Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ransom Ware Virus

ransom randson ware virus malware virus

  • Please log in to reply

#1
brander38

brander38

    Member

  • Member
  • PipPip
  • 24 posts

FBI Ransom ransom warning appeared while I was scanning the net on IE 11. I found a .vvv file in my temp folder, which I deleted. I need Geek to Go help in verifying that the virus was remove from my system

 

Also, my system has been running really slow over the past weeks. Please check my system for other virus and malware. I tried to use my system restore to set my system to s previous date, but it did not work (restore wasn't completed - current system setting were not changed).

 

Please disregard my previous post. I will try to delete it (one with .txt files attached vx. copy and paste)

 

Thanks,

Billy

--------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Billy (administrator) on BILLY-HP (13-02-2016 16:50:19)
Running from C:\Users\Billy\Desktop
Loaded Profiles: Billy &  (Available Profiles: Billy & Nyjah & Alyana & Kaliyah & Aiden & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Billy\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard Co.) C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Logitech, Inc.) C:\Users\Billy\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe
(Logitech, Inc.) C:\Users\Billy\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Get-a-Clip\mflstart.exe
() C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Farbar) C:\Users\Billy\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-05-20] (PDF Complete Inc)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-10-12] (QFX Software Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mflstart] => C:\Program Files (x86)\Get-a-Clip\mflstart.exe [116208 2016-02-13] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\Run: [Amazon Music] => C:\Users\Billy\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-10-08] ()
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1454864 2016-02-13] (Lavasoft)
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-07-03] ()
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\MountPoints2: {5071cc92-817f-11e2-b3d6-386077b91a89} - K:\DTSP_Launcher.exe
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\MountPoints2: {c630294c-e4e3-11e3-ae79-386077b91a89} - K:\DTSP_Launcher.exe
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\Billy\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-10-08] ()
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\hp\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1454864 2016-02-13] (Lavasoft)
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-07-03] ()
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5071cc92-817f-11e2-b3d6-386077b91a89} - K:\DTSP_Launcher.exe
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c630294c-e4e3-11e3-ae79-386077b91a89} - K:\DTSP_Launcher.exe
HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5071cc92-817f-11e2-b3d6-386077b91a89} - K:\DTSP_Launcher.exe
HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SmileboxTray] => C:\Users\Alyana\AppData\Roaming\Smilebox\SmileboxTray.exe [317736 2013-10-08] (Smilebox, Inc.)
HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5071cc92-817f-11e2-b3d6-386077b91a89} - K:\DTSP_Launcher.exe
HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-29] (Google Inc.)
HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Kaliyah\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-31] (Google Inc.)
HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5071cc92-817f-11e2-b3d6-386077b91a89} - K:\DTSP_Launcher.exe
HKU\S-1-5-21-2929616351-1660927109-1562995560-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
HKU\S-1-5-21-2929616351-1660927109-1562995560-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2929616351-1660927109-1562995560-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2929616351-1660927109-1562995560-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {c630294c-e4e3-11e3-ae79-386077b91a89} - K:\DTSP_Launcher.exe
HKU\S-1-5-21-2929616351-1660927109-1562995560-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Norton VRQTool] => C:\Program Files (x86)\VRQ\Engine\5.0.11.9\VRQTool.exe /autostart
HKU\S-1-5-21-2929616351-1660927109-1562995560-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [*NPE] => C:\Users\Administrator\Downloads\NPE.exe [2957840 2013-01-23] (Symantec Corporation)
HKU\S-1-5-21-2929616351-1660927109-1562995560-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2929616351-1660927109-1562995560-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs-x32: mfllib.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-19] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk [2013-08-17]
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Billy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2016-02-13]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Billy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-07-14]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1007\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1003\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-02-13] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-02-13] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-02-13] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-02-13] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2016-02-13] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-02-13] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-02-13] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-02-13] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-02-13] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2016-02-13] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6A1CA1E5-1528-4090-8F64-C3AFE0526775}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D021316-A21066F3E7D&form=CONMHP&conlogo=CT3334510
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COSP&ptag=D021316-A21066F3E7D&form=CONMHP&conlogo=CT3334510
HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11405&pf=V7&trgb=IE&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.17280&apn_uid=821C6820-7491-4488-A29E-AF4A4B3692E6&itbv=12.17.1.65&doi=2014-10-06&psv=&pt=tb
HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11405&pf=V7&trgb=IE&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.17280&apn_uid=821C6820-7491-4488-A29E-AF4A4B3692E6&itbv=12.17.1.65&doi=2014-10-06&psv=&pt=tb
HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2929616351-1660927109-1562995560-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2929616351-1660927109-1562995560-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2929616351-1660927109-1562995560-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2929616351-1660927109-1562995560-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2929616351-1660927109-1562995560-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000 -> DefaultScope {84550D92-8114-465F-ACB6-1EFBAC8BBFE5} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20151018&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D021316-A21066F3E7D&form=CONBDF&conlogo=CT3334510&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000 -> {84550D92-8114-465F-ACB6-1EFBAC8BBFE5} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20151018&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000 -> {DBC656EF-3261-43F7-9BCA-25DA99E8CB54} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {84550D92-8114-465F-ACB6-1EFBAC8BBFE5} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20151018&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D021316-A21066F3E7D&form=CONBDF&conlogo=CT3334510&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {84550D92-8114-465F-ACB6-1EFBAC8BBFE5} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20151018&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DBC656EF-3261-43F7-9BCA-25DA99E8CB54} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {57308B0E-232F-440A-ACCE-5DA87712B4C2} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20151018&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {57308B0E-232F-440A-ACCE-5DA87712B4C2} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20151018&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B9D963F8-9A53-405A-97D7-7ED8C0F3DBFB} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20151018&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {B4A81A67-12BE-4D4C-9342-F0CF81AB3B37} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20151018&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B4A81A67-12BE-4D4C-9342-F0CF81AB3B37} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20151018&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-01-19] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-19] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
BHO-x32: MFLHelper Class -> {B0932222-51E2-47D1-A4EF-CB10AE7DF086} -> C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll [2016-02-13] (Get-a-Clip)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-01-19] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-19] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-23] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
BHO-x32: HP Smart Print Helper -> {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} -> C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\Espresso.dll [2012-12-14] (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-11-07] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-12-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-12-03] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default
FF NewTab: hxxp://www.bing.com/?pc=COSP&ptag=D021316-A21066F3E7D&form=CONMHP&conlogo=CT3334510
FF DefaultSearchEngine: Bing®
FF DefaultSearchEngine.US: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Homepage: hxxp://www.bing.com/?pc=COSP&ptag=D021316-A21066F3E7D&form=CONMHP&conlogo=CT3334510
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-23] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2015-08-18] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-11-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2015-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2929616351-1660927109-1562995560-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Billy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-18] (Citrix Online)
FF Plugin HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\Billy\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-18] (Citrix Online)
FF Plugin HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\Nyjah\AppData\Local\Roblox\Versions\version-7cb30356092f43ac\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Alyana\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-04] (RocketLife, LLP)
FF Plugin HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/GoogleTalkPlugin -> C:\Users\Kaliyah\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @talk.google.com/O1DPlugin -> C:\Users\Kaliyah\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Kaliyah\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Kaliyah\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.)
FF user.js: detected! => C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\user.js [2016-02-13]
FF SearchPlugin: C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\searchplugins\bing-lavasoft.xml [2016-02-13]
FF SearchPlugin: C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\searchplugins\McSiteAdvisor.xml [2016-02-13]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF Extension: Get-a-Clip Extension - C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\[email protected] [2016-02-13] [not signed]
FF Extension: HP Smart Print - C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\[email protected] [2013-02-01] [not signed]
FF Extension: Get-a-Clip Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2016-02-13] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.0.21\coFFFw => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-13] [not signed]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\!mercury-autoenable.js [2016-02-13] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\!mercury-csp.js [2016-02-13]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mercury-autoenable.cfg [2016-02-13] <==== ATTENTION

Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/yhs/web?hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20140937,20033,0,31,0
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US0D20151018&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\pdf.dll => No File
CHR Plugin: (Norton Confidential) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-18]
CHR Extension: (Google Search) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-14]
CHR Extension: (SiteAdvisor) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-14]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Gmail) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-01-28]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-01-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0094131455396589mcinstcleanup; C:\Windows\TEMP\009413~1.EXE [883024 2015-10-28] (McAfee, Inc.)
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-07-12] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-02-13] (Lavasoft Limited)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [158952 2015-12-29] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.259.0\McCSPServiceHost.exe [1694152 2016-01-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
S2 MFLService2; C:\Program Files (x86)\Get-a-Clip\MFLService2.exe [1983640 2016-02-13] ()
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1332360 2013-05-20] (PDF Complete Inc)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2016-02-13] ()
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [243448 2015-12-29] (RaMMicHaeL)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-18] (QFX Software Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-13] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-09-29] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
U3 mfeaack01; no ImagePath
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
U3 mfehidk01; no ImagePath
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37448 2015-12-29] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-19] ()
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [70016 2012-07-31] (Identive)
R3 voxaldriver; C:\Windows\System32\DRIVERS\voxaldriverx64.sys [33488 2013-02-23] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-13 16:50 - 2016-02-13 16:51 - 00055109 _____ C:\Users\Billy\Desktop\FRST.txt
2016-02-13 16:48 - 2016-02-13 16:50 - 00000000 ____D C:\FRST
2016-02-13 16:47 - 2016-02-13 16:48 - 02370560 _____ (Farbar) C:\Users\Billy\Desktop\FRST64(1).exe
2016-02-13 16:42 - 2016-02-13 16:43 - 02370560 _____ (Farbar) C:\Users\Billy\Downloads\FRST64.exe
2016-02-13 16:17 - 2016-02-13 16:17 - 00001076 _____ C:\Users\Public\Desktop\KNCTR.lnk
2016-02-13 16:17 - 2016-02-13 16:17 - 00000000 ____D C:\Users\Billy\AppData\Roaming\Itibiti
2016-02-13 16:17 - 2016-02-13 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2016-02-13 16:17 - 2016-02-13 16:17 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
2016-02-13 16:16 - 2016-02-13 16:17 - 00000000 ____D C:\Program Files (x86)\Get-a-Clip
2016-02-13 16:16 - 2016-02-13 16:16 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2016-02-13 16:16 - 2016-02-13 16:16 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2016-02-13 16:16 - 2016-02-13 16:16 - 00111600 _____ C:\Windows\SysWOW64\mfllib.dll
2016-02-13 16:16 - 2016-02-13 16:16 - 00002824 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2016-02-13 16:16 - 2016-02-13 16:16 - 00002824 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2016-02-13 16:16 - 2016-02-13 16:16 - 00000000 ____D C:\Users\Billy\AppData\Roaming\Lavasoft
2016-02-13 16:16 - 2016-02-13 16:16 - 00000000 ____D C:\Users\Billy\AppData\Local\Lavasoft
2016-02-13 16:16 - 2016-02-13 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-02-13 16:15 - 2016-02-13 16:15 - 00000000 ____D C:\ProgramData\Lavasoft
2016-02-13 16:15 - 2016-02-13 16:15 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-02-13 16:14 - 2016-02-13 16:14 - 01137648 _____ (Software Assistant) C:\Users\Billy\Downloads\Malwarebytes Setup.exe
2016-02-13 16:13 - 2016-02-13 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-02-13 15:51 - 2016-02-13 16:31 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-02-13 15:51 - 2016-02-13 15:51 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-02-11 23:05 - 2016-02-11 23:05 - 00000000 ____D C:\ProgramData\Intel Security
2016-02-11 23:04 - 2016-02-11 23:04 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-02-09 22:32 - 2016-02-06 05:24 - 02887680 ____N (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-09 22:32 - 2016-02-06 04:43 - 02280448 ____N (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-09 22:32 - 2016-02-06 04:09 - 01547264 ____N (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-09 22:32 - 2016-02-06 03:54 - 01312256 ____N (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-09 22:31 - 2016-01-22 00:31 - 02597376 ____N (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-09 22:31 - 2016-01-22 00:07 - 02120704 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-09 22:31 - 2016-01-16 14:01 - 02085888 ____N (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-09 22:31 - 2016-01-16 13:36 - 01413632 ____N (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-09 22:31 - 2016-01-11 13:24 - 00709120 ____N (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-09 22:31 - 2016-01-11 13:23 - 00036864 ____N (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-09 22:30 - 2016-01-22 01:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-09 22:30 - 2016-01-22 01:20 - 00503808 ____N (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-09 22:30 - 2016-01-22 01:20 - 00362496 ____N (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-09 22:30 - 2016-01-22 01:20 - 00243712 ____N (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-09 22:30 - 2016-01-22 01:20 - 00215040 ____N (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-09 22:30 - 2016-01-22 01:20 - 00210432 ____N (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-09 22:30 - 2016-01-22 01:20 - 00135680 ____N (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-09 22:30 - 2016-01-22 01:20 - 00086528 ____N (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-09 22:30 - 2016-01-22 01:20 - 00028672 ____N (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-09 22:30 - 2016-01-22 01:20 - 00013312 ____N (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-09 22:30 - 2016-01-22 01:19 - 14179840 ____N (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-09 22:30 - 2016-01-22 01:19 - 01214464 ____N (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-09 22:30 - 2016-01-22 01:19 - 00344064 ____N (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-09 22:30 - 2016-01-22 01:19 - 00028160 ____N (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-09 22:30 - 2016-01-22 01:17 - 00315392 ____N (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-09 22:30 - 2016-01-22 01:17 - 00312320 ____N (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-09 22:30 - 2016-01-22 01:16 - 01461248 ____N (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-09 22:30 - 2016-01-22 01:15 - 01163264 ____N (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-09 22:30 - 2016-01-22 01:15 - 00730112 ____N (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-09 22:30 - 2016-01-22 01:15 - 00422400 ____N (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-09 22:30 - 2016-01-22 01:13 - 00043520 ____N (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-09 22:30 - 2016-01-22 01:13 - 00043520 ____N (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-09 22:30 - 2016-01-22 01:13 - 00022016 ____N (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-09 22:30 - 2016-01-22 01:12 - 01940992 ____N (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-09 22:30 - 2016-01-22 01:12 - 00880128 ____N (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-09 22:30 - 2016-01-22 01:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-09 22:30 - 2016-01-22 01:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-09 22:30 - 2016-01-22 01:06 - 01114112 ____N (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-09 22:30 - 2016-01-22 01:06 - 00665088 ____N (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-09 22:30 - 2016-01-22 01:06 - 00275456 ____N (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-09 22:30 - 2016-01-22 01:06 - 00096768 ____N (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-09 22:30 - 2016-01-22 01:05 - 12877824 ____N (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-09 22:30 - 2016-01-22 00:59 - 00642560 ____N (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-09 22:30 - 2016-01-21 23:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-09 22:30 - 2016-01-21 23:57 - 00030720 ____N (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-09 22:30 - 2016-01-21 23:51 - 00036352 ____N (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-08 20:09 - 2016-02-12 22:26 - 00917325 _____ C:\Users\Billy\Documents\Circle and Lines.pptx
2016-02-04 09:42 - 2016-02-04 09:42 - 00000000 ____D C:\Users\Aiden\AppData\LocalLow\Adobe
2016-02-04 09:42 - 2016-02-04 09:42 - 00000000 ____D C:\Users\Aiden\AppData\Local\Adobe
2016-02-02 18:56 - 2016-02-02 18:56 - 00545628 _____ C:\Users\Billy\Desktop\Siding Proposal - Anderson, Billy.pdf
2016-02-02 18:45 - 2016-02-02 18:45 - 00083831 _____ C:\Users\Billy\Desktop\Est_9695_from_Roof_Works_of_Virginia_Inc._896.pdf
2016-01-31 15:10 - 2016-01-31 15:10 - 00001699 _____ C:\Users\Billy\Downloads\transcript(1).txt
2016-01-31 15:10 - 2016-01-31 15:10 - 00001257 _____ C:\Users\Billy\Downloads\transcript.txt
2016-01-27 18:29 - 2016-01-27 18:29 - 00000026 _____ C:\Users\Billy\Desktop\Phone Security.txt
2016-01-24 21:13 - 2016-01-24 21:13 - 00001373 _____ C:\Users\Billy\Documents\papasdonuteria_backup_3.papa
2016-01-24 21:12 - 2016-01-24 21:12 - 00001373 _____ C:\Users\Billy\Documents\papa donuteria backup
2016-01-24 21:11 - 2016-01-24 21:11 - 00001373 _____ C:\Users\Billy\papasdonuteria_backup_3.papa
2016-01-23 11:55 - 2016-01-23 11:55 - 00002164 _____ C:\Users\Aiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-01-23 11:55 - 2016-01-23 11:55 - 00000000 ___RD C:\Users\Aiden\OneDrive
2016-01-23 11:54 - 2016-01-23 11:54 - 00000000 ___RD C:\Users\Aiden\SkyDrive
2016-01-23 11:54 - 2016-01-23 11:54 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive
2016-01-22 15:34 - 2016-01-22 15:34 - 00001367 _____ C:\Users\Billy\PAPA DONUTERIA GAME BACKUP
2016-01-18 18:00 - 2016-01-18 18:00 - 00000000 ___DL C:\Users\Aiden\AppData\LocalLow\PlayReady
2016-01-16 22:30 - 2016-01-16 22:30 - 00513496 _____ C:\Users\Billy\Documents\Aiden'S Workbook.pptx
2016-01-15 00:13 - 2015-12-23 18:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-15 00:13 - 2015-12-23 17:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-15 00:13 - 2015-12-12 13:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-15 00:13 - 2015-12-12 13:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-15 00:13 - 2015-12-12 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-15 00:13 - 2015-12-12 13:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-15 00:13 - 2015-12-12 13:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil(99).dll
2016-01-15 00:13 - 2015-12-12 13:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-15 00:13 - 2015-12-12 13:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-15 00:13 - 2015-12-12 13:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-15 00:13 - 2015-12-12 13:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-15 00:13 - 2015-12-12 13:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-15 00:13 - 2015-12-12 13:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-15 00:13 - 2015-12-12 13:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-15 00:13 - 2015-12-12 13:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-15 00:13 - 2015-12-12 13:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-15 00:13 - 2015-12-12 13:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-15 00:13 - 2015-12-12 13:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-15 00:13 - 2015-12-12 13:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-15 00:13 - 2015-12-12 13:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-15 00:13 - 2015-12-12 12:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-15 00:13 - 2015-12-12 12:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-15 00:13 - 2015-12-12 12:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-15 00:13 - 2015-12-12 12:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-15 00:13 - 2015-12-12 12:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-15 00:13 - 2015-12-12 12:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-15 00:13 - 2015-12-12 12:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-15 00:13 - 2015-12-12 12:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-15 00:13 - 2015-12-12 12:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-15 00:13 - 2015-12-12 12:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-15 00:13 - 2015-12-12 12:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-15 00:13 - 2015-12-12 12:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-15 00:13 - 2015-12-12 12:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-15 00:13 - 2015-12-12 12:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil(130).dll
2016-01-15 00:13 - 2015-12-12 12:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-15 00:13 - 2015-12-12 12:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-15 00:13 - 2015-12-12 12:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-15 00:13 - 2015-12-12 12:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-15 00:13 - 2015-12-12 12:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-15 00:13 - 2015-12-12 12:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-15 00:13 - 2015-12-12 12:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-15 00:13 - 2015-12-12 12:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-15 00:13 - 2015-12-12 12:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-15 00:13 - 2015-12-12 12:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-15 00:13 - 2015-12-12 12:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-15 00:13 - 2015-12-12 12:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-15 00:13 - 2015-12-12 12:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-15 00:13 - 2015-12-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-15 00:13 - 2015-12-12 12:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-15 00:13 - 2015-12-12 12:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-15 00:13 - 2015-12-12 12:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-15 00:13 - 2015-12-12 12:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-15 00:13 - 2015-12-12 12:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-15 00:13 - 2015-12-12 12:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet(121).dll
2016-01-15 00:13 - 2015-12-12 12:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-15 00:13 - 2015-12-12 12:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-15 00:13 - 2015-12-12 12:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-15 00:13 - 2015-12-12 12:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-15 00:13 - 2015-12-12 12:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-15 00:13 - 2015-12-12 11:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon(118).dll
2016-01-15 00:13 - 2015-12-12 11:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-15 00:13 - 2015-12-12 11:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet(139).dll
2016-01-15 00:13 - 2015-12-12 11:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon(138).dll
2016-01-15 00:13 - 2015-12-12 11:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-14 00:43 - 2016-01-15 00:52 - 00000000 ____D C:\ProgramData\Package Cache

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-13 16:51 - 2015-12-12 21:47 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBilly
2016-02-13 16:51 - 2015-12-12 21:47 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForBilly.job
2016-02-13 16:51 - 2014-05-03 13:14 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005UA.job
2016-02-13 16:50 - 2015-10-18 12:59 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-02-13 16:50 - 2012-12-23 12:42 - 00000000 ____D C:\ProgramData\McAfee
2016-02-13 16:38 - 2013-02-26 22:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-13 16:34 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-13 16:34 - 2009-07-13 23:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-13 16:32 - 2012-10-21 22:57 - 00000000 ____D C:\Users\Billy\Documents\Outlook Files
2016-02-13 16:24 - 2013-01-23 12:47 - 07889022 _____ C:\Windows\ntbtlog.txt
2016-02-13 16:19 - 2015-09-07 11:49 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-13 16:19 - 2012-10-29 16:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-13 16:18 - 2016-01-06 21:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-13 16:18 - 2015-09-07 11:48 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-13 16:18 - 2015-09-07 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-13 16:18 - 2015-09-07 11:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-13 16:16 - 2012-12-14 01:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-13 16:13 - 2015-12-11 14:13 - 00001966 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-02-13 16:13 - 2015-11-10 18:03 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-02-13 16:12 - 2015-12-17 15:51 - 00000408 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2016-02-13 15:53 - 2015-10-18 12:29 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-02-13 15:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-13 15:50 - 2009-07-14 00:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-13 15:49 - 2015-10-18 13:00 - 00000000 __RSD C:\Users\Billy\Documents\McAfee Vaults
2016-02-13 15:47 - 2012-10-19 01:14 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F712B571-DB13-4E6F-8446-176E61B089BC}
2016-02-13 15:45 - 2012-10-29 16:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-13 15:44 - 2013-12-04 18:25 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-02-13 15:44 - 2012-10-20 08:54 - 00000632 __RSH C:\Users\Billy\ntuser.pol
2016-02-13 15:44 - 2012-10-19 01:08 - 00000000 ____D C:\Users\Billy
2016-02-13 15:44 - 2011-12-19 17:05 - 00000000 ____D C:\ProgramData\PDFC
2016-02-13 15:44 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-13 15:40 - 2015-12-03 16:44 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-02-13 15:40 - 2015-10-18 12:59 - 00000000 ____D C:\Program Files\McAfee
2016-02-13 15:40 - 2015-10-18 11:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-02-13 15:40 - 2015-10-18 11:49 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-02-13 15:40 - 2015-09-12 10:53 - 00000000 ____D C:\Users\Billy\AppData\Roaming\QFX Software
2016-02-13 15:40 - 2015-09-12 10:53 - 00000000 ____D C:\ProgramData\QFX Software
2016-02-13 15:40 - 2015-09-07 10:06 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-02-13 15:40 - 2015-04-04 02:03 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-13 15:40 - 2015-01-14 13:53 - 00000000 ____D C:\Users\Aiden
2016-02-13 15:40 - 2014-12-11 06:52 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-13 15:40 - 2014-05-01 23:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-13 15:40 - 2013-01-23 14:13 - 00000000 ____D C:\Users\Administrator
2016-02-13 15:40 - 2012-11-01 15:07 - 00000000 ____D C:\Users\Kaliyah
2016-02-13 15:40 - 2012-10-28 08:34 - 00000000 ____D C:\Users\Alyana
2016-02-13 15:40 - 2012-10-20 11:15 - 00000000 ____D C:\Users\Nyjah
2016-02-13 15:40 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-13 15:40 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-02-13 15:39 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-02-13 15:38 - 2015-09-07 10:06 - 00000000 ___HD C:\Windows\system32\GroupPolicyUsers
2016-02-13 15:33 - 2015-10-18 11:56 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-02-13 14:03 - 2012-10-20 08:50 - 00000000 ____D C:\Users\Billy\AppData\Local\CrashDumps
2016-02-10 03:32 - 2013-07-22 02:04 - 00000000 ____D C:\Windows\system32\MRT
2016-02-09 22:38 - 2013-02-26 22:16 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 22:38 - 2013-02-26 22:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-09 22:38 - 2011-12-19 17:03 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-09 22:01 - 2014-05-03 13:14 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005Core.job
2016-02-07 13:20 - 2012-10-29 16:01 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-02-07 11:29 - 2015-01-14 13:53 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9D109E50-BAD0-405A-A219-E6AFF65A86CA}
2016-02-05 11:40 - 2015-01-14 13:53 - 00000904 __RSH C:\Users\Aiden\ntuser.pol
2016-02-04 19:24 - 2012-10-29 16:01 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-04 19:24 - 2012-10-29 16:01 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-04 09:56 - 2015-01-14 13:53 - 00000000 ____D C:\Users\Aiden\AppData\Local\PDFC
2016-02-04 09:42 - 2015-01-14 13:53 - 00000000 ____D C:\Users\Aiden\AppData\Roaming\Adobe
2016-02-04 08:38 - 2015-09-13 22:01 - 00000000 ____D C:\Users\Aiden\.oracle_jre_usage
2016-02-04 08:33 - 2015-10-20 17:34 - 00000000 __RSD C:\Users\Aiden\Documents\McAfee Vaults
2016-02-02 17:14 - 2012-10-29 16:01 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 17:14 - 2012-10-29 16:01 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-31 10:02 - 2012-10-20 11:16 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A1BEEFD9-55BC-4BF7-B6BD-B2F14FAD15E5}
2016-01-31 09:49 - 2012-10-20 11:15 - 00001232 __RSH C:\Users\Nyjah\ntuser.pol
2016-01-31 09:47 - 2016-01-03 14:26 - 00000000 __RSD C:\Users\Nyjah\Documents\McAfee Vaults
2016-01-31 09:46 - 2015-09-17 16:55 - 00000000 ____D C:\Users\Nyjah\.oracle_jre_usage
2016-01-27 17:22 - 2014-02-06 19:59 - 00000000 ____D C:\Users\Billy\Documents\New folder
2016-01-26 16:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-20 16:40 - 2012-10-26 07:16 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBILLY-HP$
2016-01-20 16:40 - 2012-10-26 07:16 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForBILLY-HP$.job
2016-01-19 15:47 - 2015-11-07 00:22 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-19 15:44 - 2015-11-07 00:19 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-01-18 21:23 - 2015-04-30 16:38 - 00112576 _____ C:\Users\Aiden\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-17 11:33 - 2013-03-14 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-17 02:08 - 2012-11-03 12:36 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-17 01:21 - 2013-03-14 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-17 01:19 - 2013-03-14 02:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-16 09:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-01-16 08:31 - 2012-10-28 08:34 - 00000632 __RSH C:\Users\Alyana\ntuser.pol
2016-01-16 08:29 - 2012-10-28 08:34 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{03757946-5D3C-46A6-8298-C487E1865794}
2016-01-16 08:25 - 2015-10-20 19:19 - 00000000 __RSD C:\Users\Alyana\Documents\McAfee Vaults
2016-01-16 08:20 - 2009-07-13 23:45 - 00438128 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-14 23:49 - 2014-12-26 16:01 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-14 00:44 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2013-02-23 13:06 - 2013-02-23 13:06 - 0001250 _____ () C:\Users\Billy\AppData\Roaming\trace_FilterInstaller.txt
2013-02-23 13:06 - 2013-02-23 13:06 - 0000000 _____ () C:\Users\Billy\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-12-19 21:18 - 2014-01-29 20:18 - 0000144 _____ () C:\Users\Billy\AppData\Roaming\WB.CFG
2012-12-04 22:03 - 2012-12-05 00:01 - 0006656 _____ () C:\Users\Billy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-29 22:00 - 2016-01-10 18:54 - 0000173 _____ () C:\Users\Billy\AppData\Local\msmathematics.qat.Billy
2015-10-18 10:32 - 2015-10-18 10:32 - 0290585 _____ () C:\ProgramData\1445182084.bdinstall.bin
2015-10-18 10:32 - 2015-10-18 10:32 - 0049277 _____ () C:\ProgramData\1445182347.bdinstall.bin
2015-10-18 11:11 - 2015-10-18 11:11 - 0043975 _____ () C:\ProgramData\1445184677.bdinstall.bin
2015-10-18 11:34 - 2015-10-18 11:34 - 0047539 _____ () C:\ProgramData\1445185008.bdinstall.bin
2015-10-25 19:25 - 2015-10-25 19:25 - 0032927 _____ () C:\ProgramData\1445818462.bdinstall.bin
2012-10-19 05:44 - 2012-10-19 05:44 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Alyana\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Billy\AppData\Local\Temp\McCSPInstall.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-04 11:02

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Billy (2016-02-13 16:51:51)
Running from C:\Users\Billy\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-19 06:08:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2929616351-1660927109-1562995560-500 - Administrator - Disabled) => C:\Users\Administrator
Aiden (S-1-5-21-2929616351-1660927109-1562995560-1007 - Limited - Enabled) => C:\Users\Aiden
Alyana (S-1-5-21-2929616351-1660927109-1562995560-1004 - Limited - Enabled) => C:\Users\Alyana
Billy (S-1-5-21-2929616351-1660927109-1562995560-1000 - Administrator - Enabled) => C:\Users\Billy
Guest (S-1-5-21-2929616351-1660927109-1562995560-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2929616351-1660927109-1562995560-1002 - Limited - Enabled)
Kaliyah (S-1-5-21-2929616351-1660927109-1562995560-1005 - Limited - Enabled) => C:\Users\Kaliyah
Nyjah (S-1-5-21-2929616351-1660927109-1562995560-1003 - Limited - Enabled) => C:\Users\Nyjah

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4Videosoft 3GP Video Converter 5.0.8 (HKLM-x32\...\{BCCF882E-8442-4323-82D5-624B8BC74F49}_is1) (Version:  - )
ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\Amazon Amazon Music) (Version: 3.11.2.1053 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Music) (Version: 3.11.2.1053 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar Updater (HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.36191 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.36191 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.5.36191 - Ask.com) <==== ATTENTION
AVS Audio Converter 8.0 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 8.0.2.541 - Online Media Technologies Ltd.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Debut) (Version: 1.82 - NCH Software)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Disney's Mickey Mouse Toddler (HKLM-x32\...\Mickey Mouse Toddler) (Version:  - )
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Express Burn (HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\ExpressBurn) (Version:  - NCH Software)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Get-a-Clip (HKLM-x32\...\Get-a-Clip) (Version:  - Get-a-Clip)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Help (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Basic Device Software (HKLM\...\{A977D10D-989A-40D4-B0B1-450954516543}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Photo Creations (HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\HP Photo Creations) (Version: 1.0.0.19522 - HP)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Smart Print 2.1 (HKLM-x32\...\{8046B41C-FB30-4614-898F-57D44D0C66EB}) (Version: 2.1.0.235 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Keyboard Master II 2.15 Trial (HKLM-x32\...\mk215e_is1) (Version: 2.15e - Nahlik Soft)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.8.2.0 - QFX Software Corporation)
KNCTR (HKLM-x32\...\Itibiti_is1) (Version:  - Itibiti Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog Didj Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog LeapReader Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.7.0.366 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.141 - McAfee, Inc.)
McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 14.0.6136 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2929616351-1660927109-1562995560-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MixPad (HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MixPad) (Version:  - NCH Software)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
NOOK Study (HKLM-x32\...\NOOK Study) (Version: 2.1.2.28770 - Barnesandnoble.com)
Number Concepts Plinko Interactive Game (HKLM-x32\...\Number Concepts Plinko Interactive Game) (Version: 1.5.0.0 - Lakeshore Learning Materials)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.45 - PDF Complete, Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
Prism Video File Converter (HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Prism) (Version:  - NCH Software)
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
ROBLOX Player for Nyjah (HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Smilebox (HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
Stellar Phoenix Windows Data Recovery - Home (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Home_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd)
Switch Sound File Converter (HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Switch) (Version:  - NCH Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Unchecky v0.4.2 (HKLM-x32\...\Unchecky) (Version: 0.4.2 - RaMMicHaeL)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog Didj Plugin) (HKLM-x32\...\DidjPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM-x32\...\LeapReaderPlugin) (Version:  - LeapFrog)
VideoPad Video Editor (HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\VideoPad) (Version: 3.11 - NCH Software)
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
Voxal Voice Changer (HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Voxal) (Version:  - NCH Software)
WavePad Sound Editor (HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WavePad) (Version:  - NCH Software)
Web Companion (HKLM-x32\...\{ed5e8954-904f-459f-a581-725c23ae34d7}) (Version: 2.2.1337.2613 - Lavasoft)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Kaliyah\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Kaliyah\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Kaliyah\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Kaliyah\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Kaliyah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Kaliyah\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Kaliyah\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Kaliyah\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Kaliyah\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Aiden\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Aiden\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DF2A53C-A60B-48A0-A406-69A3784D6D46} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\3.1.0.14\SymErr.exe
Task: {1BA2164E-E1DC-401C-BCB7-CC87A445FE2C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {1CC3B9B2-4D14-46FC-973A-6F24FABA0671} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {2C0FB8D4-EA79-45DF-9C1C-45203483D803} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-07] (Microsoft Corporation)
Task: {2E3F892A-EB0A-4B5E-8732-0FE033F63C55} - System32\Tasks\{C4FAD01E-EB2D-4080-9393-C622EAE92B23} => pcalua.exe -a "C:\Users\Billy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNAVEPV4\wlsetup-web.exe" -d C:\Users\Billy\Desktop
Task: {2EAC283F-B216-4D91-8C7D-2F13A5E8A3C2} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {31560081-3449-42B0-BBAF-E284AF22B0FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {389D8335-317A-43DC-970E-F9D662001362} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {45481AB3-7C44-4F28-81B7-98DF7FB8DEF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {46CF274F-30A8-4097-87B2-53CD79A70B68} - System32\Tasks\{169B9BB8-98E6-4DFA-82EA-4C29A4299204} => pcalua.exe -a C:\Users\Billy\Documents\InstallRoot_v3.16A.exe -d C:\Users\Billy\Documents
Task: {5580E099-AE97-4052-A0CE-2CC21B36B263} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-08-04] (McAfee, Inc.)
Task: {5A52C461-2CF0-43D2-B7ED-EC6109512A18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {5EA3A6EE-F8EA-4B87-B8AE-9994E7CBA7DF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {76E4C62B-8786-45FF-852F-7642F247FD2F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-01-19] (Microsoft Corporation)
Task: {78C746EB-9156-4310-AA96-80D315B14771} - System32\Tasks\{98AF2B71-0F41-43A2-B5CE-E7AC489A2857} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {792CA958-52BF-4CA8-A577-4BB51F84E62C} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe [2015-08-04] (McAfee, Inc.)
Task: {80535741-DAC6-4464-B349-1994A08C25B8} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\3.1.0.14\SymErr.exe
Task: {8108D240-E108-4520-B402-6E1A41280FD9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
Task: {87093FF7-5E20-4D09-8CEF-6A4C79B50EBB} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {898A6F8A-9097-4375-844B-FDF8D0F3959C} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)
Task: {8BDE3788-5D9F-4C08-BFC8-B9738519EB38} - System32\Tasks\HPCeeScheduleForBILLY-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {91C3C01F-1406-4A44-9428-B5C0905F838D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9204D9D1-81FF-4D99-A11C-5704B75A5262} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {9A1B1E45-B8D2-46E0-B302-475B0F32FBF9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {9BB82495-A843-481D-B1C3-44FB3F0CC9AA} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Alyana\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-11-18] ()
Task: {B0DCDAEA-BC01-448E-8018-798115C4C132} - System32\Tasks\{F709531D-85C5-406D-ACF1-A8674054D529} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {B0FAD8FB-1F61-4598-B2C5-1C34D4A4AEEF} - System32\Tasks\{7A7DEF06-5117-4E73-9376-93B1C72DDC4E} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {BD6A99A3-DC0C-459D-8EF5-32BA41349D8E} - System32\Tasks\HPCeeScheduleForBilly => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C08F52E8-6749-446C-AAAA-E9EDA53F88AA} - System32\Tasks\{C99F862E-E650-4AD0-839F-498940BB733E} => C:\Program Files\hp\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {CDC1EEF2-4F7B-451D-BECB-4B001FEDE90A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-01-06] (Hewlett-Packard)
Task: {CF2E5BD6-0CD2-497B-8C78-16888B41F359} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)
Task: {D28D20F9-AB6A-4474-9D0C-323E0BFBCB34} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005UA => C:\Users\Kaliyah\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-31] (Google Inc.)
Task: {D42D3E24-A776-4388-A7FB-56B18A79E092} - System32\Tasks\{906A6E63-D5B4-4F26-A528-84A5995B49BA} => pcalua.exe -a "C:\Users\Billy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MASO2FRI\MP10Setup.exe" -d C:\Users\Billy\Desktop
Task: {D4EA3364-B9E7-4ED1-9EDA-E3D4BA560BB0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-07] (Microsoft Corporation)
Task: {D9EFE9BE-A451-4413-8CB6-BDE367088F2B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {EC5B109C-6C94-468F-96AF-E996CD956FB4} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {F030C318-46A9-4BDB-AC35-857EDDAF3319} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {F097AE4F-66B4-49B5-B378-B32EBA0FF74F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005Core => C:\Users\Kaliyah\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-31] (Google Inc.)
Task: {FEB70DB5-B22A-4428-96FA-DF0FC154B1B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-11] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005Core.job => C:\Users\Kaliyah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005UA.job => C:\Users\Kaliyah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\Alyana\AppData\Roaming\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBILLY-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBilly.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-12-27 00:44 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2015-11-07 00:19 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-11-07 00:23 - 2015-11-07 00:23 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-12-19 16:44 - 2011-09-19 02:50 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-10-24 11:47 - 2015-10-08 00:48 - 05887808 _____ () C:\Users\Billy\AppData\Local\Amazon Music\Amazon Music Helper.exe
2016-02-13 16:16 - 2016-02-13 16:16 - 00017168 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
2016-02-13 16:16 - 2016-02-13 16:16 - 00008976 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Service.Logger.dll
2016-02-13 16:16 - 2016-02-13 16:16 - 00028944 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WcfService.dll
2016-02-13 16:16 - 2016-02-13 16:16 - 00116208 _____ () C:\Program Files (x86)\Get-a-Clip\mflstart.exe
2016-02-13 16:17 - 2013-07-03 14:38 - 07342080 _____ () C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-01 12:30 - 2014-02-01 12:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2016-02-13 16:16 - 2016-02-13 16:16 - 00118032 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2016-02-13 16:16 - 2016-02-13 16:16 - 00049936 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2016-02-13 16:16 - 2016-02-13 16:16 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2016-02-13 16:16 - 2016-02-13 16:16 - 00275216 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2016-02-13 16:16 - 2016-02-13 16:16 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2016-02-13 16:16 - 2016-02-13 16:16 - 00046864 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2016-02-13 16:16 - 2016-02-13 16:16 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2016-02-13 16:16 - 2016-02-13 16:16 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2016-02-13 16:16 - 2016-02-13 16:16 - 00036112 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2015-11-07 00:20 - 2015-11-07 00:23 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-07 00:19 - 2015-11-07 00:22 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2015-11-07 00:19 - 2015-11-07 00:19 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
2015-11-07 00:19 - 2015-11-07 00:22 - 01754296 _____ () C:\Program Files\Microsoft Office 15\root\Office15\tmpod.dll
2015-11-11 02:42 - 2015-11-11 02:42 - 01045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Alyana\Downloads\LeapFrogConnectSetup_LeapReader.exe:BDU
AlternateDataStreams: C:\Users\Billy\Desktop\delfix_1.010.exe:BDU
AlternateDataStreams: C:\Users\Billy\Desktop\mbam-setup-2.1.8.1057.exe:BDU
AlternateDataStreams: C:\Users\Billy\Desktop\unchecky_setup.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\avast_free_antivirus_setup_online_cnet.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\delfix_10.8.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\Firefox Setup Stub 33.0.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\Firefox Setup Stub 35.0.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\Firefox Setup Stub 40.0.2.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\install_flash_player_ax.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\justzipit.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\jxpiinstall(1).exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\jxpiinstall.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\KeyScrambler_Setup.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\Math_Games_Multiplication_Downloader.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\mbam-setup-2.1.8.1057 (1).exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\mbam-setup-2.1.8.1057.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\SecurityTaskManager_Setup.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR311 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR320 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR320.SYS => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\army.mil -> hxxps://akocac.us.army.mil
IE trusted site: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\disa.mil -> hxxps://esd-crm.csd.disa.mil
IE trusted site: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\army.mil -> hxxps://akocac.us.army.mil
IE trusted site: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\disa.mil -> hxxps://esd-crm.csd.disa.mil
IE trusted site: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-02-13 16:13 - 00002062 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Billy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Billy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Nyjah\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Alyana\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Kaliyah\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2929616351-1660927109-1562995560-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Aiden\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2929616351-1660927109-1562995560-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{95319616-7222-4F94-8F33-2A0F76450432}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0020C480-152B-4D90-839C-9359270DFEDB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{32E5AA6E-8A9E-42EA-A0CE-F05295627C29}] => (Allow) C:\Users\Billy\AppData\Local\Temp\nsq1122.tmp\Installer-10333974.exe
FirewallRules: [{62D83F7A-BE10-4BAB-B8CB-847ED5F1C7A0}] => (Allow) C:\Users\Billy\AppData\Local\Temp\nsq1122.tmp\Installer-10333974.exe
FirewallRules: [TCP Query User{FEF6F88A-63EB-405A-B5FA-7D50DA0B5AA4}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{8450BF92-071F-48F2-B4CA-8CC25F8A008A}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{5122C19B-AF05-42CC-9EB8-A839BCD50EC1}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{F1175044-E7FD-4C1A-8860-94712185A197}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [{2C03BB14-3C2F-409B-963A-E9D6CFE1B11D}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{A924FA32-3835-4EFC-BD54-4BC165F74C7E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E3997940-42E5-4783-8F64-9BEB364C2435}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26DCF6CA-3104-4490-9D47-60ECEB40A5E5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{4E579CCE-992F-4BDE-BED7-33F9ACC3278D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{DAB0D360-93B6-4EC5-BF04-9491469FD3A3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{44256553-B49E-453B-B051-D3DF9605A2C6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{91EE29F7-E936-444C-958B-471C1B6947AF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{FCCA9963-B13A-4F52-B915-6D9FC1FF9F24}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{424525A8-6D79-4AA9-9753-FE4A25D2F365}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{E954E32D-E71D-4447-88AD-1FCA7D6F27B5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{9410B35E-0D79-4091-963F-1759A9FC891B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{06CF8FDC-4194-4A0F-8A4B-324EAE3DDDC4}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{76924F8A-64DA-4B21-870D-F920C98C0297}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{16AF3B48-D748-4F81-B824-F71BB08F2471}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{EC5FE1A1-DF7D-4020-A927-F3ECF1139F61}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\FaxApplications.exe
FirewallRules: [{C41F891E-F1D3-4B00-9431-7250AE2E8A53}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\DigitalWizards.exe
FirewallRules: [{8D509E09-CFCC-4412-B4FA-CA1B73A368CF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\SendAFax.exe
FirewallRules: [{405531DA-4ED8-4A10-A3FF-7AD00E82AA6B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\DeviceSetup.exe
FirewallRules: [{F9F93917-516B-4518-B5C9-8CD437AD7D18}] => (Allow) LPort=5357
FirewallRules: [{22123A0F-ADE9-423D-AD55-AB0472C865E4}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{5A2BB567-F250-40CC-A017-A24039D3F5F1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5B2627FF-3C86-475F-9CA4-1F2E4DBCB128}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{4FDA4309-1353-46AC-9DC1-2DC2365EF9EC}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe

==================== Restore Points =========================

04-02-2016 11:09:13 Scheduled Checkpoint
10-02-2016 03:00:54 Windows Update
13-02-2016 15:03:08 Restore Operation

==================== Faulty Device Manager Devices =============

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/13/2016 04:19:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MFLService2.exe, version: 0.0.0.0, time stamp: 0x55e3d604
Faulting module name: MFLService2.exe, version: 0.0.0.0, time stamp: 0x55e3d604
Exception code: 0xc0000005
Fault offset: 0x0001e2fb
Faulting process id: 0x1f98
Faulting application start time: 0xMFLService2.exe0
Faulting application path: MFLService2.exe1
Faulting module path: MFLService2.exe2
Report Id: MFLService2.exe3

Error: (02/13/2016 04:17:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/13/2016 04:17:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/13/2016 03:53:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program McUICnt.exe version 7.0.6062.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 16ec

Start Time: 01d1669f88e69d3b

Termination Time: 0

Application Path: C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe

Report Id: b63c5594-d293-11e5-88e4-386077b91a89

Error: (02/13/2016 03:50:32 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (02/13/2016 03:50:18 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (02/13/2016 03:49:34 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (02/13/2016 03:49:32 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (02/13/2016 03:49:32 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (02/13/2016 03:48:32 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014


System errors:
=============
Error: (02/13/2016 04:49:42 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (02/13/2016 04:48:13 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (02/13/2016 04:45:08 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (02/13/2016 04:43:38 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (02/13/2016 04:43:15 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (02/13/2016 04:39:57 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (02/13/2016 04:35:03 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (02/13/2016 04:33:34 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (02/13/2016 04:29:31 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (02/13/2016 04:25:53 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0


==================== Memory info ===========================

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 58%
Total physical RAM: 8098.52 MB
Available physical RAM: 3377.66 MB
Total Virtual: 16195.24 MB
Available Virtual: 11986.96 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.98 GB) (Free:613.72 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.44 GB) (Free:2.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:2794.51 GB) (Free:2387.86 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5266F27B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=915 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.4 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP

I would run the ESET free online scan.  Takes a few hours but if there is something there it will find it.

 

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  
 
# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
 
 
Let's also try the bitdefender quickscan.
 
 
When it finishes there is a View Report option at the bottom.  Click on it and copy and paste the report (even if it says nothing found).

  • 0

#3
brander38

brander38

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

RKinner,

 

Thanks for responding. I will run the scans and post the results when finished.


  • 0

#4
brander38

brander38

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

RKiner,

 

The ESET tool timed out and did not complete my scan. I will need more time to complete the scan. I will post results when complete. 


  • 0

#5
brander38

brander38

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

RKiner,

 

I finished my ESET scan and Bitdefender scans, then I realize I didn't run them in sysadmin mode. I restarted the scans and I will post the results when complete. Ref. the items moved to quarantine, should I delete those files? Currently 29% of the ESET scan is complete...
 


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP

Most likely but wait until I see the log.


  • 0

#7
brander38

brander38

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

ESET Scan (non-sysadmin):

 

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll    a variant of Win32/Systweak.N potentially unwanted application    cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe    a variant of Win32/Systweak potentially unwanted application    cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.Config.dll    a variant of Win32/GetaClip.A potentially unwanted application    cleaned by deleting (after the next restart)
C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.exe    a variant of Win32/GetaClip.A potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.Lib.dll    a variant of Win32/GetaClip.A potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll    a variant of Win32/GetaClip.A potentially unwanted application    cleaned by deleting (after the next restart)
C:\Program Files (x86)\Get-a-Clip\MFLService2.exe    a variant of Win32/GetaClip.A potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\Get-a-Clip\mflstart.exe    a variant of Win32/GetaClip.A potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\Get-a-Clip\SetupWizard.exe    a variant of Win32/GetaClip.A potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\Get-a-Clip\Plugins\CH\mercury.bootstrap.js    Win32/GetaClip.B potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\Get-a-Clip\Plugins\FF\mercury.bootstrap.js    Win32/GetaClip.B potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\mercury.bootstrap.js    Win32/GetaClip.B potentially unwanted application    cleaned by deleting
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\37aks078.default\extensions\[email protected]\mercury.bootstrap.js    Win32/GetaClip.B potentially unwanted application    cleaned by deleting
C:\Users\Aiden\AppData\Roaming\Mozilla\Firefox\Profiles\k7mgc3m1.default\extensions\[email protected]\mercury.bootstrap.js    Win32/GetaClip.B potentially unwanted application    cleaned by deleting
C:\Users\Alyana\AppData\Roaming\Mozilla\Firefox\Profiles\jyvn16ad.default\extensions\[email protected]\mercury.bootstrap.js    Win32/GetaClip.B potentially unwanted application    cleaned by deleting
C:\Users\Billy\AppData\Local\Temp\ICReinstall_FlashPlayer_Updater.exe    a variant of Win32/InstallCore.AFF.gen potentially unwanted application    cleaned by deleting
C:\Users\Billy\AppData\Local\Temp\in71CF9CF0\72788325_stp\RAM.dll    a variant of Win32/InstallCore.ACL potentially unwanted application    cleaned by deleting
C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\extensions\[email protected]\mercury.bootstrap.js    Win32/GetaClip.B potentially unwanted application    cleaned by deleting
C:\Users\Billy\Desktop\unchecky_setup.exe    a variant of Win32/InstallCore.ACL potentially unwanted application    cleaned by deleting
C:\Users\Billy\Downloads\Malwarebytes Setup.exe    a variant of Win32/DownloadAssistant.C potentially unwanted application    cleaned by deleting
C:\Users\Kaliyah\AppData\Roaming\Mozilla\Firefox\Profiles\fd33t34s.default\extensions\[email protected]\mercury.bootstrap.js    Win32/GetaClip.B potentially unwanted application    cleaned by deleting
C:\Users\Nyjah\AppData\Roaming\Mozilla\Firefox\Profiles\ao6m9a7j.default\extensions\[email protected]\mercury.bootstrap.js    Win32/GetaClip.B potentially unwanted application    cleaned by deleting
C:\Windows\SysWOW64\mfllib.dll    a variant of Win32/GetaClip.A potentially unwanted application    cleaned by deleting (after the next restart)
J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\2_WINZIPSS.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\2_WINZIPSSHelper.dll    a variant of Win32/Systweak.N potentially unwanted application    cleaned by deleting
J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\2_WINZIPSSRegClean.exe    a variant of Win32/Systweak potentially unwanted application    cleaned by deleting
J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\2_WINZIPSSRegistryOptimizer.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\2_WINZIPSSSystemCleaner.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\Copy1_WINZIPSS.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\Copy1_WINZIPSSHelper.dll    a variant of Win32/Systweak.N potentially unwanted application    cleaned by deleting
J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\Copy1_WINZIPSSRegistryOptimizer.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\Copy1_WINZIPSSSystemCleaner.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll    a variant of Win32/Systweak.N potentially unwanted application    cleaned by deleting
J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe    a variant of Win32/Systweak potentially unwanted application    cleaned by deleting
J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe    a variant of Win32/Systweak.L potentially unwanted application    cleaned by deleting
Operating memory    a variant of Win32/GetaClip.A potentially unwanted application    contained infected files

 

----------

ESET Scan (Sysadmin):

 

C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.Config.Vdll    a variant of Win32/GetaClip.A potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.Vdll    a variant of Win32/GetaClip.A potentially unwanted application    cleaned by deleting
C:\Windows\SysWOW64\mfllib.Vdll    a variant of Win32/GetaClip.A potentially unwanted application    cleaned by deleting (after the next restart)
Operating memory    a variant of Win32/GetaClip.A potentially unwanted application    contained infected files

 

----------

No files detect via Bitdefender
 

 


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP

Looks like ESET took care of it for you.

 

If you want a replacement for your winzip try 7-zip.  http://www.7-zip.org/ It's free, clean and works well.

 

To make sure you don't get cryptolockered you might want to install CryptoPrevent.

 

https://www.foolishi...are-prevention/

 

Last time I downloaded it they sent you a link for the download then when you install it they ask you if you think you are clean and then try not to kill any of your current programs.

 

 

To remove FRST :

 

The program will run for a few moments and then notepad will open with a log.  I don't need to see the log unless it looks like it didn't work.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  
 
Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions. 
 
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow.
 
Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will almost certainly be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combefore you open them.
 
 
If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...-120637284.htmland http://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.
 
Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.
 
Make sure Windows Updates is turned and that it works.  Go to Control panel, Windows Updates and see if it works.  

  • 0

#9
brander38

brander38

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

RKinner,

 

Once again Geeks to Go saves the day. You guys are awesome. I apologize for the delay in completing my scans and I appreciate your patience. My system is working like new. Thanks you for the recommend applications. They are all installed.

 

Billy


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,011 posts
  • MVP

Delays are never a problem.  I do not keep track.  Glad we could help.


  • 0






Similar Topics


Also tagged with one or more of these keywords: ransom, randson ware virus, malware, virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP