Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HP620 laptop not responding, freezing, flashing, going really slow [So


  • This topic is locked This topic is locked

#61
pumpkinace

pumpkinace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Hi Bruce1270

Yes I tried doing that last night but it still didn't work, so today I have uninstalled it and then still had to go into the plugins to change it to always active again as it went back to never activate.  I have now managed to get onto the website. Thank you.


  • 0

Advertisements


#62
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Pumpkinace

I noticed that Rapport still seems to be installed and is showing in the logs. Did you have any issues uninstalling this using Revo?

We'll try removing this using FRST.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
Rapport (Version: 3.5.1507.113 - Trusteer) Hidden
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2266160 2016-03-03] (IBM Corp.)
R1 RapportCerberus_1507082; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1507082.sys [569472 2016-03-08] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [306016 2016-03-03] (IBM Corp.)
R0 RapportHades; C:\windows\System32\Drivers\RapportHades.sys [82400 2016-03-03] (IBM Corp.)
R0 RapportKELL; C:\windows\System32\Drivers\RapportKELL.sys [235360 2016-03-03] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [363424 2016-03-03] (IBM Corp.)
C:\windows\System32\Drivers\RapportHades.sys
C:\windows\System32\Drivers\RapportKELL.sys
C:\Program Files\Trusteer\Rapport
C:\ProgramData\Trusteer\Rapport
S3 eapihdrv; \??\C:\Users\da\AppData\Local\Temp\ehdrv.sys [X]
S1 MpKsl11636731; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D3088D47-2145-4E43-84C1-A1D084C6F2CF}\MpKsl11636731.sys [X]
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

    How is the computer running now?

  • 0

#63
pumpkinace

pumpkinace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Hi Bruce1270

It is taking a long time to start up from switching from the windows screen to the log in screen, its just black.  FF is slow and flickering.  I have done the fix you asked and it is still playing up.  The first time you asked me to remove Rapport it appeared to work ok so don't know why it was still there. 

 

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by da (2016-03-23 22:20:36) Run:14
Running from C:\Users\da\Desktop
Loaded Profiles: da (Available Profiles: da)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
Rapport (Version: 3.5.1507.113 - Trusteer) Hidden
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2266160 2016-03-03] (IBM Corp.)
R1 RapportCerberus_1507082; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1507082.sys [569472 2016-03-08] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [306016 2016-03-03] (IBM Corp.)
R0 RapportHades; C:\windows\System32\Drivers\RapportHades.sys [82400 2016-03-03] (IBM Corp.)
R0 RapportKELL; C:\windows\System32\Drivers\RapportKELL.sys [235360 2016-03-03] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [363424 2016-03-03] (IBM Corp.)
C:\windows\System32\Drivers\RapportHades.sys
C:\windows\System32\Drivers\RapportKELL.sys
C:\Program Files\Trusteer\Rapport
C:\ProgramData\Trusteer\Rapport
S3 eapihdrv; \??\C:\Users\da\AppData\Local\Temp\ehdrv.sys [X]
S1 MpKsl11636731; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D3088D47-2145-4E43-84C1-A1D084C6F2CF}\MpKsl11636731.sys [X]
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:

*****************

Error: (0) Failed to create a restore point.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}\\SystemComponent => value removed successfully.
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe => Could not close process
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe => Could not close process
RapportMgmtService => Unable to stop service.
RapportMgmtService => service removed successfully.
RapportCerberus_1507082 => Unable to stop service.
RapportCerberus_1507082 => service could not remove
RapportEI => Unable to stop service.
RapportEI => service removed successfully.
RapportHades => Unable to stop service.
RapportHades => service could not remove
RapportKELL => Unable to stop service.
RapportKELL => service removed successfully.
RapportPG => Unable to stop service.
RapportPG => service could not remove
Could not move "C:\windows\System32\Drivers\RapportHades.sys" => Scheduled to move on reboot.
Could not move "C:\windows\System32\Drivers\RapportKELL.sys" => Scheduled to move on reboot.

"C:\Program Files\Trusteer\Rapport" folder move:

Could not move "C:\Program Files\Trusteer\Rapport" => Scheduled to move on reboot.


"C:\ProgramData\Trusteer\Rapport" folder move:

Could not move "C:\ProgramData\Trusteer\Rapport" => Scheduled to move on reboot.

eapihdrv => service removed successfully.
MpKsl11636731 => service removed successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 2.3 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-23 22:29:41)

C:\windows\System32\Drivers\RapportHades.sys => is moved successfully
"C:\windows\System32\Drivers\RapportKELL.sys" => Could not move
C:\Program Files\Trusteer\Rapport => moved successfully
C:\ProgramData\Trusteer\Rapport => moved successfully

==== End of Fixlog 22:30:26 ====


  • 0

#64
pumpkinace

pumpkinace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Hi Bruce 1270

I just restarted my computer to see if it was any better now and it did start up properly, so must have been a glitch.  FF appears to be working at the moment. Outlook is the same, flickers slightly but is working.  Thank you.


  • 0

#65
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Ok. Can you run a fresh FRST and addition log and post to check Rapport is away.

Enjoy your holiday!. I'll keep post open if not resolved.
  • 0

#66
pumpkinace

pumpkinace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Hi Bruce1270

Thank you and Happy Easter.  Here are the logs.  No point in me looking at them its all double dutch as far as i'm concerned!!

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by da (2016-03-24 10:03:54)
Running from C:\Users\da\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2010-11-03 11:44:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3932258823-1374462109-926273279-500 - Administrator - Disabled)
da (S-1-5-21-3932258823-1374462109-926273279-1001 - Administrator - Enabled) => C:\Users\da
Guest (S-1-5-21-3932258823-1374462109-926273279-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3932258823-1374462109-926273279-1007 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{1C2A409B-3D00-4EE7-B13C-3C70AB8704B0}) (Version: 1.3.23 - Samsung)
Amazon Kindle (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{0BD03BF6-3A66-EC7F-5155-28A8D6C69409}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Cashbook (HKLM\...\{ACF23689-C863-47CF-90BD-1082B60B0F19}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coolroom (HKLM\...\{734C8402-3F5D-495D-A463-3176B46775E9}) (Version: 1.0.0 - Ether Digital)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DemoForge Mirage Driver for TightVNC 2.0 (HKLM\...\DemoForge Mirage Driver for TightVNC_is1) (Version: 2.0 - DemoForge LLC)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Drive Manager (HKLM\...\InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}) (Version: 1.00.0012 - Seagate Technology)
Drive Manager (Version: 1.00.0012 - Seagate Technology) Hidden
Dropbox (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Elevated Installer (Version: 4.1.17.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Connect Guide (HKLM\...\Epson Connect Guide) (Version:  - )
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM\...\{E402F650-650F-45C0-8F7A-00678D6AA0F6}) (Version: 2.6.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM\...\{5662F323-3D9C-4100-B60C-BC71B47DD0A1}) (Version: 3.10.0041 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.60.00 - SEIKO EPSON CORPORATION)
EPSON Manuals (HKLM\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.40.0.0 - SEIKO EPSON CORPORATION)
Epson Network Guide WF-3520 Series (HKLM\...\WF-3520 Series Netg) (Version:  - )
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Remote Print Uninstall (HKLM\...\EPSON Remote Print) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.00.0000 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
EPSON Universal Print Driver Printer Uninstall (HKLM\...\EPSON Universal Print Driver) (Version:  - SEIKO EPSON Corporation)
Epson User's Guide WF-3520 Series (HKLM\...\WF-3520 Series Useg) (Version:  - )
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
EPSON WF-7610 Series Printer Uninstall (HKLM\...\EPSON WF-7610 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
FUJIFILM MyFinePix Studio 2.0 (HKLM\...\FinePix Genie_is1) (Version:  - )
Garmin City Navigator Europe NTU 2015.30 (HKLM\...\{63F1BF21-7435-4055-AA71-7ED2B7948C8C}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{28c6c909-1890-443b-9960-0e8a535c2c69}) (Version: 4.1.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.1.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.1.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin POI Loader (HKLM\...\{3213ED5E-7BBE-4613-BE69-8B1E4FE520DD}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Drive (HKLM\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 5.2.0.952 (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\GoToMeeting) (Version: 5.2.0.952 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.2.3 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM\...\{206E1EEB-027A-4FC0-B4ED-6E48203BD49A}) (Version: 1.1.1.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{9161546B-336A-4E3D-B049-F25A400558C6}) (Version: 3.5.14.1 - Hewlett-Packard Company)
HP Setup (HKLM\...\{1E6219D4-027E-47EE-AB83-DD2F26E31A32}) (Version: 1.2.3557.3169 - Hewlett-Packard)
HP SoftPaq Download Manager (HKLM\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM\...\{223E2363-6643-49CB-A062-59A9858EE8EE}) (Version: 3.5.17.1 - Hewlett-Packard Company)
HP Software Setup (HKLM\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.6 - Hewlett-Packard Company)
HP Support Assistant (HKLM\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP User Guides 0190 (HKLM\...\{5B0D9F1A-425E-46C4-B06D-2C0736C1E804}) (Version: 1.00.0000 - Hewlett-Packard)
HP Webcam (HKLM\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.17.13 - Roxio)
HP Webcam Driver (HKLM\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0049 - Realtek Semiconductor Corp.)
HP Wireless Assistant (HKLM\...\{1061DF04-CF33-40B0-8360-D07C9BBEB122}) (Version: 3.50.10.1 - Hewlett-Packard)
iCloud (HKLM\...\{C3867553-D9F8-416E-8F14-EFF234A48577}) (Version: 5.1.0.34 - Apple Inc.)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6268.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2057 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet TV for Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{F16EA575-26A5-4DAD-A800-95267BE02C12}) (Version: 12.3.2.35 - Apple Inc.)
Java™ 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LightScribe Diagnostic Utility (HKLM\...\{05F8CCEB-1EDD-4996-A0E0-FF6EDB1E75EA}) (Version: 1.18.23.1 - LightScribe)
LightScribe System Software (HKLM\...\{10427BCB-0742-43BE-81E2-3920972946F5}) (Version: 1.18.23.1 - LightScribe)
LightScribe Template Labeler (HKLM\...\{2765F726-849C-47B2-A82C-B257DFC0E01C}) (Version: 1.18.22.2 - LightScribe)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mediatek RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.38.0 - MediatekWiFi)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office FrontPage 2003 (HKLM\...\{90170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Small Business 2007 (HKLM\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 25.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 25.0.1 (x86 en-GB)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\MusicManager) (Version:  - Google, Inc.)
MyEpson Portal (HKLM\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MyEpson Portal (Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
Naviextras Toolbox (HKLM\...\Naviextras Toolbox) (Version: 3.18.0.330918 - NNG Llc.)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Nuance PaperPort 12 (HKLM\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PC Connectivity Solution (HKLM\...\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}) (Version: 11.4.19.0 - Nokia)
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.116 - PDF Complete, Inc)
Presto! PageManager 9.03 SE (HKLM\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RAF (HKLM\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)
Rapport (HKLM\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1507.113 - Trusteer)
RealDownloader (Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
REALTEK Wireless LAN Software (HKLM\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator Business (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Link 1.8.0.1403131552 (HKLM\...\8474-7877-9059-0204) (Version: 1.8.0.1403131552 - Copyright 2013 SAMSUNG)
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan2PC (HKLM\...\{E59F8AF2-78D4-4355-B0EF-58C466C1242C}) (Version: 1.3.0.21 - Q)
ScanSoft OmniPage SE 4 (HKLM\...\{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Scansoft PDF Professional (Version:  - ) Hidden
Skype™ 7.8 (HKLM\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SkyPlayer for Windows Media Center (HKLM\...\{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}) (Version: 4.4.2.0 - Microsoft Corporation)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
TeamViewer 5 (HKLM\...\TeamViewer 5) (Version: 5.1.9385  - TeamViewer GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (Version: 1.0.0 - RealNetworks) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
VPresent (HKLM\...\{72478BBA-D832-4E6B-93A0-E89431E7A8BB}) (Version: 2.2.20.0 - VPresent)
WAV MP3 Converter v4.3 build 1287 (HKLM\...\{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1) (Version:  - Hoo Technologies)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3400 - Broadcom Corporation)
Windows 7 Default Setting (HKLM\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.6 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (12/16/2009 6.2.0.9414) (HKLM\...\0973B297E079B467E3776E59F763D63FD557795B) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0) (HKLM\...\504244733D18C8F63FF584AEB290E3904E791693) (Version: 08/22/2008 7.0.0.0 - Nokia)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
XHeader (HKLM\...\XHeader) (Version: 1.205 - Intellimon)
XHeader Bonus Download (HKLM\...\XHeader Bonus Download) (Version: 1.215 - Intellimon)
XSitePro2 (HKLM\...\XSitePro2) (Version: 2.149 - Intellimon Ltd)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\952\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F4D914B-D23A-4698-9D86-8ACB7897DC18} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {1A22CA1F-7997-4B9F-A089-DC8E8692B595} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {1D155B23-AA5A-4708-9AC8-6F70453E36D6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {1E45B63A-E57B-4325-926B-F0EC0C4595BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {201099AB-76BD-4D1D-9760-513BFCE3018E} - System32\Tasks\{E092E56F-395B-4834-BD8C-022B3A0CB4C7} => C:\Users\da\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-07-21] (Amazon.com)
Task: {215EDD27-4061-4692-85EB-BA9400CB7E97} - System32\Tasks\{D6654F95-01F1-4535-A7B0-0B5D854A4744} => C:\Users\da\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-07-21] (Amazon.com)
Task: {2A3DBE0A-CCE6-4B31-888B-376FD16A0D93} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {2F1660A0-1A6A-4C32-911B-49CDB141E730} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA => C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {3E383FA3-0751-435B-A033-768AE7B4518C} - System32\Tasks\{9971F867-1FB6-4487-9934-640788B097E5} => C:\Program Files\WIDCOMM\Bluetooth Software\AdminUtils.exe [2012-10-17] (Broadcom Corporation.)
Task: {416D0FFB-B073-4751-8D70-CE5FC65411B8} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-02-16] ()
Task: {4540BA04-7903-43AC-BEB5-564A2C911F00} - System32\Tasks\{EB61F18D-E9FC-492A-BD73-A7A0B7853034} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-10-17] (Broadcom Corporation.)
Task: {512E6DEB-CB5D-4CAE-A4BC-4318839733A2} - System32\Tasks\{7009BCAC-1A27-42E3-86C4-65A0C2B39D76} => pcalua.exe -a C:\Users\da\Documents\Downloads\mx850sosmwin110encm.exe -d C:\Users\da\Documents\Downloads
Task: {525DA33D-D507-4692-A1A7-790AFCAAB365} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {5269F030-F140-4AB5-B008-E287DE58068C} - System32\Tasks\HPCeeScheduleForDAWNGREENAWAY$ => c:\program files\hewlett-packard\hp ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {53790E83-EE53-42F8-BCAC-6848B107DF0F} - System32\Tasks\{F59679D7-FC51-4653-8FEC-61D0BEF9341A} => pcalua.exe -a "C:\Users\da\Downloads\Driver Support\Driver Support\sp55212.exe" -d C:\windows\system32
Task: {53A30C8F-5015-4623-9556-D61E4C48F136} - System32\Tasks\{4BE21352-3767-4BAE-9682-EEA5DECECC26} => pcalua.exe -a C:\Users\da\Downloads\gm5p_setup.exe -d "C:\Program Files\Mozilla Firefox"
Task: {563BBA89-3EAB-44C9-BB33-BE2A91E979F7} - System32\Tasks\{5726758E-0E12-4B00-A9C1-EC425E3E67E9} => pcalua.exe -a C:\Users\da\Downloads\mx850sndwin250a_ntwin250aen.exe -d C:\windows\system32
Task: {58F0462E-60D8-47C6-9129-0897ACCB790A} - System32\Tasks\{34B0F794-6A48-468E-AAE5-865BD937F693} => C:\Program Files\WIDCOMM\Bluetooth Software\AdminUtils.exe [2012-10-17] (Broadcom Corporation.)
Task: {59DCAD36-AE95-48FC-8E12-36A8DF107D5D} - System32\Tasks\{1F4A81E3-C3E1-4D1E-BB3C-332F4F7742DF} => pcalua.exe -a C:\Users\da\Downloads\gm5b_setup(1).exe -d "C:\Program Files\Mozilla Firefox"
Task: {59E11070-5D93-4431-B450-FBEA77875978} - System32\Tasks\{CA656C04-5BF8-410E-872D-7817A33A4A9F} => C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe [2012-10-17] (Broadcom Corporation.)
Task: {5DF04747-A52A-4989-930A-A6C810E4DFFF} - System32\Tasks\HPCeeScheduleForda => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {5F1E2E3C-7A47-412D-8A4F-E61ACEA87DD1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {6845CE20-E427-49D8-9A5D-85B5F0ECCDAD} - System32\Tasks\{F60E4F7A-3FED-4AD3-8AE6-385BCE906DB9} => pcalua.exe -a C:\Users\da\Downloads\gm5b_setup(2).exe -d "C:\Program Files\Mozilla Firefox"
Task: {6BAAB1C4-16D4-4C17-9816-EBD8A0A5361D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {6D8AA48D-4427-4F49-8A56-02A14C1B3012} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {79232A21-173A-4382-BB1C-1C9840C730EB} - System32\Tasks\RealDownloader Update Check => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {7AAB1461-CDE4-42F8-BAFF-DEF8F3426EBE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-23] (Adobe Systems Incorporated)
Task: {7B367C6E-E9C3-4D5A-B441-D023DE5A5B75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
Task: {85F59070-DF3B-4E8D-A45A-DBCE4F9FA3CE} - System32\Tasks\{3FDFF92D-A9E8-4F2E-941F-71435EA4F174} => pcalua.exe -a C:\Users\da\Downloads\gm5p_setup(1).exe -d C:\Users\da\Documents
Task: {873A4D05-EA53-4E69-8997-7368778570E1} - System32\Tasks\{84D08FB8-D0B2-4078-BB1F-F67201567C63} => pcalua.exe -a C:\Users\da\Documents\Downloads\sp64082.exe -d C:\Users\da\Documents\Downloads
Task: {8A35A498-D71B-41E6-A24C-F0F57F0633A0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core => C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {9AD90831-66E9-434A-9559-D587D586FAF5} - System32\Tasks\{AEA9E9C1-C1CF-4DCE-96CD-CA813A46C0F1} => pcalua.exe -a "C:\Users\da\Downloads\Driver Support\Driver Support\sp52183.exe" -d C:\windows\system32
Task: {9D7CE0C7-ED02-4D61-94B2-23EEFD8BC355} - System32\Tasks\{615FAF27-C7EB-462C-86C2-148115F378DF} => pcalua.exe -a C:\Users\da\Downloads\sp54620(3).exe -d C:\Users\da\Downloads
Task: {9DF82888-5EC2-4E3F-A4F9-24C883C5C4D6} - System32\Tasks\{1421478B-3720-459C-A7E4-BF916691451C} => C:\Users\da\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-07-21] (Amazon.com)
Task: {9ED0B1BD-3CA8-42D3-8ED0-92DB646D3888} - System32\Tasks\{0C410A45-3F33-439F-9975-B5068AD71D39} => pcalua.exe -a C:\Users\da\Downloads\aomwin200ea24(2).exe -d C:\windows\system32
Task: {A13AFD25-3608-4701-AC47-5644511BC98D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {A72C4338-CF0F-482B-BD07-DECF529E7C1F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {B4227801-F9B1-4AEC-8912-842332F7F5EF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA => C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {B59AA59D-DFA8-4C59-B76A-D4E6E442DED7} - System32\Tasks\{0F598EE6-A424-4CE6-9EF6-A65D68DEDC09} => pcalua.exe -a "C:\Users\da\Downloads\Driver Support\Driver Support\sp54982.exe" -d C:\windows\system32
Task: {B621ABD7-1AE6-4C49-94B4-187FAC2A5EA9} - System32\Tasks\{A550B53A-5339-4364-9954-C8A9D91FD65C} => pcalua.exe -a "C:\Users\da\Downloads\Driver Support\Driver Support\sp50180.exe" -d C:\windows\system32
Task: {BE96B368-0730-4A2B-BE3E-A138B4888852} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)
Task: {C629AB7B-A7EB-4D92-AC0C-D2C48FFCDB31} - System32\Tasks\{8319F902-19E7-4E3B-BC86-F617AB63A60E} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-10-17] (Broadcom Corporation.)
Task: {C6987233-1F5B-4ED0-9A20-F2D1A68ED4B1} - System32\Tasks\{8EEA20BD-0453-4013-AF29-E1F027F7222F} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-10-17] (Broadcom Corporation.)
Task: {C9601CC5-7735-468C-B860-4F286AF83624} - System32\Tasks\CCleaner => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {CE286AE4-9C5C-4C65-9881-79C0E82FFE9F} - System32\Tasks\{2BDA8AEB-C4C5-405E-9D78-3C7A9D3C2F71} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-10-17] (Broadcom Corporation.)
Task: {D23DE358-03D5-41EB-82A5-493CD1E8DB2A} - System32\Tasks\{8EB4FDDC-3DD7-4A74-9D6D-47A92B40EC46} => pcalua.exe -a C:\Users\da\Downloads\mx850swin101ea24.exe -d "C:\Program Files\Mozilla Firefox"
Task: {D24C8C35-ABE1-458A-AF8F-67EF6025599E} - System32\Tasks\{A3D83E62-E1E0-40A6-9F9E-C407A1C3E652} => pcalua.exe -a G:\SETUP.EXE -d G:\
Task: {D86D295C-C96F-445C-8FFD-0816FDF9411B} - System32\Tasks\{26D0E011-638C-47F1-A146-FC24BDDCBFA7} => pcalua.exe -a C:\Users\da\Downloads\PM90310ML.exe -d C:\Users\da\Downloads
Task: {DAE2F664-3E38-40ED-85CF-8C0FE23CFC4E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)
Task: {DBBD5577-570B-4B39-BA55-8325FA731752} - System32\Tasks\{ACCE6506-EA6A-4726-9228-68FE7A1F35A8} => pcalua.exe -a C:\Users\da\Documents\Downloads\sp47022.exe -d C:\Users\da\Documents\Downloads
Task: {DEE0E42F-CC3D-41A3-A272-2D6EC0B2DA62} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core => C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {DF1F9333-B5F8-48A4-A5A6-B95D160E5D71} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-26] (RealNetworks, Inc.)
Task: {E0AC77B5-2592-4069-9548-5C6FCC7270D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {E629AB77-6C47-44EF-98BB-B4A1FE04C348} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {EE884B8D-A8CB-47DA-BB98-5D638365C448} - System32\Tasks\{4E9E56B3-4C15-4F41-A050-4443CF04C01E} => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {F9B2B269-9BBA-4021-B4C8-A26DB9C9FE6A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core.job => C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA.job => C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core.job => C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA.job => C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForda.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HPCeeScheduleForDAWNGREENAWAY$.job => c:\program files\hewlett-packard\hp ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-10-29 19:06 - 2014-10-29 19:06 - 00560192 _____ () C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
2014-10-29 19:01 - 2014-10-29 19:01 - 01382048 _____ () C:\Program Files\RealNetworks\RealDownloader\cpprest100_1_2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:04 - 2016-03-23 22:22 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3932258823-1374462109-926273279-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\da\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: AllShare Framework DMS => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Basics Service => 2
MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: CoolroomDownloadManagerService => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: FsUsbExService => 2
MSCONFIG\Services: Garmin Device Interaction Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpHotkeyMonitor => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyEpson Portal Service => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: PDFProFiltSrvPP => 2
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RaMediaServer => 3
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: RoxMediaDB10 => 3
MSCONFIG\Services: Samsung Link Service => 2
MSCONFIG\Services: Scan2PC => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: TeamViewer5 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Mediatek Wireless Utility.lnk => C:\windows\pss\Mediatek Wireless Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^da^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: basicsmssmenu => "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Dropbox Update => "C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "c:\program files\itunes\ituneshelper.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: MusicManager => "C:\Users\da\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: PMSpeed => C:\Program Files\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE
MSCONFIG\startupreg: QLBController => C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
MSCONFIG\startupreg: QuickTime Task => "c:\program files\quicktime\qttask.exe" -atboottime
MSCONFIG\startupreg: RealDownloader => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: Samsung Link => "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: WirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
MSCONFIG\startupreg: WrtMon.exe => C:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
16-03-2016 12:00:21 Windows Update
19-03-2016 21:57:49 Revo Uninstaller's restore point - Trusteer Endpoint Protection
19-03-2016 21:59:28 Removed Rapport
20-03-2016 19:49:44 Windows Update
20-03-2016 20:02:10 Garmin Express
20-03-2016 20:08:52 Garmin Express
22-03-2016 20:26:32 HPSF Applying updates
22-03-2016 20:28:56 Installed HP Webcam Driver
22-03-2016 20:32:33 HPSF Applying updates
22-03-2016 20:32:53 Installed Realtek Ethernet Controller All-In-One Windows Driver
22-03-2016 20:35:11 Installed HP Webcam Driver

==================== Faulty Device Manager Devices =============

Name: RapportPG
Description: RapportPG
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RapportPG
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: RapportCerberus_1507082
Description: RapportCerberus_1507082
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RapportCerberus_1507082
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/19/2016 09:57:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ba2e68e6-a86f-45b0-81c6-0438d4771885}

Error: (03/15/2016 09:47:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {dbefab29-4654-49f5-8413-4912e07187bf}

Error: (03/14/2016 07:40:15 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (03/14/2016 07:39:59 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (03/14/2016 07:39:01 PM) (Source: MsiInstaller) (EventID: 1023) (User: DAWNGREENAWAY)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5C00}' could not be installed. Error code 1625. Additional information is available in the log file C:\Users\da\AppData\Local\Temp\MSIa42f8.LOG.

Error: (03/10/2016 10:15:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OUTLOOK.EXE version 12.0.6691.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9a8

Start Time: 01d17b190471bb35

Termination Time: 0

Application Path: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

Report Id:

Error: (03/10/2016 10:05:10 PM) (Source: HPSupportSolutionsFrameworkService) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (03/08/2016 12:08:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d862e1dd-651a-4772-b88a-f711c22553da}

Error: (02/26/2016 09:42:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3cac672d-d044-48bc-8874-a9981f33431c}

Error: (02/26/2016 09:27:32 PM) (Source: MsiInstaller) (EventID: 1023) (User: DAWNGREENAWAY)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5B00}' could not be installed. Error code 1625. Additional information is available in the log file C:\Users\da\AppData\Local\Temp\MSI3872d.LOG.


System errors:
=============
Error: (03/24/2016 09:43:13 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RapportHades

Error: (03/23/2016 10:47:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RapportHades

Error: (03/23/2016 10:46:21 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.215.2524.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (03/19/2016 10:39:28 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.215.1919.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (03/17/2016 08:17:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (03/15/2016 10:22:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

Error: (03/10/2016 10:23:32 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.215.565.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (03/10/2016 10:05:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/08/2016 12:55:11 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (03/07/2016 10:50:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6570 @ 2.10GHz
Percentage of memory in use: 33%
Total physical RAM: 3000.27 MB
Available physical RAM: 1997.08 MB
Total Virtual: 5998.85 MB
Available Virtual: 5050.54 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.79 GB) (Free:64.85 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: DE5AC82A)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by da (administrator) on DAWNGREENAWAY (24-03-2016 10:02:20)
Running from C:\Users\da\Desktop
Loaded Profiles: da (Available Profiles: da)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
() C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\runonceex: [ContentMerger] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-11-23] (Sonic Solutions)
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1403304 2016-02-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1403304 2016-02-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-12-01] (Apple Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BD53176A-3F68-456B-BD0F-953EEA4D05E8}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{C385B932-3828-44FE-A24E-AA6C92A2CA4B}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{EDB6B648-580F-4622-89D4-8FE183E73E20}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/2
SearchScopes: HKU\S-1-5-21-3932258823-1374462109-926273279-1001 -> {4CF47C40-C912-4248-B5E3-E9D60E076B5D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-26] (RealDownloader)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-09-24] (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2014-11-14] (SEIKO EPSON CORPORATION)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-09-24] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2014-11-14] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\da\AppData\Roaming\Mozilla\Firefox\Profiles\htbwy3dd.default-1456176531907
FF Homepage: hxxps://www.google.co.uk/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-23] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\windows\system32\npdeployJava1.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-09-24] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=17.0.15.10 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2015-02-08] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-26] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2015-02-08] (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3932258823-1374462109-926273279-1001: @tools.google.com/Google Update;version=3 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-3932258823-1374462109-926273279-1001: @tools.google.com/Google Update;version=9 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2009-08-03] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2015-02-08] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2015-02-08] (RealPlayer Cloud)
FF Extension: Garmin Communicator - C:\Users\da\AppData\Roaming\Mozilla\Firefox\Profiles\htbwy3dd.default-1456176531907\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2016-02-24]
FF Extension: UW CashBack Wizard - C:\Users\da\AppData\Roaming\Mozilla\Firefox\Profiles\htbwy3dd.default-1456176531907\Extensions\@uw-cashback-wizard-pub.xpi [2016-02-24]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-21] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-12-25] [not signed]
FF HKLM\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2015-08-17] [not signed]

Chrome:
=======
CHR Profile: C:\Users\da\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\da\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-09]
CHR HKU\S-1-5-21-3932258823-1374462109-926273279-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.WB375URJVMMOHOZGJDSIZ3RWYU - C:\Users\da\AppData\Local\Google\Chrome\Application\46.10.2479.2\chromer.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed]
S4 Basics Service; C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)
S4 BcmBtRSupport; C:\windows\system32\BtwRSupportService.exe [1680088 2013-10-28] (Broadcom Corporation.)
S4 CoolroomDownloadManagerService; C:\Program Files\Coolroom\DownloadManagerService.exe [430080 2009-01-05] (Etherdigital Limited) [File not signed]
S4 EpsonScanSvc; C:\windows\system32\EscSvc.exe [126128 2012-05-16] (Seiko Epson Corporation)
S4 FsUsbExService; C:\windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed]
S3 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [846352 2016-02-16] (Garmin Ltd. or its subsidiaries)
S4 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [265272 2010-01-28] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-04-16] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S4 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S4 MyEpson Portal Service; C:\Program Files\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S4 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2010-01-12] (PDF Complete Inc)
S4 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S4 RalinkRegistryWriter; C:\Program Files\MediatekWiFi\Common\RaRegistry.exe [401096 2014-05-01] (Mediatek Inc.)
S4 RaMediaServer; C:\Program Files\MediatekWiFi\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink) [File not signed]
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
S4 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-08] (RealNetworks, Inc.)
S4 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S4 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [577376 2014-03-13] (Copyright 2013 SAMSUNG)
S4 Scan2PC; C:\Program Files\Scan2PC\Sc2PCSvc.exe [69632 2009-08-10] () [File not signed]
S4 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [633856 2011-06-08] (Nokia) [File not signed]
S4 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe [229458 2010-01-29] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\windows\System32\drivers\bcbtums.sys [170552 2012-09-24] (Broadcom Corporation.)
R3 btwampfl; C:\windows\System32\DRIVERS\btwampfl.sys [507704 2012-07-03] (Broadcom Corporation.)
R3 dfmirage; C:\windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-04] (DemoForge, LLC)
S3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
S3 HTCAND32; C:\windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [File not signed]
R2 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [94936 2015-10-05] (Malwarebytes)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-02-15] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 netr28u; C:\windows\System32\DRIVERS\netr28u.sys [1704648 2014-01-24] (Ralink Technology Corp.)
R3 rtsuvc; C:\windows\System32\DRIVERS\rtsuvc.sys [78848 2016-03-22] (Realtek Semiconductor Corp.)
S3 usbrndis6; C:\windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
R3 vpcbus; C:\windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S1 RapportCerberus_1507082; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1507082.sys [X]
S0 RapportHades; System32\Drivers\RapportHades.sys [X]
S1 RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-24 10:02 - 2016-03-24 10:03 - 00021244 _____ C:\Users\da\Desktop\FRST.txt
2016-03-24 10:00 - 2016-03-24 10:00 - 00000000 _____ C:\Users\da\Desktop\fixlist.txt
2016-03-23 22:39 - 2016-03-23 22:39 - 00000000 ____D C:\Users\da\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-22 20:47 - 2016-03-24 10:01 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-03-22 20:47 - 2016-03-23 23:01 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2016-03-22 20:47 - 2016-03-23 23:01 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2016-03-22 20:36 - 2016-03-22 20:33 - 00327680 _____ (Realtek Semiconductor Corp.) C:\windows\RtsUvcUninst.exe
2016-03-22 20:36 - 2016-03-22 20:33 - 00078848 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\rtsuvc.sys
2016-03-19 21:53 - 2016-03-19 21:53 - 00001263 _____ C:\Users\da\Desktop\Revo Uninstaller.lnk
2016-03-19 21:53 - 2016-03-19 21:53 - 00000000 ____D C:\Users\da\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-03-19 21:52 - 2016-03-19 21:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\da\Downloads\revosetup.exe
2016-03-15 16:25 - 2016-02-09 09:50 - 00021504 _____ (Microsoft Corporation) C:\windows\system32\seclogon.dll
2016-03-15 16:25 - 2016-02-04 17:46 - 02387456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-03-15 16:25 - 2016-02-03 17:59 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2016-03-15 16:24 - 2016-02-11 18:44 - 03994560 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2016-03-15 16:24 - 2016-02-11 18:44 - 03938240 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-03-15 16:24 - 2016-02-11 18:44 - 00138176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-03-15 16:24 - 2016-02-11 18:44 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-03-15 16:24 - 2016-02-11 18:41 - 01310232 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-03-15 16:24 - 2016-02-11 18:38 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-03-15 16:24 - 2016-02-11 18:38 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-03-15 16:24 - 2016-02-11 18:37 - 00654336 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-03-15 16:24 - 2016-02-11 18:37 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-03-15 16:24 - 2016-02-11 18:37 - 00251392 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-03-15 16:24 - 2016-02-11 18:37 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-03-15 16:24 - 2016-02-11 18:37 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-03-15 16:24 - 2016-02-11 18:37 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-03-15 16:24 - 2016-02-11 18:35 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-03-15 16:24 - 2016-02-11 18:35 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-03-15 16:24 - 2016-02-11 18:35 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-03-15 16:24 - 2016-02-11 18:34 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-03-15 16:24 - 2016-02-11 18:33 - 01060864 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-03-15 16:24 - 2016-02-11 18:33 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-03-15 16:24 - 2016-02-11 18:31 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-03-15 16:24 - 2016-02-11 18:31 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-03-15 16:24 - 2016-02-11 18:30 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-03-15 16:24 - 2016-02-11 18:30 - 00642560 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-03-15 16:24 - 2016-02-11 18:30 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-03-15 16:24 - 2016-02-11 17:43 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-03-15 16:24 - 2016-02-11 17:37 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-03-15 16:24 - 2016-02-11 17:32 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-03-15 16:24 - 2016-02-11 17:32 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-03-15 16:24 - 2016-02-11 17:32 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-03-15 16:24 - 2016-02-11 17:31 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-03-15 16:24 - 2016-02-11 17:30 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-03-15 16:24 - 2016-02-11 17:30 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-03-15 16:24 - 2016-02-11 17:30 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-03-15 16:24 - 2016-02-04 18:41 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2016-03-15 16:22 - 2016-02-12 18:07 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-03-15 16:21 - 2016-02-12 18:39 - 02956288 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-03-15 16:21 - 2016-02-12 18:39 - 00174080 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-03-15 16:21 - 2016-02-12 18:26 - 00073728 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-03-15 16:21 - 2016-02-12 18:06 - 00573440 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-03-15 16:21 - 2016-02-12 18:05 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-03-15 16:21 - 2016-02-12 18:05 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-03-15 16:21 - 2016-02-12 18:05 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-03-15 16:21 - 2016-02-12 18:05 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-03-15 16:21 - 2016-02-12 18:05 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-03-15 16:21 - 2016-02-12 18:05 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-03-15 16:21 - 2016-02-08 20:38 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-03-15 16:21 - 2016-02-08 20:28 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-03-15 16:21 - 2016-02-08 20:23 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-03-15 16:21 - 2016-02-08 20:16 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-03-15 16:21 - 2016-02-08 20:02 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-03-15 16:21 - 2016-02-03 18:49 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-03-15 16:21 - 2016-02-03 18:49 - 00090624 _____ (Microsoft Corporation) C:\windows\system32\olepro32.dll
2016-03-15 16:21 - 2016-02-03 18:43 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-03-15 16:20 - 2016-02-09 06:10 - 00341200 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-03-15 16:20 - 2016-02-08 21:05 - 20352512 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-03-15 16:20 - 2016-02-08 20:51 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-03-15 16:20 - 2016-02-08 20:51 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-03-15 16:20 - 2016-02-08 20:39 - 00496640 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-03-15 16:20 - 2016-02-08 20:39 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-03-15 16:20 - 2016-02-08 20:38 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-03-15 16:20 - 2016-02-08 20:37 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-03-15 16:20 - 2016-02-08 20:34 - 02280448 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-03-15 16:20 - 2016-02-08 20:32 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-03-15 16:20 - 2016-02-08 20:31 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-03-15 16:20 - 2016-02-08 20:30 - 00476160 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-03-15 16:20 - 2016-02-08 20:28 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-03-15 16:20 - 2016-02-08 20:28 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-03-15 16:20 - 2016-02-08 20:28 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-03-15 16:20 - 2016-02-08 20:20 - 00416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-03-15 16:20 - 2016-02-08 20:15 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-03-15 16:20 - 2016-02-08 20:13 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-03-15 16:20 - 2016-02-08 20:12 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-03-15 16:20 - 2016-02-08 20:11 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-03-15 16:20 - 2016-02-08 20:10 - 04611072 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-03-15 16:20 - 2016-02-08 20:10 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-03-15 16:20 - 2016-02-08 20:03 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-03-15 16:20 - 2016-02-08 20:02 - 13012480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-03-15 16:20 - 2016-02-08 20:02 - 00687104 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-03-15 16:20 - 2016-02-08 20:01 - 02050560 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-03-15 16:20 - 2016-02-08 20:01 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-03-15 16:20 - 2016-02-08 19:43 - 02121216 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-03-15 16:20 - 2016-02-08 19:39 - 01311744 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-03-15 16:20 - 2016-02-08 19:38 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-03-15 16:15 - 2016-02-19 14:07 - 01206784 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-03-15 16:14 - 2016-02-19 18:50 - 00034240 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-03-15 16:14 - 2016-02-19 18:41 - 00958464 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-03-15 16:14 - 2016-02-11 14:07 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-03-15 16:14 - 2016-02-09 09:51 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2016-03-15 16:14 - 2016-02-09 09:51 - 11411456 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-03-15 16:14 - 2016-02-09 09:13 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2016-03-15 16:14 - 2016-02-09 09:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2016-03-15 16:14 - 2016-02-09 09:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2016-03-15 16:14 - 2016-02-05 18:44 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-03-15 16:14 - 2016-02-05 18:44 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-03-15 16:14 - 2016-02-05 18:42 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-03-15 16:14 - 2016-02-05 17:43 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-03-15 16:14 - 2016-02-05 17:43 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-03-15 16:14 - 2016-02-05 14:07 - 00591872 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-03-15 16:14 - 2016-02-05 14:07 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-03-15 16:14 - 2016-02-05 14:07 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-03-03 11:19 - 2016-03-03 11:19 - 00235360 _____ (IBM Corp.) C:\windows\system32\Drivers\RapportKELL.sys
2016-02-26 21:38 - 2016-02-26 21:38 - 00000935 _____ C:\Users\da\Desktop\NTREGOPT.lnk
2016-02-26 21:38 - 2016-02-26 21:38 - 00000916 _____ C:\Users\da\Desktop\ERUNT.lnk
2016-02-26 21:38 - 2016-02-26 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2016-02-26 21:38 - 2016-02-26 21:38 - 00000000 ____D C:\Program Files\ERUNT
2016-02-26 21:36 - 2016-02-26 21:36 - 00791393 _____ (Lars Hederer ) C:\Users\da\Downloads\erunt_setup(1).exe
2016-02-25 12:29 - 2016-02-25 12:29 - 00000000 ____D C:\Users\da\AppData\Local\CEF
2016-02-24 20:45 - 2016-02-24 20:45 - 18860616 _____ C:\Users\da\Downloads\CommunicatorPlugin_420.exe
2016-02-24 20:38 - 2016-03-22 20:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-24 20:38 - 2016-03-22 20:40 - 00002058 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-24 10:02 - 2016-02-06 14:44 - 00000000 ____D C:\FRST
2016-03-24 09:59 - 2009-07-14 04:34 - 00025648 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-24 09:59 - 2009-07-14 04:34 - 00025648 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-24 09:43 - 2016-02-09 09:16 - 00000874 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-24 09:43 - 2009-07-14 04:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-23 22:40 - 2015-06-22 10:31 - 00000906 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA.job
2016-03-23 22:40 - 2010-11-15 12:40 - 00000000 ____D C:\Users\da\AppData\Roaming\Dropbox
2016-03-23 22:36 - 2012-11-15 20:36 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA.job
2016-03-23 22:29 - 2011-11-15 14:48 - 00000000 ____D C:\Program Files\Trusteer
2016-03-23 22:29 - 2011-02-03 14:09 - 00000000 ____D C:\ProgramData\Trusteer
2016-03-23 22:22 - 2016-02-09 09:16 - 00000878 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-23 22:09 - 2015-08-24 10:01 - 00000308 _____ C:\windows\Tasks\HPCeeScheduleForda.job
2016-03-22 20:46 - 2014-08-29 09:58 - 00000000 ____D C:\Users\da\AppData\Local\Adobe
2016-03-22 20:37 - 2009-07-14 02:37 - 00000000 ____D C:\windows\inf
2016-03-22 20:36 - 2010-06-10 07:59 - 00000000 ____D C:\Program Files\Realtek
2016-03-22 20:33 - 2010-04-26 16:16 - 00000000 ____D C:\swsetup
2016-03-22 20:33 - 2010-02-23 18:45 - 00000000 ___HD C:\SYSTEM.SAV
2016-03-22 20:32 - 2010-06-10 07:59 - 00013884 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RTNICVer.dll
2016-03-21 22:35 - 2015-12-24 14:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-21 22:35 - 2012-05-02 21:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-21 20:24 - 2015-06-22 10:30 - 00000854 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core.job
2016-03-21 00:36 - 2012-11-15 20:36 - 00000844 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core.job
2016-03-20 21:37 - 2011-07-26 15:36 - 00000340 _____ C:\windows\Tasks\HPCeeScheduleForDAWNGREENAWAY$.job
2016-03-20 20:23 - 2014-10-16 18:38 - 00000000 ____D C:\Users\da\AppData\Local\Garmin
2016-03-20 20:11 - 2014-10-16 18:34 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-20 20:10 - 2011-04-07 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-03-20 20:10 - 2010-11-16 15:55 - 00000000 ____D C:\Program Files\Garmin
2016-03-19 21:53 - 2015-07-24 21:31 - 00000000 ____D C:\Program Files\VS Revo Group
2016-03-18 11:00 - 2016-02-15 12:20 - 00000000 ____D C:\Users\da\Documents\My PageManager
2016-03-16 01:09 - 2009-07-14 02:37 - 00000000 ____D C:\windows\rescache
2016-03-16 01:08 - 2010-11-05 20:34 - 00000000 ____D C:\Users\da\AppData\Local\ElevatedDiagnostics
2016-03-15 22:13 - 2009-07-14 02:37 - 00000000 ____D C:\windows\PolicyDefinitions
2016-03-15 21:47 - 2010-06-10 07:19 - 00785302 _____ C:\windows\system32\PerfStringBackup.INI
2016-03-15 21:38 - 2009-07-14 04:33 - 00459000 _____ C:\windows\system32\FNTCACHE.DAT
2016-03-15 21:35 - 2014-12-12 12:34 - 00000000 ____D C:\windows\system32\appraiser
2016-03-15 17:08 - 2013-07-15 14:43 - 00000000 ____D C:\windows\system32\MRT
2016-03-15 16:57 - 2010-11-11 17:32 - 141270216 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-03-15 16:31 - 2016-02-09 09:18 - 00002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-15 16:07 - 2013-12-02 21:46 - 00000000 ____D C:\Users\da\AppData\Roaming\.oit
2016-03-14 20:23 - 2013-09-25 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-03-14 19:44 - 2010-11-07 17:05 - 00000000 ____D C:\Users\da\AppData\Roaming\Skype
2016-03-08 22:12 - 2010-11-12 16:46 - 00000000 ____D C:\windows\ERDNT
2016-03-08 12:51 - 2015-11-17 18:47 - 00000000 ____D C:\Users\da\Documents\Funeral Work
2016-03-08 12:51 - 2010-12-06 16:51 - 00000000 ____D C:\Users\da\Documents\Dee Gees Nails
2016-03-08 12:42 - 2016-02-08 22:16 - 00000000 ____D C:\Users\da\Desktop\FRST-OlderVersion
2016-03-08 12:42 - 2016-02-06 14:42 - 01725440 _____ (Farbar) C:\Users\da\Desktop\FRST.exe
2016-03-07 13:51 - 2010-11-03 11:46 - 00126336 _____ C:\Users\da\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-03 21:28 - 2009-07-14 02:04 - 00000478 _____ C:\windows\win.ini
2016-02-26 22:43 - 2015-04-20 18:43 - 00000000 ___SD C:\windows\system32\GWX
2016-02-26 22:03 - 2014-06-23 19:54 - 00000000 ____D C:\Users\da\Documents\Deramores
2016-02-24 20:46 - 2010-11-16 15:55 - 00000000 ____D C:\Program Files\Garmin GPS Plugin
2016-02-24 20:37 - 2011-09-26 19:58 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-02-24 20:37 - 2010-11-11 15:52 - 00000000 ____D C:\ProgramData\Adobe
2016-02-24 20:37 - 2010-11-11 15:52 - 00000000 ____D C:\Program Files\Adobe
2016-02-24 10:26 - 2014-10-26 18:40 - 00002158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-24 10:26 - 2011-01-26 11:58 - 00001945 _____ C:\windows\epplauncher.mif
2016-02-24 10:25 - 2014-10-26 18:40 - 00000000 ____D C:\Program Files\Microsoft Security Client

==================== Files in the root of some directories =======

2013-01-12 16:40 - 2013-01-12 17:20 - 0025629 _____ () C:\Users\da\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-01-14 17:27 - 2014-01-06 20:02 - 0025593 _____ () C:\Users\da\AppData\Roaming\Comma Separated Values (Windows).ADR
2011-03-08 12:00 - 2011-06-22 11:53 - 0001849 _____ () C:\Users\da\AppData\Roaming\GhostObjGAFix.xml
2011-03-28 15:03 - 2012-02-03 14:45 - 0022784 _____ () C:\Users\da\AppData\Roaming\Microsoft Excel 97-2003.ADR
2010-11-20 15:14 - 2010-11-20 15:15 - 0033280 ___SH () C:\Users\da\AppData\Roaming\Thumbs.db
2012-05-17 16:03 - 2012-11-22 16:29 - 0007106 _____ () C:\Users\da\AppData\Roaming\unins003.dat
2010-11-17 19:50 - 2010-11-17 19:51 - 0027623 _____ () C:\Users\da\AppData\Roaming\UserTile.png
2014-01-08 21:01 - 2014-01-08 21:01 - 0000059 _____ () C:\Users\da\AppData\Roaming\WB.CFG
2011-01-30 10:33 - 2012-05-12 19:59 - 0009728 _____ () C:\Users\da\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-15 12:14 - 2015-11-12 22:27 - 0007603 _____ () C:\Users\da\AppData\Local\Resmon.ResmonCfg
2012-07-20 13:32 - 2012-07-20 13:33 - 0258348 _____ () C:\Users\da\AppData\Local\rx_image32.Cache
2015-12-13 23:57 - 2015-12-13 23:57 - 0980170 _____ () C:\Users\da\AppData\Local\WAV-to-MP3-Converter_1533.rar
2010-11-07 19:52 - 2010-11-07 19:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-06-10 07:57 - 2015-07-22 20:50 - 0000426 _____ () C:\ProgramData\HPWALog.txt
2015-07-22 21:16 - 2015-07-22 21:16 - 0001664 _____ () C:\ProgramData\tempimage.bmp

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-20 23:23

==================== End of FRST.txt ============================


  • 0

#67
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi pumpkinace

It looks like your system restore is disabled at present. Hers's how to renable it.

1. Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.

2. In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

3.Under Protection Settings, click the disk, and then click Configure.

4. To be able to restore system settings and previous versions of files, click Restore system settings and previous versions of files.

5. Click OK, and then click OK again.


Step2 - Remove Programs

Please uninstall the following programs:
Rapport

To do this:
Please go to Start Menu -> Control Panel -> Uninstall a program or Programs and Features
In the list of installed programs locate and click on the program to uninstall e.g. Rapport
Click uninstall.


Step3 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
S1 RapportCerberus_1507082; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1507082.sys [X]
S0 RapportHades; System32\Drivers\RapportHades.sys [X]
S1 RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [X]
C:\windows\system32\Drivers\RapportKELL.sys
C:\Program Files\Trusteer
C:\ProgramData\Trusteer
Hosts:
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step4 - Security Check by glax24
  • Download SecurityCheck by glax24 here and save utility on your Desktop
  • Right click and choose Run As Administrator
  • Do not block the utility by your Firewall warnings (if any).
  • Wait for the end of scan.
  • Log SecurityCheck.txt will open in the Notepad;
  • In case you close the Notepad you can find a log in the system root folder named SecurityCheck, for example C:\SecurityCheck\SecurityCheck.txt
  • Copy its contents to your next post.


    Things for your next post:
  • fixlog.txt
  • SecurityCheck.txt
  • How is the computer running now?

  • 0

#68
pumpkinace

pumpkinace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Hello Bruce1270

Thank you for keeping this topic open whilst I was away.  I have 'uninstalled' Rapport twice before and checked that it was removed but as you say it is still there?  I don't know how or why the restore function was disabled as far as I knew it was working.  I have managed to get to step 2 but unfortunately each time I click on unistall it is not working.  I tried twice and the third time it is now giving me an error message ...Windows Installer ...error opening installation log. Verify that the specified log file location exists and is writable. so I can't uninstall it this time and haven't gone any further with the FRST fix as it won't give you the results you need. Kind regards Dawn


  • 0

#69
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Pumpkinace

Welcome back! :) Hope you had a very peaceful and enjoyable holiday.

Miss out step2 and proceed with the FRST fix and the security check.

Thanks
  • 0

#70
pumpkinace

pumpkinace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Hi Bruce1270

Yes thank you very nice.  I have just checked to see if Rapport is still there and it is.

 

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by da (2016-04-04 22:23:40) Run:15
Running from C:\Users\da\Desktop
Loaded Profiles: da (Available Profiles: da)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
S1 RapportCerberus_1507082; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1507082.sys [X]
S0 RapportHades; System32\Drivers\RapportHades.sys [X]
S1 RapportPG; \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [X]
C:\windows\system32\Drivers\RapportKELL.sys
C:\Program Files\Trusteer
C:\ProgramData\Trusteer
Hosts:
EmptyTemp:
*****************

Restore point was successfully created.
RapportCerberus_1507082 => service removed successfully.
RapportHades => service removed successfully.
RapportPG => service removed successfully.
C:\windows\system32\Drivers\RapportKELL.sys => moved successfully
C:\Program Files\Trusteer => moved successfully
C:\ProgramData\Trusteer => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 796.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 22:24:45 ====

 

SecurityCheck by glax24 & Severnyj v.1.4.0.37 [05.03.16]
WebSite: www.safezone.cc
DateLog: 04.04.2016 22:29:02
Path starting: C:\Users\da\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: da
VersionXML: 2.67is-04.04.2016
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x86) Professional Lang: English(0409)
Installation date OS: 03.11.2010 11:44:57
LicenseStatus: Windows® 7, Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [280.8 Gb] Used: [216.8 Gb] Free: [64 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18230
User Account Control enabled
Automatic download and scheduled installation
Date install updates: 2016-04-04 19:49:51
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Microsoft Security Essentials (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Microsoft Security Essentials (enabled and up to date)
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Microsoft Security Essentials v.4.9.218.0
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.0.1024 v.2.2.0.1024
--------------------------- [ OtherUtilities ] ----------------------------
TeamViewer 5 v.5.1.9385  Warning! Download Update
Microsoft Silverlight v.5.1.41212.0
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.8 v.7.8.102 Warning! Download Update
^Optional update.^
-------------------------------- [ Java ] ---------------------------------
Java™ 6 Update 37 v.6.0.370 Warning! Download Update
Uninstall old version and install new one. Should install Java 8.
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.1.0.1
iTunes v.12.3.2.35 Warning! Download Update
^Please use Apple Software Update tool.^
QuickTime 7 v.7.79.80.95
Bonjour Service (Bonjour Service) - The service has stopped
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.3.1.0.4880 Warning! Download Update
Adobe Flash Player 21 NPAPI v.21.0.0.197
Adobe Acrobat Reader DC v.15.010.20060
------------------------------- [ Browser ] -------------------------------
Google Chrome v.49.0.2623.87 Warning! Download Update
Mozilla Firefox 25.0.1 (x86 en-GB) v.25.0.1 Warning! Download Update
Safari v.5.34.57.2 Warning! This software is no longer supported.
----------------------------- [ EmailClient ] -----------------------------
Windows Live Mail v.16.4.3505.0912
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files\Mozilla Firefox\firefox.exe v.45.0.1.5918
C:\Program Files\Microsoft Security Client\MsMpEng.exe v.4.9.218.0
C:\Program Files\Microsoft Security Client\NisSrv.exe v.4.9.218.0
----------------------------- [ End of Log ] ------------------------------
 

Haven't used the computer much but it is still flickering slightly, outlook is still not always opening up new messages in front and FF is slow to open through a link in emails.  This isn't too bad as it is much better than it was before you started to clean it up for me.  Regards Dawn


  • 0

Advertisements


#71
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Pumpkinace

We'll come back to Rapport later. :bashhead:

The security check has thrown up a few things.

TeamViewer 5 v.5.1.9385 - did you install this at any time? It's a legitimate program but could be used for malicious purposes. I just want to check know about it.

Java

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Click any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.

    Once older versions have been removed click the Java 8 link in the security check output from post #70. On the java download page accept the agreement and select the windows x64 download called jre-8u77-windows-x64.exe.


    Once Java is installed you can go through the links to update -

    TeamViewer 5 v.5.1.9385 (providing you installed this)
    Adobe AIR v.3.1.0.4880
    Google Chrome v.49.0.2623.87
    Mozilla Firefox 25.0.1 (x86 en-GB) v.25.0.1


    Be careful to remove any ticks asking you to install any additional software with any of these.

    I'll leave to you if you want to update Skype and Itunes.


    Also then run a fresh set of FRST logs.
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.

  • 0

#72
pumpkinace

pumpkinace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Hi Bruce 1270

There was only 1 programme to uninstall.  I was surprised to see the above updates as I have automatic updates on.  The link you gave me for the Java didn't work with my computer as it said it was incompatible.  I then uninstalled it again and tried another one, that also didn't work so uninstalled that and went through and found another link but I couldnt verify it.  I have also updated all the above and uninstalled Teamviewer as I don't use it any more.  Attached are the reports from FRST. Thank you Dawn.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by da (administrator) on DAWNGREENAWAY (05-04-2016 21:09:17)
Running from C:\Users\da\Desktop
Loaded Profiles: da (Available Profiles: da)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\mpam-3252ae65.exe
() C:\2f2a65591daedb26090d71952e4b414f\MPSigStub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-03-19] (Apple Inc.)
HKLM\...\runonceex: [ContentMerger] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-11-23] (Sonic Solutions)
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1403304 2016-02-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1403304 2016-02-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files\Common Files\Apple\Internet Services\iCloud.exe [60688 2015-12-01] (Apple Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BD53176A-3F68-456B-BD0F-953EEA4D05E8}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{EDB6B648-580F-4622-89D4-8FE183E73E20}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-3932258823-1374462109-926273279-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/2
SearchScopes: HKU\S-1-5-21-3932258823-1374462109-926273279-1001 -> {4CF47C40-C912-4248-B5E3-E9D60E076B5D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-05] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2014-11-14] (SEIKO EPSON CORPORATION)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-05] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2014-11-14] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\da\AppData\Roaming\Mozilla\Firefox\Profiles\8ydpawj8.default-1459886473048
FF Homepage: hxxps://www.google.co.uk/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=17.0.15.10 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2015-02-08] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2015-02-08] (RealPlayer Cloud)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3932258823-1374462109-926273279-1001: @tools.google.com/Google Update;version=3 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-3932258823-1374462109-926273279-1001: @tools.google.com/Google Update;version=9 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll [2009-08-03] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2015-02-08] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2015-02-08] (RealPlayer Cloud)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-21] [not signed]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-12-25] [not signed]
FF HKLM\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2015-08-17] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-03-14]

Chrome:
=======
CHR Profile: C:\Users\da\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Rapport) - C:\Users\da\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-04-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\da\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR HKU\S-1-5-21-3932258823-1374462109-926273279-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.WB375URJVMMOHOZGJDSIZ3RWYU - C:\Users\da\AppData\Local\Google\Chrome\Application\46.10.2479.2\chromer.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed]
S4 Basics Service; C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)
S4 BcmBtRSupport; C:\windows\system32\BtwRSupportService.exe [1680088 2013-10-28] (Broadcom Corporation.)
S4 CoolroomDownloadManagerService; C:\Program Files\Coolroom\DownloadManagerService.exe [430080 2009-01-05] (Etherdigital Limited) [File not signed]
S4 EpsonScanSvc; C:\windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
S4 FsUsbExService; C:\windows\system32\FsUsbExService.Exe [233472 2013-03-20] (Teruten) [File not signed]
S3 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [846352 2016-02-16] (Garmin Ltd. or its subsidiaries)
S4 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [265272 2010-01-28] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-04-16] (Hewlett-Packard Company) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S4 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
S4 MyEpson Portal Service; C:\Program Files\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
S4 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2010-01-12] (PDF Complete Inc)
S4 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
S4 RealPlayer Cloud Service; c:\program files\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2015-02-08] (RealNetworks, Inc.)
S4 RealPlayerUpdateSvc; C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S4 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [577376 2014-03-13] (Copyright 2013 SAMSUNG)
S4 Scan2PC; C:\Program Files\Scan2PC\Sc2PCSvc.exe [69632 2009-08-10] () [File not signed]
S4 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe [229458 2010-01-29] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\windows\System32\drivers\bcbtums.sys [170552 2012-09-24] (Broadcom Corporation.)
R3 btwampfl; C:\windows\System32\DRIVERS\btwampfl.sys [507704 2012-07-03] (Broadcom Corporation.)
R3 dfmirage; C:\windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-05] (DemoForge, LLC)
S3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
S3 HTCAND32; C:\windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [File not signed]
R2 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [94936 2015-10-05] (Malwarebytes)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-02-15] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S3 netr28u; C:\windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
R3 rtsuvc; C:\windows\System32\DRIVERS\rtsuvc.sys [78848 2016-03-22] (Realtek Semiconductor Corp.)
S3 usbrndis6; C:\windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
R3 vpcbus; C:\windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-05 21:09 - 2016-04-05 21:10 - 00021081 _____ C:\Users\da\Desktop\FRST.txt
2016-04-05 21:08 - 2016-04-05 21:08 - 00000000 ____D C:\2f2a65591daedb26090d71952e4b414f
2016-04-05 21:00 - 2016-04-05 21:00 - 00002242 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-05 20:53 - 2016-04-05 20:53 - 00001794 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-05 20:53 - 2016-04-05 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-05 20:52 - 2016-04-05 20:53 - 00000000 ____D C:\Program Files\iTunes
2016-04-05 20:52 - 2016-04-05 20:52 - 00000000 ____D C:\Program Files\iPod
2016-04-05 20:47 - 2016-04-05 20:47 - 00000000 ____D C:\Program Files\Apple Software Update
2016-04-05 20:34 - 2016-04-05 20:34 - 00002685 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-05 20:34 - 2016-04-05 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-04-05 20:34 - 2016-04-05 20:34 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-04-05 15:11 - 2016-04-05 15:11 - 00000000 ____D C:\Program Files\Common Files\Java
2016-04-05 15:10 - 2016-04-05 15:10 - 00095808 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2016-04-05 15:10 - 2016-04-05 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-05 14:51 - 2016-04-05 14:51 - 00000000 ____D C:\Users\da\AppData\Roaming\Sun
2016-04-05 14:51 - 2016-04-05 14:51 - 00000000 ____D C:\Users\da\.oracle_jre_usage
2016-04-05 14:48 - 2016-04-05 15:11 - 00000000 ____D C:\ProgramData\Oracle
2016-04-05 14:47 - 2016-04-05 14:47 - 00000000 ____D C:\Users\da\AppData\LocalLow\Oracle
2016-04-05 14:28 - 2016-04-05 14:28 - 00000000 ____D C:\ProgramData\Trusteer
2016-04-04 22:29 - 2016-04-04 22:29 - 00000000 ____D C:\SecurityCheck
2016-04-04 22:27 - 2016-04-04 22:27 - 00491657 _____ (glax24 (safezone.cc)) C:\Users\da\Desktop\SecurityCheck.exe
2016-03-23 23:39 - 2016-03-23 23:39 - 00000000 ____D C:\Users\da\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-22 21:47 - 2016-04-05 21:01 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-03-22 21:47 - 2016-03-24 00:01 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2016-03-22 21:47 - 2016-03-24 00:01 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2016-03-22 21:36 - 2016-03-22 21:33 - 00327680 _____ (Realtek Semiconductor Corp.) C:\windows\RtsUvcUninst.exe
2016-03-22 21:36 - 2016-03-22 21:33 - 00078848 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\rtsuvc.sys
2016-03-19 22:53 - 2016-03-19 22:53 - 00001263 _____ C:\Users\da\Desktop\Revo Uninstaller.lnk
2016-03-19 22:53 - 2016-03-19 22:53 - 00000000 ____D C:\Users\da\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-03-19 22:52 - 2016-03-19 22:52 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\da\Downloads\revosetup.exe
2016-03-15 17:25 - 2016-02-09 10:50 - 00021504 _____ (Microsoft Corporation) C:\windows\system32\seclogon.dll
2016-03-15 17:25 - 2016-02-04 18:46 - 02387456 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-03-15 17:25 - 2016-02-03 18:59 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2016-03-15 17:24 - 2016-02-11 19:44 - 03994560 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2016-03-15 17:24 - 2016-02-11 19:44 - 03938240 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-03-15 17:24 - 2016-02-11 19:44 - 00138176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-03-15 17:24 - 2016-02-11 19:44 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-03-15 17:24 - 2016-02-11 19:41 - 01310232 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-03-15 17:24 - 2016-02-11 19:38 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-03-15 17:24 - 2016-02-11 19:38 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-03-15 17:24 - 2016-02-11 19:37 - 00654336 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-03-15 17:24 - 2016-02-11 19:37 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-03-15 17:24 - 2016-02-11 19:37 - 00251392 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-03-15 17:24 - 2016-02-11 19:37 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-03-15 17:24 - 2016-02-11 19:37 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-03-15 17:24 - 2016-02-11 19:37 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-03-15 17:24 - 2016-02-11 19:35 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-03-15 17:24 - 2016-02-11 19:35 - 00223232 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-03-15 17:24 - 2016-02-11 19:35 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-03-15 17:24 - 2016-02-11 19:34 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-03-15 17:24 - 2016-02-11 19:33 - 01060864 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-03-15 17:24 - 2016-02-11 19:33 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-03-15 17:24 - 2016-02-11 19:31 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-03-15 17:24 - 2016-02-11 19:31 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-03-15 17:24 - 2016-02-11 19:30 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-03-15 17:24 - 2016-02-11 19:30 - 00642560 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-03-15 17:24 - 2016-02-11 19:30 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-03-15 17:24 - 2016-02-11 18:43 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-03-15 17:24 - 2016-02-11 18:37 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-03-15 17:24 - 2016-02-11 18:32 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-03-15 17:24 - 2016-02-11 18:32 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-03-15 17:24 - 2016-02-11 18:32 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-03-15 17:24 - 2016-02-11 18:31 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-03-15 17:24 - 2016-02-11 18:30 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-03-15 17:24 - 2016-02-11 18:30 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-03-15 17:24 - 2016-02-11 18:30 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-03-15 17:24 - 2016-02-04 19:41 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2016-03-15 17:22 - 2016-02-12 19:07 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-03-15 17:21 - 2016-02-12 19:39 - 02956288 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-03-15 17:21 - 2016-02-12 19:39 - 00174080 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-03-15 17:21 - 2016-02-12 19:26 - 00073728 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-03-15 17:21 - 2016-02-12 19:06 - 00573440 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-03-15 17:21 - 2016-02-12 19:05 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-03-15 17:21 - 2016-02-12 19:05 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-03-15 17:21 - 2016-02-12 19:05 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-03-15 17:21 - 2016-02-12 19:05 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-03-15 17:21 - 2016-02-12 19:05 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-03-15 17:21 - 2016-02-12 19:05 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-03-15 17:21 - 2016-02-08 21:38 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-03-15 17:21 - 2016-02-08 21:28 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-03-15 17:21 - 2016-02-08 21:23 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-03-15 17:21 - 2016-02-08 21:16 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-03-15 17:21 - 2016-02-08 21:02 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-03-15 17:21 - 2016-02-03 19:49 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-03-15 17:21 - 2016-02-03 19:49 - 00090624 _____ (Microsoft Corporation) C:\windows\system32\olepro32.dll
2016-03-15 17:21 - 2016-02-03 19:43 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-03-15 17:20 - 2016-02-09 07:10 - 00341200 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-03-15 17:20 - 2016-02-08 22:05 - 20352512 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-03-15 17:20 - 2016-02-08 21:51 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-03-15 17:20 - 2016-02-08 21:51 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-03-15 17:20 - 2016-02-08 21:39 - 00496640 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-03-15 17:20 - 2016-02-08 21:39 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-03-15 17:20 - 2016-02-08 21:38 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-03-15 17:20 - 2016-02-08 21:37 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-03-15 17:20 - 2016-02-08 21:34 - 02280448 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-03-15 17:20 - 2016-02-08 21:32 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-03-15 17:20 - 2016-02-08 21:31 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-03-15 17:20 - 2016-02-08 21:30 - 00476160 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-03-15 17:20 - 2016-02-08 21:28 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-03-15 17:20 - 2016-02-08 21:28 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-03-15 17:20 - 2016-02-08 21:28 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-03-15 17:20 - 2016-02-08 21:20 - 00416256 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-03-15 17:20 - 2016-02-08 21:15 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-03-15 17:20 - 2016-02-08 21:13 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-03-15 17:20 - 2016-02-08 21:12 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-03-15 17:20 - 2016-02-08 21:11 - 00279040 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-03-15 17:20 - 2016-02-08 21:10 - 04611072 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-03-15 17:20 - 2016-02-08 21:10 - 00130048 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-03-15 17:20 - 2016-02-08 21:03 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-03-15 17:20 - 2016-02-08 21:02 - 13012480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-03-15 17:20 - 2016-02-08 21:02 - 00687104 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-03-15 17:20 - 2016-02-08 21:01 - 02050560 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-03-15 17:20 - 2016-02-08 21:01 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-03-15 17:20 - 2016-02-08 20:43 - 02121216 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-03-15 17:20 - 2016-02-08 20:39 - 01311744 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-03-15 17:20 - 2016-02-08 20:38 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-03-15 17:15 - 2016-02-19 15:07 - 01206784 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-03-15 17:14 - 2016-02-19 19:50 - 00034240 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-03-15 17:14 - 2016-02-19 19:41 - 00958464 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-03-15 17:14 - 2016-02-11 15:07 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-03-15 17:14 - 2016-02-09 10:51 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2016-03-15 17:14 - 2016-02-09 10:51 - 11411456 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-03-15 17:14 - 2016-02-09 10:13 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2016-03-15 17:14 - 2016-02-09 10:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2016-03-15 17:14 - 2016-02-09 10:13 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2016-03-15 17:14 - 2016-02-05 19:44 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-03-15 17:14 - 2016-02-05 19:44 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-03-15 17:14 - 2016-02-05 19:42 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-03-15 17:14 - 2016-02-05 18:43 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-03-15 17:14 - 2016-02-05 18:43 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-03-15 17:14 - 2016-02-05 15:07 - 00591872 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-03-15 17:14 - 2016-02-05 15:07 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-03-15 17:14 - 2016-02-05 15:07 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-05 21:09 - 2016-02-06 15:44 - 00000000 ____D C:\FRST
2016-04-05 21:03 - 2010-06-10 08:19 - 00785302 _____ C:\windows\system32\PerfStringBackup.INI
2016-04-05 21:03 - 2009-07-14 05:34 - 00025648 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-05 21:03 - 2009-07-14 05:34 - 00025648 _____ C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-05 21:03 - 2009-07-14 03:37 - 00000000 ____D C:\windows\inf
2016-04-05 21:01 - 2014-10-12 17:23 - 00000000 ____D C:\Users\da\Desktop\Old Firefox Data
2016-04-05 21:00 - 2016-02-09 10:18 - 00002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-05 20:55 - 2016-02-09 10:16 - 00000874 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-05 20:55 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-05 20:52 - 2010-11-07 21:12 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-04-05 20:47 - 2014-01-31 19:42 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-05 20:39 - 2016-02-09 10:16 - 00000878 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-05 20:38 - 2010-11-07 18:05 - 00000000 ____D C:\Users\da\AppData\Roaming\Skype
2016-04-05 20:36 - 2012-11-15 21:36 - 00000896 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA.job
2016-04-05 20:34 - 2015-06-22 11:31 - 00000906 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA.job
2016-04-05 20:34 - 2014-06-05 17:52 - 00000000 ____D C:\Users\da\AppData\Local\Skype
2016-04-05 20:34 - 2010-11-07 20:50 - 00000000 ___RD C:\Program Files\Skype
2016-04-05 20:34 - 2010-08-11 08:19 - 00000000 ____D C:\ProgramData\Skype
2016-04-05 15:09 - 2011-07-14 20:31 - 00000000 ____D C:\Program Files\Java
2016-04-05 14:51 - 2010-11-03 12:45 - 00000000 ____D C:\Users\da
2016-04-05 14:21 - 2015-12-24 15:45 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-04-04 20:49 - 2015-04-20 19:43 - 00000000 ___SD C:\windows\system32\GWX
2016-04-04 20:37 - 2015-08-24 11:01 - 00000308 _____ C:\windows\Tasks\HPCeeScheduleForda.job
2016-03-25 21:27 - 2009-07-14 03:37 - 00000000 ____D C:\windows\system32\NDF
2016-03-25 21:16 - 2014-07-19 21:03 - 00000000 ____D C:\ProgramData\Mediatek
2016-03-23 23:40 - 2010-11-15 13:40 - 00000000 ____D C:\Users\da\AppData\Roaming\Dropbox
2016-03-22 21:46 - 2014-08-29 10:58 - 00000000 ____D C:\Users\da\AppData\Local\Adobe
2016-03-22 21:40 - 2016-02-24 21:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-22 21:40 - 2016-02-24 21:38 - 00002058 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-03-22 21:36 - 2010-06-10 08:59 - 00000000 ____D C:\Program Files\Realtek
2016-03-22 21:33 - 2010-04-26 17:16 - 00000000 ____D C:\swsetup
2016-03-22 21:33 - 2010-02-23 19:45 - 00000000 ___HD C:\SYSTEM.SAV
2016-03-22 21:32 - 2010-06-10 08:59 - 00013884 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RTNICVer.dll
2016-03-21 23:35 - 2012-05-02 22:32 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-03-21 21:24 - 2015-06-22 11:30 - 00000854 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core.job
2016-03-21 01:36 - 2012-11-15 21:36 - 00000844 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core.job
2016-03-20 22:37 - 2011-07-26 16:36 - 00000340 _____ C:\windows\Tasks\HPCeeScheduleForDAWNGREENAWAY$.job
2016-03-20 21:23 - 2014-10-16 19:38 - 00000000 ____D C:\Users\da\AppData\Local\Garmin
2016-03-20 21:11 - 2014-10-16 19:34 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-20 21:10 - 2011-04-07 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-03-20 21:10 - 2010-11-16 16:55 - 00000000 ____D C:\Program Files\Garmin
2016-03-19 22:53 - 2015-07-24 22:31 - 00000000 ____D C:\Program Files\VS Revo Group
2016-03-18 12:00 - 2016-02-15 13:20 - 00000000 ____D C:\Users\da\Documents\My PageManager
2016-03-16 02:09 - 2009-07-14 03:37 - 00000000 ____D C:\windows\rescache
2016-03-16 02:08 - 2010-11-05 21:34 - 00000000 ____D C:\Users\da\AppData\Local\ElevatedDiagnostics
2016-03-15 23:13 - 2009-07-14 03:37 - 00000000 ____D C:\windows\PolicyDefinitions
2016-03-15 22:38 - 2009-07-14 05:33 - 00459000 _____ C:\windows\system32\FNTCACHE.DAT
2016-03-15 22:35 - 2014-12-12 13:34 - 00000000 ____D C:\windows\system32\appraiser
2016-03-15 18:08 - 2013-07-15 15:43 - 00000000 ____D C:\windows\system32\MRT
2016-03-15 17:57 - 2010-11-11 18:32 - 141270216 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-03-15 17:07 - 2013-12-02 22:46 - 00000000 ____D C:\Users\da\AppData\Roaming\.oit
2016-03-14 21:23 - 2013-09-25 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-03-08 23:12 - 2010-11-12 17:46 - 00000000 ____D C:\windows\ERDNT
2016-03-08 13:51 - 2015-11-17 19:47 - 00000000 ____D C:\Users\da\Documents\Funeral Work
2016-03-08 13:51 - 2010-12-06 17:51 - 00000000 ____D C:\Users\da\Documents\Dee Gees Nails
2016-03-08 13:42 - 2016-02-08 23:16 - 00000000 ____D C:\Users\da\Desktop\FRST-OlderVersion
2016-03-08 13:42 - 2016-02-06 15:42 - 01725440 _____ (Farbar) C:\Users\da\Desktop\FRST.exe
2016-03-07 14:51 - 2010-11-03 12:46 - 00126336 _____ C:\Users\da\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2013-01-12 17:40 - 2013-01-12 18:20 - 0025629 _____ () C:\Users\da\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-01-14 18:27 - 2014-01-06 21:02 - 0025593 _____ () C:\Users\da\AppData\Roaming\Comma Separated Values (Windows).ADR
2011-03-08 13:00 - 2011-06-22 12:53 - 0001849 _____ () C:\Users\da\AppData\Roaming\GhostObjGAFix.xml
2011-03-28 16:03 - 2012-02-03 15:45 - 0022784 _____ () C:\Users\da\AppData\Roaming\Microsoft Excel 97-2003.ADR
2010-11-20 16:14 - 2010-11-20 16:15 - 0033280 ___SH () C:\Users\da\AppData\Roaming\Thumbs.db
2012-05-17 17:03 - 2012-11-22 17:29 - 0007106 _____ () C:\Users\da\AppData\Roaming\unins003.dat
2010-11-17 20:50 - 2010-11-17 20:51 - 0027623 _____ () C:\Users\da\AppData\Roaming\UserTile.png
2014-01-08 22:01 - 2014-01-08 22:01 - 0000059 _____ () C:\Users\da\AppData\Roaming\WB.CFG
2011-01-30 11:33 - 2012-05-12 20:59 - 0009728 _____ () C:\Users\da\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-15 13:14 - 2015-11-12 23:27 - 0007603 _____ () C:\Users\da\AppData\Local\Resmon.ResmonCfg
2012-07-20 14:32 - 2012-07-20 14:33 - 0258348 _____ () C:\Users\da\AppData\Local\rx_image32.Cache
2015-12-14 00:57 - 2015-12-14 00:57 - 0980170 _____ () C:\Users\da\AppData\Local\WAV-to-MP3-Converter_1533.rar
2010-11-07 20:52 - 2010-11-07 20:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-06-10 08:57 - 2015-07-22 21:50 - 0000426 _____ () C:\ProgramData\HPWALog.txt
2015-07-22 22:16 - 2015-07-22 22:16 - 0001664 _____ () C:\ProgramData\tempimage.bmp

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-21 00:23

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by da (2016-04-05 21:11:14)
Running from C:\Users\da\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2010-11-03 11:44:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3932258823-1374462109-926273279-500 - Administrator - Disabled)
da (S-1-5-21-3932258823-1374462109-926273279-1001 - Administrator - Enabled) => C:\Users\da
Guest (S-1-5-21-3932258823-1374462109-926273279-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3932258823-1374462109-926273279-1007 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{1C2A409B-3D00-4EE7-B13C-3C70AB8704B0}) (Version: 1.3.23 - Samsung)
Amazon Kindle (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{0BD03BF6-3A66-EC7F-5155-28A8D6C69409}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Cashbook (HKLM\...\{ACF23689-C863-47CF-90BD-1082B60B0F19}) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Coolroom (HKLM\...\{734C8402-3F5D-495D-A463-3176B46775E9}) (Version: 1.0.0 - Ether Digital)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DemoForge Mirage Driver for TightVNC 2.0 (HKLM\...\DemoForge Mirage Driver for TightVNC_is1) (Version: 2.0 - DemoForge LLC)
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Drive Manager (HKLM\...\InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}) (Version: 1.00.0012 - Seagate Technology)
Drive Manager (Version: 1.00.0012 - Seagate Technology) Hidden
Dropbox (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Elevated Installer (Version: 4.1.17.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Connect Guide (HKLM\...\Epson Connect Guide) (Version:  - )
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM\...\{E402F650-650F-45C0-8F7A-00678D6AA0F6}) (Version: 2.6.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM\...\{5662F323-3D9C-4100-B60C-BC71B47DD0A1}) (Version: 3.10.0041 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.60.00 - SEIKO EPSON CORPORATION)
EPSON Manuals (HKLM\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.40.0.0 - SEIKO EPSON CORPORATION)
Epson Network Guide WF-3520 Series (HKLM\...\WF-3520 Series Netg) (Version:  - )
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Remote Print Uninstall (HKLM\...\EPSON Remote Print) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.00.0000 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
EPSON Universal Print Driver Printer Uninstall (HKLM\...\EPSON Universal Print Driver) (Version:  - SEIKO EPSON Corporation)
Epson User's Guide WF-3520 Series (HKLM\...\WF-3520 Series Useg) (Version:  - )
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
EPSON WF-7610 Series Printer Uninstall (HKLM\...\EPSON WF-7610 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
FUJIFILM MyFinePix Studio 2.0 (HKLM\...\FinePix Genie_is1) (Version:  - )
Garmin City Navigator Europe NTU 2015.30 (HKLM\...\{63F1BF21-7435-4055-AA71-7ED2B7948C8C}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{28c6c909-1890-443b-9960-0e8a535c2c69}) (Version: 4.1.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.1.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.1.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin POI Loader (HKLM\...\{3213ED5E-7BBE-4613-BE69-8B1E4FE520DD}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{D17111CB-C992-42A9-9D56-C19395102AAA}) (Version: 2.4.2 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Drive (HKLM\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 5.2.0.952 (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\GoToMeeting) (Version: 5.2.0.952 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.2.3 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM\...\{206E1EEB-027A-4FC0-B4ED-6E48203BD49A}) (Version: 1.1.1.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{9161546B-336A-4E3D-B049-F25A400558C6}) (Version: 3.5.14.1 - Hewlett-Packard Company)
HP Setup (HKLM\...\{1E6219D4-027E-47EE-AB83-DD2F26E31A32}) (Version: 1.2.3557.3169 - Hewlett-Packard)
HP SoftPaq Download Manager (HKLM\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM\...\{223E2363-6643-49CB-A062-59A9858EE8EE}) (Version: 3.5.17.1 - Hewlett-Packard Company)
HP Software Setup (HKLM\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.6 - Hewlett-Packard Company)
HP Support Assistant (HKLM\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.2.8.17 - Hewlett-Packard Company)
HP User Guides 0190 (HKLM\...\{5B0D9F1A-425E-46C4-B06D-2C0736C1E804}) (Version: 1.00.0000 - Hewlett-Packard)
HP Webcam (HKLM\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.17.13 - Roxio)
HP Webcam Driver (HKLM\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0049 - Realtek Semiconductor Corp.)
HP Wireless Assistant (HKLM\...\{1061DF04-CF33-40B0-8360-D07C9BBEB122}) (Version: 3.50.10.1 - Hewlett-Packard)
iCloud (HKLM\...\{C3867553-D9F8-416E-8F14-EFF234A48577}) (Version: 5.1.0.34 - Apple Inc.)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6268.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2057 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet TV for Windows Media Center (HKLM\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{3079C5C8-325A-4354-A733-456BACA1E5FB}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 77 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LightScribe Diagnostic Utility (HKLM\...\{05F8CCEB-1EDD-4996-A0E0-FF6EDB1E75EA}) (Version: 1.18.23.1 - LightScribe)
LightScribe System Software (HKLM\...\{10427BCB-0742-43BE-81E2-3920972946F5}) (Version: 1.18.23.1 - LightScribe)
LightScribe Template Labeler (HKLM\...\{2765F726-849C-47B2-A82C-B257DFC0E01C}) (Version: 1.18.22.2 - LightScribe)
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mediatek RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.38.0 - MediatekWiFi)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office FrontPage 2003 (HKLM\...\{90170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Small Business 2007 (HKLM\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 25.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 25.0.1 (x86 en-GB)) (Version: 25.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\MusicManager) (Version:  - Google, Inc.)
MyEpson Portal (HKLM\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MyEpson Portal (Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
Naviextras Toolbox (HKLM\...\Naviextras Toolbox) (Version: 3.18.0.330918 - NNG Llc.)
Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Nuance PaperPort 12 (HKLM\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.116 - PDF Complete, Inc)
Presto! PageManager 9.03 SE (HKLM\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.03.06 - Newsoft Technology Corporation)
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RAF (HKLM\...\{E6B43401-E818-4961-AFED-118DD8E87642}) (Version: 1.00.0001 - FUJIFILM Corporation)
Rapport (HKLM\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1507.113 - Trusteer)
RealDownloader (Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
REALTEK Wireless LAN Software (HKLM\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0104 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Creator Business (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.0.12094_28 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.15041.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Link 1.8.0.1403131552 (HKLM\...\8474-7877-9059-0204) (Version: 1.8.0.1403131552 - Copyright 2013 SAMSUNG)
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan2PC (HKLM\...\{E59F8AF2-78D4-4355-B0EF-58C466C1242C}) (Version: 1.3.0.21 - Q)
ScanSoft OmniPage SE 4 (HKLM\...\{66B4C110-8BEB-49B5-824E-C70AEEB20ECD}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Scansoft PDF Professional (Version:  - ) Hidden
Skype™ 7.22 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.108 - Skype Technologies S.A.)
SkyPlayer for Windows Media Center (HKLM\...\{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}) (Version: 4.4.2.0 - Microsoft Corporation)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UpdateService (Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (Version: 1.0.0 - RealNetworks) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
VPresent (HKLM\...\{72478BBA-D832-4E6B-93A0-E89431E7A8BB}) (Version: 2.2.20.0 - VPresent)
WAV MP3 Converter v4.3 build 1287 (HKLM\...\{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1) (Version:  - Hoo Technologies)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3400 - Broadcom Corporation)
Windows 7 Default Setting (HKLM\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.6 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (12/16/2009 6.2.0.9414) (HKLM\...\0973B297E079B467E3776E59F763D63FD557795B) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)
XHeader (HKLM\...\XHeader) (Version: 1.205 - Intellimon)
XHeader Bonus Download (HKLM\...\XHeader Bonus Download) (Version: 1.215 - Intellimon)
XSitePro2 (HKLM\...\XSitePro2) (Version: 2.149 - Intellimon Ltd)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\952\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\da\AppData\Local\Google\Update\1.3.29.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\da\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3932258823-1374462109-926273279-1001_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\da\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {004507FF-1CDF-4841-BF6A-416B36F1D8A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {0F4D914B-D23A-4698-9D86-8ACB7897DC18} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {1D155B23-AA5A-4708-9AC8-6F70453E36D6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {1E45B63A-E57B-4325-926B-F0EC0C4595BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {201099AB-76BD-4D1D-9760-513BFCE3018E} - System32\Tasks\{E092E56F-395B-4834-BD8C-022B3A0CB4C7} => C:\Users\da\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-07-21] (Amazon.com)
Task: {215EDD27-4061-4692-85EB-BA9400CB7E97} - System32\Tasks\{D6654F95-01F1-4535-A7B0-0B5D854A4744} => C:\Users\da\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-07-21] (Amazon.com)
Task: {2A3DBE0A-CCE6-4B31-888B-376FD16A0D93} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {2F1660A0-1A6A-4C32-911B-49CDB141E730} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA => C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {3E383FA3-0751-435B-A033-768AE7B4518C} - System32\Tasks\{9971F867-1FB6-4487-9934-640788B097E5} => C:\Program Files\WIDCOMM\Bluetooth Software\AdminUtils.exe [2012-10-17] (Broadcom Corporation.)
Task: {416D0FFB-B073-4751-8D70-CE5FC65411B8} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-02-16] ()
Task: {4540BA04-7903-43AC-BEB5-564A2C911F00} - System32\Tasks\{EB61F18D-E9FC-492A-BD73-A7A0B7853034} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-10-17] (Broadcom Corporation.)
Task: {512E6DEB-CB5D-4CAE-A4BC-4318839733A2} - System32\Tasks\{7009BCAC-1A27-42E3-86C4-65A0C2B39D76} => pcalua.exe -a C:\Users\da\Documents\Downloads\mx850sosmwin110encm.exe -d C:\Users\da\Documents\Downloads
Task: {5269F030-F140-4AB5-B008-E287DE58068C} - System32\Tasks\HPCeeScheduleForDAWNGREENAWAY$ => c:\program files\hewlett-packard\hp ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {53790E83-EE53-42F8-BCAC-6848B107DF0F} - System32\Tasks\{F59679D7-FC51-4653-8FEC-61D0BEF9341A} => pcalua.exe -a "C:\Users\da\Downloads\Driver Support\Driver Support\sp55212.exe" -d C:\windows\system32
Task: {53A30C8F-5015-4623-9556-D61E4C48F136} - System32\Tasks\{4BE21352-3767-4BAE-9682-EEA5DECECC26} => pcalua.exe -a C:\Users\da\Downloads\gm5p_setup.exe -d "C:\Program Files\Mozilla Firefox"
Task: {563BBA89-3EAB-44C9-BB33-BE2A91E979F7} - System32\Tasks\{5726758E-0E12-4B00-A9C1-EC425E3E67E9} => pcalua.exe -a C:\Users\da\Downloads\mx850sndwin250a_ntwin250aen.exe -d C:\windows\system32
Task: {58F0462E-60D8-47C6-9129-0897ACCB790A} - System32\Tasks\{34B0F794-6A48-468E-AAE5-865BD937F693} => C:\Program Files\WIDCOMM\Bluetooth Software\AdminUtils.exe [2012-10-17] (Broadcom Corporation.)
Task: {59DCAD36-AE95-48FC-8E12-36A8DF107D5D} - System32\Tasks\{1F4A81E3-C3E1-4D1E-BB3C-332F4F7742DF} => pcalua.exe -a C:\Users\da\Downloads\gm5b_setup(1).exe -d "C:\Program Files\Mozilla Firefox"
Task: {59E11070-5D93-4431-B450-FBEA77875978} - System32\Tasks\{CA656C04-5BF8-410E-872D-7817A33A4A9F} => C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe [2012-10-17] (Broadcom Corporation.)
Task: {5DF04747-A52A-4989-930A-A6C810E4DFFF} - System32\Tasks\HPCeeScheduleForda => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {5F1E2E3C-7A47-412D-8A4F-E61ACEA87DD1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {6845CE20-E427-49D8-9A5D-85B5F0ECCDAD} - System32\Tasks\{F60E4F7A-3FED-4AD3-8AE6-385BCE906DB9} => pcalua.exe -a C:\Users\da\Downloads\gm5b_setup(2).exe -d "C:\Program Files\Mozilla Firefox"
Task: {6BAAB1C4-16D4-4C17-9816-EBD8A0A5361D} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {79232A21-173A-4382-BB1C-1C9840C730EB} - System32\Tasks\RealDownloader Update Check => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {7AAB1461-CDE4-42F8-BAFF-DEF8F3426EBE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-24] (Adobe Systems Incorporated)
Task: {7B367C6E-E9C3-4D5A-B441-D023DE5A5B75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
Task: {7F071820-0A1F-4FB5-893E-D793DD59306B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {85F59070-DF3B-4E8D-A45A-DBCE4F9FA3CE} - System32\Tasks\{3FDFF92D-A9E8-4F2E-941F-71435EA4F174} => pcalua.exe -a C:\Users\da\Downloads\gm5p_setup(1).exe -d C:\Users\da\Documents
Task: {873A4D05-EA53-4E69-8997-7368778570E1} - System32\Tasks\{84D08FB8-D0B2-4078-BB1F-F67201567C63} => pcalua.exe -a C:\Users\da\Documents\Downloads\sp64082.exe -d C:\Users\da\Documents\Downloads
Task: {8A35A498-D71B-41E6-A24C-F0F57F0633A0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core => C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {9AD90831-66E9-434A-9559-D587D586FAF5} - System32\Tasks\{AEA9E9C1-C1CF-4DCE-96CD-CA813A46C0F1} => pcalua.exe -a "C:\Users\da\Downloads\Driver Support\Driver Support\sp52183.exe" -d C:\windows\system32
Task: {9D7CE0C7-ED02-4D61-94B2-23EEFD8BC355} - System32\Tasks\{615FAF27-C7EB-462C-86C2-148115F378DF} => pcalua.exe -a C:\Users\da\Downloads\sp54620(3).exe -d C:\Users\da\Downloads
Task: {9DF82888-5EC2-4E3F-A4F9-24C883C5C4D6} - System32\Tasks\{1421478B-3720-459C-A7E4-BF916691451C} => C:\Users\da\AppData\Local\Amazon\Kindle\application\Kindle.exe [2015-07-21] (Amazon.com)
Task: {9ED0B1BD-3CA8-42D3-8ED0-92DB646D3888} - System32\Tasks\{0C410A45-3F33-439F-9975-B5068AD71D39} => pcalua.exe -a C:\Users\da\Downloads\aomwin200ea24(2).exe -d C:\windows\system32
Task: {A13AFD25-3608-4701-AC47-5644511BC98D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2014-10-26] (RealNetworks, Inc.)
Task: {A72C4338-CF0F-482B-BD07-DECF529E7C1F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {B4227801-F9B1-4AEC-8912-842332F7F5EF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA => C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {B554A222-49CA-402F-AEC6-2348DDB181AF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {B59AA59D-DFA8-4C59-B76A-D4E6E442DED7} - System32\Tasks\{0F598EE6-A424-4CE6-9EF6-A65D68DEDC09} => pcalua.exe -a "C:\Users\da\Downloads\Driver Support\Driver Support\sp54982.exe" -d C:\windows\system32
Task: {B621ABD7-1AE6-4C49-94B4-187FAC2A5EA9} - System32\Tasks\{A550B53A-5339-4364-9954-C8A9D91FD65C} => pcalua.exe -a "C:\Users\da\Downloads\Driver Support\Driver Support\sp50180.exe" -d C:\windows\system32
Task: {BBE8C31A-E386-42DB-A55D-A07AB15A3747} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {BE96B368-0730-4A2B-BE3E-A138B4888852} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)
Task: {C629AB7B-A7EB-4D92-AC0C-D2C48FFCDB31} - System32\Tasks\{8319F902-19E7-4E3B-BC86-F617AB63A60E} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-10-17] (Broadcom Corporation.)
Task: {C6987233-1F5B-4ED0-9A20-F2D1A68ED4B1} - System32\Tasks\{8EEA20BD-0453-4013-AF29-E1F027F7222F} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-10-17] (Broadcom Corporation.)
Task: {C9601CC5-7735-468C-B860-4F286AF83624} - System32\Tasks\CCleaner => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {CE286AE4-9C5C-4C65-9881-79C0E82FFE9F} - System32\Tasks\{2BDA8AEB-C4C5-405E-9D78-3C7A9D3C2F71} => C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-10-17] (Broadcom Corporation.)
Task: {D23DE358-03D5-41EB-82A5-493CD1E8DB2A} - System32\Tasks\{8EB4FDDC-3DD7-4A74-9D6D-47A92B40EC46} => pcalua.exe -a C:\Users\da\Downloads\mx850swin101ea24.exe -d "C:\Program Files\Mozilla Firefox"
Task: {D24C8C35-ABE1-458A-AF8F-67EF6025599E} - System32\Tasks\{A3D83E62-E1E0-40A6-9F9E-C407A1C3E652} => pcalua.exe -a G:\SETUP.EXE -d G:\
Task: {D86D295C-C96F-445C-8FFD-0816FDF9411B} - System32\Tasks\{26D0E011-638C-47F1-A146-FC24BDDCBFA7} => pcalua.exe -a C:\Users\da\Downloads\PM90310ML.exe -d C:\Users\da\Downloads
Task: {DAE2F664-3E38-40ED-85CF-8C0FE23CFC4E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-09] (Google Inc.)
Task: {DBBD5577-570B-4B39-BA55-8325FA731752} - System32\Tasks\{ACCE6506-EA6A-4726-9228-68FE7A1F35A8} => pcalua.exe -a C:\Users\da\Documents\Downloads\sp47022.exe -d C:\Users\da\Documents\Downloads
Task: {DEE0E42F-CC3D-41A3-A272-2D6EC0B2DA62} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core => C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {DF1F9333-B5F8-48A4-A5A6-B95D160E5D71} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3932258823-1374462109-926273279-1001 => C:\Program Files\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {E0AC77B5-2592-4069-9548-5C6FCC7270D3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-03-11] (Hewlett-Packard)
Task: {E93F1ED2-9165-4D89-9C95-75497995213C} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {EE884B8D-A8CB-47DA-BB98-5D638365C448} - System32\Tasks\{4E9E56B3-4C15-4F41-A050-4443CF04C01E} => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core.job => C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA.job => C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001Core.job => C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3932258823-1374462109-926273279-1001UA.job => C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForda.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\windows\Tasks\HPCeeScheduleForDAWNGREENAWAY$.job => c:\program files\hewlett-packard\hp ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01040656 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3932258823-1374462109-926273279-1001\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2016-04-04 22:24 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3932258823-1374462109-926273279-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\da\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: AllShare Framework DMS => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Basics Service => 2
MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: BcmBtRSupport => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: CoolroomDownloadManagerService => 2
MSCONFIG\Services: EpsonScanSvc => 2
MSCONFIG\Services: FsUsbExService => 2
MSCONFIG\Services: Garmin Device Interaction Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPDrvMntSvc.exe => 2
MSCONFIG\Services: hpHotkeyMonitor => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MyEpson Portal Service => 2
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: PDFProFiltSrvPP => 2
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RaMediaServer => 3
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayer Cloud Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: RoxMediaDB10 => 3
MSCONFIG\Services: Samsung Link Service => 2
MSCONFIG\Services: Scan2PC => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: TeamViewer5 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Mediatek Wireless Utility.lnk => C:\windows\pss\Mediatek Wireless Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^da^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: basicsmssmenu => "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Dropbox Update => "C:\Users\da\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: EEventManager => "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\da\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "c:\program files\itunes\ituneshelper.exe"
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: MusicManager => "C:\Users\da\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
MSCONFIG\startupreg: PMSpeed => C:\Program Files\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE
MSCONFIG\startupreg: QLBController => C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
MSCONFIG\startupreg: QuickTime Task => "c:\program files\quicktime\qttask.exe" -atboottime
MSCONFIG\startupreg: RealDownloader => C:\Program Files\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: Samsung Link => "C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe"
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: WirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
MSCONFIG\startupreg: WrtMon.exe => C:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{40DF8AF2-E131-46DE-96AC-C7D5ABAFE3AC}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{AFF4D16E-6946-4CC5-A7C5-5DC8601EDBDB}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1B7D5070-DFDD-4765-8B7F-F667F56F54D1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

16-03-2016 13:00:21 Windows Update
19-03-2016 22:57:49 Revo Uninstaller's restore point - Trusteer Endpoint Protection
19-03-2016 22:59:28 Removed Rapport
20-03-2016 20:49:44 Windows Update
20-03-2016 21:02:10 Garmin Express
20-03-2016 21:08:52 Garmin Express
22-03-2016 21:26:32 HPSF Applying updates
22-03-2016 21:28:56 Installed HP Webcam Driver
22-03-2016 21:32:33 HPSF Applying updates
22-03-2016 21:32:53 Installed Realtek Ethernet Controller All-In-One Windows Driver
22-03-2016 21:35:11 Installed HP Webcam Driver
04-04-2016 20:45:36 Removed Rapport
04-04-2016 20:46:31 Removed Rapport
04-04-2016 20:47:01 Removed Rapport
04-04-2016 20:47:34 Removed Rapport
04-04-2016 20:48:57 Windows Update
04-04-2016 22:23:46 Restore Point Created by FRST
05-04-2016 14:20:44 Removed Java™ 6 Update 37
05-04-2016 14:26:58 Removed PC Connectivity Solution
05-04-2016 14:27:51 Removed Rapport
05-04-2016 15:01:10 Removed Java 8 Update 77

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2016 10:23:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e4e3dedc-464e-4888-b5b0-870041ba7d2d}

Error: (03/19/2016 10:57:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ba2e68e6-a86f-45b0-81c6-0438d4771885}

Error: (03/15/2016 10:47:32 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {dbefab29-4654-49f5-8413-4912e07187bf}

Error: (03/14/2016 08:40:15 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (03/14/2016 08:39:59 PM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (03/14/2016 08:39:01 PM) (Source: MsiInstaller) (EventID: 1023) (User: DAWNGREENAWAY)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5C00}' could not be installed. Error code 1625. Additional information is available in the log file C:\Users\da\AppData\Local\Temp\MSIa42f8.LOG.

Error: (03/10/2016 11:15:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OUTLOOK.EXE version 12.0.6691.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9a8

Start Time: 01d17b190471bb35

Termination Time: 0

Application Path: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

Report Id:

Error: (03/10/2016 11:05:10 PM) (Source: HPSupportSolutionsFrameworkService) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (03/08/2016 01:08:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {d862e1dd-651a-4772-b88a-f711c22553da}

Error: (02/26/2016 10:42:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3cac672d-d044-48bc-8874-a9981f33431c}


System errors:
=============
Error: (04/05/2016 08:54:15 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.217.576.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/04/2016 08:51:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RapportHades

Error: (04/04/2016 08:48:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C}

Error: (04/04/2016 08:20:53 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.215.2718.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/04/2016 08:20:53 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.215.2718.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (04/04/2016 08:20:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RapportHades

Error: (03/31/2016 04:53:15 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 115.44.0.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (03/31/2016 04:53:15 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.215.2718.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (03/31/2016 04:53:15 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.215.2718.0

    Update Source: %NT AUTHORITY51

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\NETWORK SERVICE

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (03/31/2016 04:53:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.215.2718.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6570 @ 2.10GHz
Percentage of memory in use: 33%
Total physical RAM: 3000.27 MB
Available physical RAM: 1990.56 MB
Total Virtual: 5998.85 MB
Available Virtual: 4937.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.79 GB) (Free:61.54 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: DE5AC82A)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End of Addition.txt ============================


  • 0

#73
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi pumpkinace

Sorry my mistake - I gave you the Java link for the 64 bit system. The correct link is here.

Although Rapport still appears in the list of installed programs it is not running so that's good news.

One last FRST fix I think.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
CHR Extension: (Rapport) - C:\Users\da\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-04-05]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Your logs are looking good. How is your machine runnning in general? In a state you are happy with?

  • 0

#74
pumpkinace

pumpkinace

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts

Hi Bruce1270

Thats ok, that new link doesn't work either.  I thought it was the incorrect one the first time don't worry.  FF is still slow in opening up initially and from links within messages but other than that appears to be ok although I haven't used my computer much over the past week.  Also outlook is still not opening the new messages in the front, the new message is hidden behind the main window but other than that the rest of it is working good.  If this is the last of the fixes, do I need to uninstall the programmes that you have asked me to install over the weeks eg NTREGOPT etc?  Also I was asked if I wanted to upgrade to windows 10 and have until July I think.  In your opinion is it worth it and will my computer be able to cope.  I didn't do it beforehand as I knew I had problems but now its clean should I go ahead and upgrade.  Many thanks for all your help and patience.  I hope this was a good topic for you to learn from and I shall be forever in your debt. Best wishes for the future and kind regards  Dawn

 

Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016 01
Ran by da (2016-04-06 19:40:21) Run:16
Running from C:\Users\da\Desktop
Loaded Profiles: da (Available Profiles: da)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CHR Extension: (Rapport) - C:\Users\da\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-04-05]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
EmptyTemp:
*****************

Restore point was successfully created.
C:\Users\da\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof => moved successfully
pccsmcfd => service removed successfully.
EmptyTemp: => 540.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:41:19 ====


  • 0

#75
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi pumpkinace

Ok, if things are good we'll leave there. :)

Windows10

I would say unless you have any critical apps that may not run on windows 10 then go for it. It's been about a wee while now and is looking a more stable product - I have it installed on my laptop and runs fine. Your machine should be fine to upgrade - if there are any hardware/software compatibility issues windows will let you know as part of the upgrade process.

One thing I might suggest is consider a memory upgrade - Modern systems require a fair amount - your machine is a 32 bit so can support 4GB. I think your type of RAM is a 204 pin SODIMM - here is a link with some info but consult your manual and shop around!
Even if you don't upgrade you should see a performance improvement for a relative cheap price.


OK now the good bit...


Good News! - Your system now appears to be clean. :)
Now for some clean up and "housekeeping" procedures.


A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
  • Download Delfix from here
  • Locate the file and right click on it. Click on Run as Administrator.
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Create registry backup
  • Purge system restore
  • Reset system settings

    delfix.jpg
  • Click Run

    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

    Staying Updated

    Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
    1. Click the Start Orb in the lower left corner of the screen.
    2. Type Windows Update in the search box that appears
    3. Click on the Windows Update program that appears in the search results.
    Windows%20Update.JPG
    4. Click on Change Settings.
    CheckForUpdates.JPG
    5. Select "Install updates automatically (recommended)" from the Important updates drop-down.
    WUChangeSettings.JPG
    6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
    7. Ensure that all of the other check boxes are checked.
    8. Click OK.

    Malwarebytes - Update and run weekly to keep your system clean.

    Extra Protection


    Crypto Warning!!!! - Complete Data Loss can occur!

    There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here
  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • If installing for the first time you will get asked if you want to whitelist items in known blocked locations. Say No to this.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.

    That's it. The protection is in place.

    Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
    UpdatesV7.4.11.JPG


    Unchecky


    Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
  • Download Unchecky to your desktop
  • Right click on the Unchecky_setup and choose to Run as Administrator
  • Once open click the Install button.
  • Then click on Finish
  • Unchecky is now installed and will help you keep unwanted check boxes unchecked


    Some useful tips and reading
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem.
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.


    To learn more about how to protect yourself while on the internet read this little guide Best security practices.

    Go here for some good advice about how to prevent infection.

    Happy safe surfing!! :)

    It's been a bit of a journey but hopefully well worth it. Thanks for sticking with the topic. My old grey matter has certainly been stretched at times! :laughing:

    It's been fun working with you. :)

    Don't forget to post the Delfix log!

  • 0






Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP