ C:\WINDOWS\Tasks\CBU taskID 63303634228 0.job
2015-11-27 22:07 - 2011-03-06 19:33 - 00000000 ____D C:\Users\Family\Backups
2015-11-27 22:00 - 2011-09-23 22:43 - 00000356 _____ C:\WINDOWS\Tasks\CBU taskID 63303633790 0.job
2015-11-27 22:00 - 2011-08-12 21:41 - 00000356 _____ C:\WINDOWS\Tasks\CBU taskID 63300001281 0.job
2015-11-27 12:13 - 2015-07-10 06:06 - 00000000 ____D C:\WINDOWS\Setup
2015-11-27 11:02 - 2013-04-28 15:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-27 11:02 - 2005-10-08 16:19 - 00000000 ____D C:\Users\Family\Documents\Word Files
2015-11-27 09:51 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-26 08:25 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-25 17:25 - 2013-05-16 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-24 19:18 - 2015-08-30 21:52 - 00000000 ____D C:\Users\Family
2015-11-23 21:48 - 2011-05-10 11:54 - 00000000 ____D C:\Users\Family\AppData\Local\Windows Live
2015-11-23 17:35 - 2015-07-07 17:23 - 00000000 ____D C:\Users\Family\AppData\Local\Dropbox
2015-11-23 17:25 - 2011-09-11 22:44 - 00001331 _____ C:\Users\Family\Desktop\Dropbox.lnk
2015-11-22 22:21 - 2012-01-08 10:36 - 00000000 ____D C:\Users\Family\Documents\DisplayFusion Backups
2015-11-22 22:19 - 2015-05-14 08:03 - 02023936 ___SH C:\Users\Family\Downloads\Thumbs.db
2015-11-22 22:19 - 2012-05-02 23:38 - 00001345 _____ C:\Users\Public\Desktop\DisplayFusion.lnk
2015-11-22 22:19 - 2011-03-13 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
2015-11-22 22:19 - 2011-03-13 12:43 - 00000000 ____D C:\Program Files (x86)\DisplayFusion
2015-11-22 21:49 - 2011-03-05 16:01 - 00000000 ____D C:\Users\Family\AppData\Local\Adobe
2015-11-22 21:47 - 2014-12-30 17:56 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-22 21:46 - 2011-03-05 16:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-22 21:46 - 2011-02-15 12:29 - 00000000 ____D C:\ProgramData\Adobe
2015-11-18 11:18 - 2015-10-11 19:53 - 00000000 ____D C:\Users\Family\Desktop\Kevin photos to Olga
2015-11-17 10:35 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-17 03:31 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-10 18:08 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-10 18:08 - 2011-03-05 13:46 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-10 18:00 - 2013-08-15 03:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-10 17:45 - 2011-03-05 17:45 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 13:10 - 2015-05-31 10:17 - 00003904 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-4159210540-2217699198-1934608907-1003
2015-11-10 13:10 - 2015-02-02 09:53 - 00003808 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4159210540-2217699198-1934608907-1003
2015-11-06 12:43 - 2014-09-08 14:53 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-06 12:42 - 2015-05-23 20:53 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2015-11-06 12:42 - 2011-06-19 19:12 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-11-03 13:20 - 2015-07-10 06:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 13:20 - 2015-07-10 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-03-08 12:54 - 2015-03-08 12:54 - 0003584 _____ () C:\Users\Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-05 17:30 - 2011-03-05 17:30 - 0000879 _____ () C:\ProgramData\CamSuite.ini
2011-03-06 17:08 - 2011-03-06 17:08 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
 
Some files in TEMP:
====================
C:\Users\Family\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkdzgkr.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-23 08:07
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-11-2015
Ran by Family (2015-11-28 16:55:23)
Running from C:\Users\Family\Downloads
Windows 10 Home (X64) (2015-08-31 03:35:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4159210540-2217699198-1934608907-500 - Administrator - Disabled)
ATK Work (S-1-5-21-4159210540-2217699198-1934608907-1004 - Administrator - Enabled) => C:\Users\ATK Work
DefaultAccount (S-1-5-21-4159210540-2217699198-1934608907-503 - Limited - Disabled)
Family (S-1-5-21-4159210540-2217699198-1934608907-1000 - Administrator - Enabled) => C:\Users\Family
Guest (S-1-5-21-4159210540-2217699198-1934608907-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4159210540-2217699198-1934608907-1034 - Limited - Enabled)
Jessie (S-1-5-21-4159210540-2217699198-1934608907-1005 - Limited - Enabled) => C:\Users\Jessie
Rijoyce Rentals (S-1-5-21-4159210540-2217699198-1934608907-1003 - Administrator - Enabled) => C:\Users\Rijoyce Rentals
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.224 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BRC QIF to IIF Converter (HKLM-x32\...\QIF to IIF Converter) (Version: 7.27 - Big Red Consulting)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.)
Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG5500 series User Registration (HKLM-x32\...\Canon MG5500 series User Registration) (Version:  - ‭Canon Inc.)
Canon MP600 User Registration (HKLM-x32\...\Canon MP600 User Registration) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
Canon Utilities Easy-PhotoPrint (HKLM-x32\...\Easy-PhotoPrint) (Version:  - )
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
COMODO BackUp (HKLM\...\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}) (Version: 4.0.6.12 - COMODO)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debugging Tools for Windows (x64) (HKLM\...\{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}) (Version: 6.12.2.633 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DisplayFusion 7.3.2 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.3.2.0 - Binary Fortress Software)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elevated Installer (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}) (Version: 2.9.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b292f4e5-60ca-4bb8-8810-e5f908c3c1ff}) (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google SketchUp 7 (HKLM-x32\...\{E5D52570-5EF1-4576-A434-6CCD92268F0F}) (Version: 2.0.10247 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
HD Writer LE 1.0 (HKLM-x32\...\{6BFDCF0D-5C60-4C5A-9A31-D5D7002E74E5}) (Version: 1.00.009.1033 - Panasonic Corporation)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.81 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Philips CamSuite (HKLM-x32\...\{E6C773DF-41C4-4A4F-B6C5-7830FF10342F}) (Version: 1.0.9.0 - Philips)
Philips SPC1330NC Webcam (HKLM-x32\...\{12F8DD7F-331C-4DA1-969B-DE8065AF6605}) (Version: 1.0.0.0 - Philips)
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.8.1 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
VSDC Free Video Editor version 3.3.0.394 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 3.3.0.394 - Flash-Integro LLC)
WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4159210540-2217699198-1934608907-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Family\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
 
==================== Restore Points =========================
 
19-11-2015 09:02:51 Scheduled Checkpoint
27-11-2015 10:53:12 Removed iSEEK AnswerWorks English Runtime
28-11-2015 09:59:15 Restore Point Created by FRST
28-11-2015 11:56:02 JRT Pre-Junkware Removal
28-11-2015 12:01:31 JRT Pre-Junkware Removal
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-11-28 10:00 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03B8F1BA-9548-4D04-A69F-5024C50125AE} - System32\Tasks\G2MUploadTask-S-1-5-21-4159210540-2217699198-1934608907-1003 => C:\Users\Rijoyce Rentals\AppData\Local\Citrix\GoToMeeting\3880\g2mupload.exe [2015-11-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {07E5D756-C2D5-49C4-B9A3-E4FDA165109F} - System32\Tasks\G2MUpdateTask-S-1-5-21-4159210540-2217699198-1934608907-1003 => C:\Users\Rijoyce Rentals\AppData\Local\Citrix\GoToMeeting\3880\g2mupdate.exe [2015-11-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {09387EE3-7F87-4A04-87DF-CCCC2287C9D8} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0BC543AA-B8C4-44BB-9B38-3B19980D0DD0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {0DAAEC0F-E8F6-4B6C-B84B-23A775DD49E9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {105C4AB0-F12C-4234-BBF2-3493EC51D00D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {16DE37E3-63E9-4A09-8035-33C11D1D8CE9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {18DB85A7-C631-405D-B9B7-AE63A300D331} - System32\Tasks\{1A43782E-0C8C-4B47-9131-2AA9EB13FE5C} => pcalua.exe -a C:\Users\Family\Downloads\winsdk_web.exe -d C:\Users\Family\Downloads
Task: {1AD41356-BB0A-411E-8494-8971BBCF15B5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-10] (Microsoft Corporation)
Task: {1AF1B9A3-8B5D-40BB-B4BB-0BC2B8CE559F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {1F7EAAA0-42A7-4AC1-8052-F13FF42AC380} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {24D8B78B-9808-4F27-ABD9-4F1C3C20FCE8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {29B0C9BD-9D9D-4FDE-9FAA-E4CF6CF8202F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {2D9B0994-8EAB-4118-BCFE-2EB45D21A5F7} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {3D7AFDFA-D7C7-4A50-861E-860CC5739642} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3E03C1A2-C0FC-4063-999F-285353BD9B58} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {48FD6B2E-0015-4A86-979C-99B5AED2D2CF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-23] (Dropbox, Inc.)
Task: {4B754A15-7598-4252-A48B-A077A4FCEC6C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {52B24306-9524-4C0D-BEB5-71BD9099E972} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {52EA0B97-1379-4DAA-82C3-84F84897D562} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {595FC9DB-E32D-47F9-9490-4E1BF83971D3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {5E4959DB-D8A9-4832-9765-204C4EBD18AF} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-23] (Dropbox, Inc.)
Task: {5E4D056C-37FA-486A-B4AE-4F29EDA01D1F} - System32\Tasks\CBU taskID 63286252732 2 => C:\Program Files\COMODO\COMODO BackUp\CBU.exe [2011-10-05] (Comodo Security Solutions)
Task: {66196B8B-AE0C-4348-89F7-BDBAE49EA961} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {67E0B463-3C78-4F8C-97A1-879ED4B7ACB8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {6BC4E8E2-C599-4550-ACB9-B0B9EA73FA0E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {891DA446-39A7-4408-AAC5-F0353B2D5DDE} - System32\Tasks\{D24B031F-2659-4B3F-9EB2-B92B9F78D3C0} => pcalua.exe -a C:\Users\Family\Dropbox\D-Toys-DraggableDan.exe -d C:\Users\Family\Dropbox
Task: {8A2B4F35-D1E1-4F74-8B73-CAA219590BEF} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {8C6D7E1C-6F9E-4407-ACC7-80E6D66CA7B7} - System32\Tasks\CBU taskID 63303633790 0 => C:\Program Files\COMODO\COMODO BackUp\CBU.exe [2011-10-05] (Comodo Security Solutions)
Task: {97B9DF5B-3E5A-454A-8677-7E806B1F1FF6} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {97F393E3-9553-486F-8291-6DACAAF2C835} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {9BE25CBD-F928-4CD8-A2F5-08F8F9BCEB15} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A126DD0F-7218-4A19-BEF2-D44D87F1EE53} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {A330231C-A8D5-47C8-B163-31C6BD3EFBEA} - System32\Tasks\{4259CC97-CF03-4A72-AC50-EABDC61E743F} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {A57E6EB1-B80F-4F8A-9EC1-6F9B49108577} - System32\Tasks\CBU taskID 63303634257 0 => C:\Program Files\COMODO\COMODO BackUp\CBU.exe [2011-10-05] (Comodo Security Solutions)
Task: {A7599B76-2E99-4EE1-9CF6-5D7D30689C04} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-15] (Adobe Systems Incorporated)
Task: {A869BD8F-A086-401E-868A-9B78E400C72C} - System32\Tasks\CBU taskID 63303634228 0 => C:\Program Files\COMODO\COMODO BackUp\CBU.exe [2011-10-05] (Comodo Security Solutions)
Task: {A8B6C844-7E59-4191-B900-D66C3C3D2CA9} - System32\Tasks\{80329D4F-804E-4E14-B2A9-8E227199890B} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {A9547D6C-608C-45A7-B607-C43C9D9EF952} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {A972EF7D-7E9F-4210-AA71-7513C2F01B50} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {AA5DB05A-7FF6-47ED-928E-1B53AFC84FDD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {B373866E-FA14-4A98-8E2B-3BDB2FC66B6C} - System32\Tasks\CBU taskID 63300001620 1 => C:\Program Files\COMODO\COMODO BackUp\CBU.exe [2011-10-05] (Comodo Security Solutions)
Task: {B38AC0BB-2FB8-4AEE-A5BB-AA303D9CFAFC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {B5B924FC-E1F9-4A55-8EF7-4C28DEFE38C5} - System32\Tasks\{2BA83EF1-7CC3-4A34-BCEA-E5CD780AA0A4} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {BDB96390-1945-48D9-B2C1-918D9B28EF3A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C079BE3A-65FD-4B8C-B046-4ACBDE21C419} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C657273E-DBFF-47B7-B024-F4821B50068E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CBB225DA-3EBF-425C-A135-B077D909B933} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {D4D596CC-A1AE-4680-8B72-28B56D883586} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe
Task: {D7B4A46B-51B1-46AE-9D1C-E58BCA0EC230} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {D9262F06-C3E3-4C4A-9717-30EDF635BB4A} - System32\Tasks\CBU taskID 63300001281 0 => C:\Program Files\COMODO\COMODO BackUp\CBU.exe [2011-10-05] (Comodo Security Solutions)
Task: {DA93BA52-1203-4E37-A514-746463C53DC4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DEE2C1D8-3A8A-4FA6-96EA-7B89B47695D9} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DF4ACAFA-BBEB-4933-9A1C-E4E3D4F529C4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {DFC2F6F3-FB26-4538-833B-9D06A0142DA8} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {F1CD2E2A-ECC7-4BC0-9ACD-7FED897EB704} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {F3E39BCF-7536-4388-A1E0-13322E2E07E2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {F9C19D0D-C61E-40B8-B9AB-0BE02CD186FB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {FD3A7CF3-4C14-4DDB-8B7C-DC2F565955A8} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-10-29] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CBU taskID 63286252732 2.job => C:\Program Files\COMODO\COMODO BackUp\CBU.exe
Task: C:\WINDOWS\Tasks\CBU taskID 63300001281 0.job => C:\Program Files\COMODO\COMODO BackUp\CBU.exe
Task: C:\WINDOWS\Tasks\CBU taskID 63300001620 1.job => C:\Program Files\COMODO\COMODO BackUp\CBU.exe
Task: C:\WINDOWS\Tasks\CBU taskID 63303633790 0.job => C:\Program Files\COMODO\COMODO BackUp\CBU.exe
Task: C:\WINDOWS\Tasks\CBU taskID 63303634228 0.job => C:\Program Files\COMODO\COMODO BackUp\CBU.exe
Task: C:\WINDOWS\Tasks\CBU taskID 63303634257 0.job => C:\Program Files\COMODO\COMODO BackUp\CBU.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4159210540-2217699198-1934608907-1003.job => C:\Users\Rijoyce Rentals\AppData\Local\Citrix\GoToMeeting\3880\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4159210540-2217699198-1934608907-1003.job => C:\Users\Rijoyce Rentals\AppData\Local\Citrix\GoToMeeting\3880\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-31 01:41 - 2015-08-31 01:41 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2011-03-24 14:24 - 2009-11-05 07:40 - 00085504 _____ () C:\WINDOWS\System32\cpwmon64.dll
2015-08-31 02:09 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-01 10:32 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 10:32 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-10-01 10:32 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-01 10:32 - 2015-09-17 00:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 10:31 - 2015-09-17 00:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 10:31 - 2015-09-17 00:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 10:32 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-11-10 07:32 - 2015-11-10 07:33 - 00173056 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.5.11021.0_x64__8wekyb3d8bbwe\CellNativeClientUniversal.dll
2015-08-31 04:00 - 2015-08-31 04:02 - 04485808 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.5.11021.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-13 04:46 - 2015-10-13 04:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-11 04:25 - 2015-11-06 23:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 04:25 - 2015-11-06 23:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-11-11 04:25 - 2015-11-06 23:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\intuit.com -> hxxps://ttlc.intuit.com
IE restricted site: HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\intellitxt.com -> intellitxt.com
IE restricted site: HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\...\vibrantmedia.com -> vibrantmedia.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4159210540-2217699198-1934608907-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Family\AppData\Local\DisplayFusion\Wallpaper_2.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ACPService => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: avast! Antivirus => 2
MSCONFIG\Services: COSService.exe => 2
MSCONFIG\Services: DisplayFusionService => 2
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RoxMediaDB12OEM => 3
MSCONFIG\Services: RoxWatch12 => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: SynchronizationService.exe => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HD Writer.lnk => C:\Windows\pss\HD Writer.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^SpywareGuard.lnk => C:\Windows\pss\SpywareGuard.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: Dell DataSafe Online => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DisplayFusion => "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
MSCONFIG\startupreg: PLF1330 => C:\Windows\PLF1330.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SPC1330 => C:\Windows\vspc1330.exe
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{31A915D1-1238-4F86-99BC-2DFAE08B22F6}] => (Allow) C:\Users\Family\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [UDP Query User{EE19E095-1D6A-440A-A6A8-C54D5B6AD459}C:\windows\system32\wfs.exe] => (Block) C:\windows\system32\wfs.exe
FirewallRules: [TCP Query User{6BF2B809-D524-4A3A-9483-0F1CEFEE317B}C:\windows\system32\wfs.exe] => (Block) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{92B9C6A8-9B5C-4EEC-9496-948A3FCECC1E}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{59B93A21-9CBF-423B-851F-7CC8027F62FE}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{9BDF68F7-2938-4603-88CE-5257CBD9C9E0}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{426ACCD4-870C-4BF3-9A71-40F65B97EBB7}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{BDE8242A-9082-417C-BB2A-43CEA7A39288}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{1F4E5F2F-F62F-46A2-81B6-E993023D598D}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{71600017-A015-45C4-BB38-0B103AA2AAAB}C:\users\family\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\family\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{96193F53-7777-4DCE-9D97-BD3EC0616810}C:\users\family\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\family\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{EE03F43C-D1D4-4082-AB79-6D93D4A855BC}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [TCP Query User{CBC7DEA4-0785-4ED1-9C4C-E603EFDEA237}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [{E32512F2-5944-455B-80EA-332FD7CD6273}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{A518C1AD-BBEE-48A3-A9E9-848C8637E41D}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [UDP Query User{FF29653A-2670-4AE7-A24A-C4A4CB25B0CA}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{D32A81B3-83C7-477F-AC01-FA80B42DB0A8}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{A9C3C6D1-89AD-4004-823E-0C4037FC3962}] => (Allow) LPort=7000
FirewallRules: [{1B6F2550-5A93-405D-8B09-A35A3033C1DD}] => (Allow) LPort=7000
FirewallRules: [{660CAAAC-46A8-499E-AA54-F434DA8E11F3}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{807ACD5C-8184-436D-8283-745DD1074DB6}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{06328C4F-68AA-4FB3-BC75-96421FEB151C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{743009DC-6FC3-40CE-8954-1D7E77F27E4E}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{EEA0B453-B9F3-4AB6-96A0-26BDFE76F3DA}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{DEA9F3AA-9F4E-4C37-9248-BC45F7F8638E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{611B30BD-662B-4765-BC0D-A34302EB9A92}] => (Allow) LPort=1900
FirewallRules: [{9FB5337D-8B0E-4DE3-BF95-C26F200C8CEA}] => (Allow) LPort=2869
FirewallRules: [{D3E5ADA1-BFCE-4C7E-AE38-F2FAF7E6E399}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DB9EDCB4-A2D6-4832-B0C9-9CF505A4342D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3A02B0FD-8A38-4C8B-AE55-5307207D73BB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A0047DB-0B10-47EA-864C-2FF4F85A5E4C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5849C8CE-B4AE-4D64-A56C-6EC17E84D145}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1EA04A7-5D7A-4F29-976B-A6D9C0216179}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{65F31207-9499-443D-859C-382BEE71AAC3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{36967E05-A00A-40EE-8127-16D0F1896CE0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{20647B1A-BD98-4D6C-88AC-B3B3B6153ED3}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{8E5463F4-0F31-4379-BA1A-D687298546BB}] => (Allow) C:\Program Files (x86)\FreeVideoEditor\VideoEditor\VideoEditor.exe
FirewallRules: [{76346D19-CBB1-4D5E-A729-177C3FB89C45}] => (Allow) C:\Program Files (x86)\FreeVideoEditor\VideoEditor\VideoEditor.exe
FirewallRules: [{B66E04BE-0DFD-4186-A5D6-E45F33629022}] => (Allow) C:\Program Files (x86)\FreeVideoEditor\VideoEditor\Updater.exe
FirewallRules: [{1F906B07-1F46-4002-BE24-07CFE3DB83A1}] => (Allow) C:\Program Files (x86)\FreeVideoEditor\VideoEditor\Updater.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/28/2015 04:41:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Office)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/28/2015 04:41:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Office)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/28/2015 04:41:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Office)
Description: App Microsoft.LockApp_10.0.10240.16384_neutral__cw5n1h2txyewy+WindowsDefaultLockScreen did not launch within its allotted time.
 
Error: (11/28/2015 02:03:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Office)
Description: Activation of app Microsoft.XboxIdentityProvider_cw5n1h2txyewy!Microsoft.XboxIdentityProvider failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/28/2015 00:11:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BackgroundTaskHost.exe, version: 10.0.10240.16384, time stamp: 0x559f38c5
Faulting module name: twinapi.appcore.dll, version: 10.0.10240.16590, time stamp: 0x563ad512
Exception code: 0xc000027b
Fault offset: 0x000000000006646f
Faulting process id: 0x18d0
Faulting application start time: 0xBackgroundTaskHost.exe0
Faulting application path: BackgroundTaskHost.exe1
Faulting module path: BackgroundTaskHost.exe2
Report Id: BackgroundTaskHost.exe3
Faulting package full name: BackgroundTaskHost.exe4
Faulting package-relative application ID: BackgroundTaskHost.exe5
 
Error: (11/28/2015 00:01:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (11/28/2015 11:56:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (11/28/2015 11:48:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 10.0.10240.16384, time stamp: 0x559f38cb
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x980
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Faulting package full name: svchost.exe_stisvc4
Faulting package-relative application ID: svchost.exe_stisvc5
 
Error: (11/28/2015 10:25:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SearchUI.exe version 10.0.10240.16515 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 530
 
Start Time: 01d129f0ee5b5380
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
 
Report Id: 371c90a1-95e4-11e5-9bcd-b8ac6fe4ad03
 
Faulting package full name: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: CortanaUI
 
Error: (11/28/2015 10:25:08 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Office)
Description: App Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI did not launch within its allotted time.
 
 
System errors:
=============
Error: (11/28/2015 02:09:00 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Xbox Live Auth Manager service terminated with the following service-specific error: 
%%0
 
Error: (11/28/2015 00:16:18 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Xbox Live Auth Manager service terminated with the following service-specific error: 
%%0
 
Error: (11/28/2015 11:56:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/28/2015 11:50:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/28/2015 11:48:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMService service failed to start due to the following error: 
%%1053
 
Error: (11/28/2015 11:48:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
 
Error: (11/28/2015 11:48:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error: 
%%1053
 
Error: (11/28/2015 11:48:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
 
Error: (11/28/2015 11:48:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error: 
%%1053
 
Error: (11/28/2015 11:48:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2015-11-28 11:58:46.378
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-28 11:58:46.344
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-28 10:52:40.108
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-28 10:39:05.400
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-28 10:39:05.314
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-28 09:59:04.699
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-28 09:59:04.605
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-28 09:59:02.746
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-28 09:58:59.358
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-27 23:06:45.009
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 55%
Total physical RAM: 4094.98 MB
Available physical RAM: 1818.4 MB
Total Virtual: 8190.98 MB
Available Virtual: 5239.96 MB
 
==================== Drives ================================
 
Drive c: (OS Primary 750 GB Hard Drive) (Fixed) (Total:684.79 GB) (Free:509.88 GB) NTFS
Drive e: (WD 1 TB External HD (Backup)) (Fixed) (Total:931.51 GB) (Free:567.96 GB) NTFS
Drive f: (Hitachi 250 GB 2nd Hard Drive) (Fixed) (Total:232.88 GB) (Free:175.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=684.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 2B382B37)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 0029116E)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

Advertisements


#11
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

Progress?

 

When I start Chrome, the Google page appears briefly and then this URL appears:
http://searchinterne...UtbCXQeU1BoLlZP

 

The display goes no further.   If I turn on Malwarebytes, it blocks going to this website attempting to open Chrome.


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Hello,

I see you also ran the Chrome clean up tool. Perhaps the Chrome profile is corrupt, that means saving your bookmarks and reinstalling Chrome completely.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome via control panel .
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.
  • 0

#13
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

Will i have to uninstall Chrome for the other users on this computer?


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,793 posts
Only if the other users are experiencing the same issue, I believe it's probably just your Chrome user profile though, so lets start with that and hope it has some successful results.

Joe
  • 0

#15
groch

groch

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 180 posts

Apologies, there's no Stop & Clear button.  The only button on the page is "Reset Sync"


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP