Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help.. laptop is talking to me [Closed]


  • This topic is locked This topic is locked

#1
canadianchicklet

canadianchicklet

    Member

  • Member
  • PipPipPip
  • 338 posts

:smashcomp:  :smashcomp: ... hi, this very strange pop up screen came and also a voice saying to call this number and i have lots of problems they can fix... i figure its a scam somehow.. but can i please get help cleanin up this laptop.. thanks... I will post a picture of the pop up screens... and then the farbar scan results... thanks!!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
Ran by Devan (administrator) on SHIZNIT (29-04-2016 21:19:34)
Running from C:\Users\Devan\Downloads
Loaded Profiles: Devan &  (Available Profiles: Devan)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(RaMMicHaeL) C:\Users\Devan\Desktop\Unchecky\bin\unchecky_svc.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(RaMMicHaeL) C:\Users\Devan\Desktop\Unchecky\bin\unchecky_bg.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-01-16] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA)
HKLM-x32\...\Run: [Intel AppUp® center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [807392 2016-03-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\utorrent\utorrent.exe <====== ATTENTION
HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation)
HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\Run: [GoogleChromeAutoLaunch_B2901D6D3EBB18EBD73152F642960645] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\MountPoints2: {05f9bc36-6104-11e4-8250-806e6f6e6963} - "D:\StartMe.EXE" 
HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation)
HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_B2901D6D3EBB18EBD73152F642960645] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()
HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {05f9bc36-6104-11e4-8250-806e6f6e6963} - "D:\StartMe.EXE" 
Startup: C:\Users\Devan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-04-27]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.59.176.15 64.59.177.227
Tcpip\..\Interfaces\{1D4AD5C3-2E4E-4E8D-8D62-583CCBE4047A}: [DhcpNameServer] 64.59.176.15 64.59.177.227
Tcpip\..\Interfaces\{BCD48357-7DEE-4F1A-BE58-034BE4875ED2}: [DhcpNameServer] 64.59.176.15 64.59.177.227
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3712499783-581391182-1704282419-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
HKU\S-1-5-21-3712499783-581391182-1704282419-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-3712499783-581391182-1704282419-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.toshiba.ca/welcome/?w=23
HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.toshiba.ca/welcome/?w=23
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
SearchScopes: HKU\S-1-5-21-3712499783-581391182-1704282419-1001 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
SearchScopes: HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-03] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-04-03] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2015-10-19] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3712499783-581391182-1704282419-1001: @nsroblox.roblox.com/launcher -> C:\Users\Devan\AppData\Local\Roblox\Versions\version-fe88b67aa44a44d9\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3712499783-581391182-1704282419-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Devan\AppData\Local\Roblox\Versions\version-fe88b67aa44a44d9\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\Devan\AppData\Local\Roblox\Versions\version-fe88b67aa44a44d9\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Users\Devan\AppData\Local\Roblox\Versions\version-fe88b67aa44a44d9\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.ca/?gfe_rd=cr&ei=9Fg6Vp65JIbt8wem2rawDA"
CHR Profile: C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-14]
CHR Extension: (Google Docs) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-14]
CHR Extension: (Google Drive) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-14]
CHR Extension: (Avira Browser Safety) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-21]
CHR Extension: (Google Docs Offline) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Skype) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-04-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]
CHR Extension: (Gmail) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-03-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-03-11] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-04-02] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1286896 2016-04-05] (Overwolf LTD)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-10-17] (TOSHIBA CORPORATION)
R2 Unchecky; C:\Users\Devan\Desktop\Unchecky\bin\unchecky_svc.exe [254904 2016-03-20] (RaMMicHaeL)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-08] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-11] (Avira Operations GmbH & Co. KG)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-04-16] (Symantec Corporation)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-04-16] (Symantec Corporation) [File not signed]
S3 iscFlash; c:\UBIOS\iscflashx64.sys [60680 2013-02-25] (Insyde Software)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-29] (Malwarebytes)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2987224 2013-11-24] (Realtek Semiconductor Corporation                           )
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-03-14] (Synaptics Incorporated)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-29 21:19 - 2016-04-29 21:20 - 00051155 _____ C:\Users\Devan\Downloads\FRST.txt
2016-04-29 21:12 - 2016-04-29 21:19 - 00000000 ____D C:\FRST
2016-04-29 21:11 - 2016-04-29 21:11 - 02376704 _____ (Farbar) C:\Users\Devan\Downloads\FRST64.exe
2016-04-27 20:28 - 2016-04-27 20:29 - 06882192 _____ (Piriform Ltd) C:\Users\Devan\Downloads\ccsetup517.exe
2016-04-25 22:23 - 2016-04-27 22:09 - 00000000 ____D C:\Users\Devan\Documents\OneNote Notebooks
2016-04-25 22:22 - 2016-04-25 22:22 - 00002347 _____ C:\Users\Devan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-04-23 23:46 - 2016-04-27 17:32 - 00000000 ____D C:\Users\Devan\AppData\LocalLow\RbxLogs
2016-04-23 23:46 - 2016-04-24 00:05 - 00000246 _____ C:\Users\Devan\AppData\LocalLow\rbxcsettings.rbx
2016-04-23 23:46 - 2016-04-23 23:49 - 00000000 ____D C:\Users\Devan\AppData\Local\Roblox
2016-04-23 23:46 - 2016-04-23 23:46 - 00001413 _____ C:\Users\Devan\Desktop\ROBLOX Player.lnk
2016-04-23 23:46 - 2016-04-23 23:46 - 00001228 _____ C:\Users\Devan\Desktop\ROBLOX Studio.lnk
2016-04-23 23:46 - 2016-04-23 23:46 - 00000000 ____D C:\Users\Devan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-04-18 15:39 - 2016-04-18 15:39 - 00008084 _____ C:\Users\Devan\Downloads\register (13)
2016-04-18 15:32 - 2016-04-18 15:32 - 00008084 _____ C:\Users\Devan\Downloads\register (12)
2016-04-18 15:32 - 2016-04-18 15:32 - 00008084 _____ C:\Users\Devan\Downloads\register (11)
2016-04-18 15:31 - 2016-04-18 15:31 - 00008084 _____ C:\Users\Devan\Downloads\register (9)
2016-04-18 15:31 - 2016-04-18 15:31 - 00008084 _____ C:\Users\Devan\Downloads\register (10)
2016-04-18 15:12 - 2016-04-18 15:12 - 00008084 _____ C:\Users\Devan\Downloads\register (8)
2016-04-18 15:08 - 2016-04-18 15:08 - 00008084 _____ C:\Users\Devan\Downloads\register (7)
2016-04-18 15:07 - 2016-04-18 15:07 - 00008084 _____ C:\Users\Devan\Downloads\register (6)
2016-04-18 15:06 - 2016-04-18 15:06 - 00008084 _____ C:\Users\Devan\Downloads\register (5)
2016-04-18 15:05 - 2016-04-18 15:05 - 00008084 _____ C:\Users\Devan\Downloads\register (4)
2016-04-18 15:05 - 2016-04-18 15:05 - 00008084 _____ C:\Users\Devan\Downloads\register (3)
2016-04-18 15:04 - 2016-04-18 15:04 - 00008084 _____ C:\Users\Devan\Downloads\register (2)
2016-04-18 15:04 - 2016-04-18 15:04 - 00008084 _____ C:\Users\Devan\Downloads\register (1)
2016-04-18 15:03 - 2016-04-18 15:03 - 00008084 _____ C:\Users\Devan\Downloads\register
2016-04-18 14:38 - 2016-04-18 14:38 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment
2016-04-18 14:26 - 2016-04-27 20:34 - 00000000 ____D C:\Users\Devan\AppData\Roaming\TS3Client
2016-04-18 14:25 - 2016-04-18 14:25 - 00001185 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-04-18 14:25 - 2016-04-18 14:25 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk
2016-04-18 14:25 - 2016-04-18 14:25 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client
2016-04-18 14:23 - 2016-04-18 14:23 - 29265912 _____ (TeamSpeak Systems GmbH) C:\Users\Devan\Downloads\TeamSpeak3-Client-win32-3.0.19.exe
2016-04-18 13:53 - 2016-04-18 14:26 - 00003728 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task
2016-04-18 13:53 - 2016-04-18 14:26 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-04-18 13:53 - 2016-04-18 13:53 - 00000000 ____D C:\Users\Devan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf
2016-04-18 13:53 - 2016-04-18 13:53 - 00000000 ____D C:\Users\Devan\AppData\Local\CEF
2016-04-18 13:53 - 2016-04-18 13:53 - 00000000 ____D C:\ProgramData\Overwolf
2016-04-18 13:52 - 2016-04-18 14:26 - 00000000 ____D C:\Users\Devan\AppData\Local\Overwolf
2016-04-18 13:49 - 2016-04-18 13:50 - 31414688 _____ (TeamSpeak Systems GmbH) C:\Users\Devan\Downloads\TeamSpeak3-Client-win64-3.0.19.exe
2016-04-18 12:16 - 2016-04-27 15:15 - 00000000 ____D C:\Users\Devan\AppData\LocalLow\uTorrent
2016-04-18 12:00 - 2016-04-27 15:16 - 00000000 ____D C:\Users\Devan\Downloads\ExcaliburWoW Burning Crusade 2.4.3 - With Basic AddOns
2016-04-15 23:22 - 2016-04-15 23:22 - 00001122 _____ C:\Users\Devan\Desktop\Driver Support - Shortcut.lnk
2016-04-15 16:50 - 2016-02-08 21:31 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-15 16:50 - 2016-02-08 21:31 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-15 16:50 - 2016-02-08 21:31 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-04-15 16:50 - 2016-02-08 21:31 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-04-15 16:50 - 2016-02-08 15:48 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-15 16:50 - 2016-02-08 13:12 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-15 16:50 - 2016-02-08 12:53 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2016-04-15 16:50 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2016-04-15 16:50 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2016-04-15 16:50 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2016-04-15 16:50 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-04-15 16:50 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-04-15 16:50 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2016-04-15 16:50 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-04-15 16:50 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2016-04-15 16:49 - 2016-04-04 02:35 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-04-15 16:49 - 2016-04-02 09:26 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-04-15 16:49 - 2016-04-02 09:26 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-15 16:49 - 2016-03-28 09:21 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-15 16:49 - 2016-03-28 09:21 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-15 16:49 - 2016-03-28 09:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-15 16:49 - 2016-03-28 09:21 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-04-15 16:49 - 2016-03-28 09:21 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-04-15 16:49 - 2016-02-08 21:31 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-15 16:49 - 2016-02-08 16:55 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-04-15 16:49 - 2016-02-08 16:15 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-04-15 16:49 - 2016-02-08 16:02 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-04-15 16:49 - 2016-02-08 15:43 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-04-15 16:49 - 2016-02-08 15:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-04-15 16:49 - 2016-02-08 15:39 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-04-15 16:49 - 2016-02-08 15:37 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2016-04-15 16:49 - 2016-02-08 15:35 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-04-15 16:49 - 2016-02-08 15:34 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-04-15 16:49 - 2016-02-08 15:33 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-04-15 16:49 - 2016-02-08 14:50 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-04-15 16:49 - 2016-02-08 13:55 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-04-15 16:49 - 2016-02-08 13:33 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-04-15 16:49 - 2016-02-08 13:02 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-04-15 16:49 - 2016-02-08 13:00 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-04-15 16:49 - 2016-02-08 12:58 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-04-15 16:49 - 2016-02-08 12:55 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2016-04-15 16:49 - 2016-02-08 12:53 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-15 16:49 - 2016-02-08 12:50 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-04-15 16:49 - 2016-02-08 12:50 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-04-15 16:49 - 2016-02-08 12:48 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-04-15 16:49 - 2016-02-08 12:47 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2016-04-15 16:49 - 2016-02-08 12:44 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-15 16:49 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-04-15 16:49 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-04-15 16:49 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-04-15 16:49 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-04-15 16:49 - 2014-11-07 22:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-04-15 16:49 - 2014-11-07 22:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-04-13 21:10 - 2016-01-27 11:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-04-13 21:10 - 2016-01-26 15:15 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-04-13 21:09 - 2016-02-05 11:11 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 21:09 - 2016-02-05 11:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 21:09 - 2016-02-05 11:07 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 21:09 - 2016-02-05 11:02 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 21:09 - 2016-02-04 12:23 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-04-13 21:09 - 2016-02-04 12:22 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-04-13 21:09 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-04-13 21:09 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-04-13 21:08 - 2016-02-05 15:07 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-04-13 21:07 - 2016-02-04 14:07 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
2016-04-13 21:07 - 2016-02-04 13:35 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
2016-04-13 21:07 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-04-13 21:06 - 2016-01-22 01:22 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-04-13 21:06 - 2016-01-22 01:11 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-04-13 21:05 - 2016-03-10 15:19 - 07452512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 21:05 - 2016-03-10 15:17 - 01663192 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 21:05 - 2016-03-10 15:17 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 21:05 - 2016-03-10 15:17 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 21:05 - 2016-03-10 15:17 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 21:05 - 2016-03-10 15:17 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-13 21:05 - 2016-03-10 13:48 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-13 21:05 - 2016-03-10 13:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 21:05 - 2016-03-10 12:55 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 21:05 - 2016-03-10 12:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 21:05 - 2016-02-06 19:05 - 00551256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-04-13 21:05 - 2016-02-06 18:41 - 00316760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-04-13 21:05 - 2016-02-02 13:18 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-04-13 21:05 - 2016-01-31 13:17 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2016-04-13 21:05 - 2016-01-20 18:40 - 00099672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2016-04-12 16:45 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-12 16:45 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-12 16:45 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-04-12 16:45 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-04-12 16:45 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-04-12 16:45 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-12 16:45 - 2016-03-30 19:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-04-12 16:45 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-04-12 16:45 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-04-12 16:45 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-04-12 16:45 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-12 16:45 - 2016-03-30 19:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-04-12 16:45 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-04-12 16:45 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-04-12 16:45 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-04-12 16:45 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-04-12 16:45 - 2016-03-30 19:43 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-04-12 16:45 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-04-12 16:45 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-12 16:45 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-04-12 16:45 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-12 16:45 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-04-12 16:45 - 2016-03-30 19:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-04-12 16:45 - 2016-03-30 19:27 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-04-12 16:45 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-04-12 16:45 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-04-12 16:45 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-04-12 16:45 - 2016-03-30 19:23 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-04-12 16:45 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-12 16:45 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-12 16:45 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-04-12 16:45 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-12 16:45 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-12 16:45 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-04-12 16:44 - 2016-03-29 10:05 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-04-12 16:44 - 2016-03-15 19:00 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-12 16:44 - 2016-03-15 10:14 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-12 16:44 - 2016-03-11 10:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-12 16:44 - 2016-03-10 14:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-04-12 16:44 - 2016-03-10 14:21 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-04-12 16:44 - 2016-03-10 14:20 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-04-12 16:44 - 2016-03-10 13:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-04-12 16:44 - 2016-03-10 13:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-04-12 16:44 - 2016-03-10 13:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-12 16:44 - 2016-03-10 12:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-12 16:44 - 2016-03-03 12:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-12 16:44 - 2016-03-03 12:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-12 16:44 - 2016-03-03 12:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 16:44 - 2016-03-02 21:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-12 16:44 - 2016-03-02 21:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-11 17:09 - 2016-04-25 22:22 - 00003178 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3712499783-581391182-1704282419-1001
2016-04-11 17:09 - 2016-04-11 17:09 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-04-11 16:55 - 2016-04-11 16:55 - 00002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-04-11 16:55 - 2016-04-11 16:55 - 00002452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-04-11 16:55 - 2016-04-11 16:55 - 00002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-04-11 16:55 - 2016-04-11 16:55 - 00002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-04-11 16:55 - 2016-04-11 16:55 - 00002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-04-11 16:55 - 2016-04-11 16:55 - 00002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-04-11 16:55 - 2016-04-11 16:55 - 00002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-04-11 16:55 - 2016-04-11 16:55 - 00002397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-04-11 16:55 - 2016-04-11 16:55 - 00002389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-04-11 16:55 - 2016-04-11 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-04-11 16:41 - 2016-04-11 16:41 - 03300032 _____ (Microsoft Corporation) C:\Users\Devan\Downloads\Setup.X86.en-us_O365ProPlusRetail_4363c9a4-4085-4c4e-b271-767d4ecefc25_TX_PR_b_64_.exe
2016-04-11 16:41 - 2016-04-11 16:41 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-04-09 15:38 - 2016-04-27 21:38 - 00000000 ____D C:\WINDOWS\softwaredistribution.bak1
2016-04-09 15:38 - 2016-04-09 15:39 - 00000000 ____D C:\Users\Devan\AppData\Local\ElevatedDiagnostics
2016-04-09 15:35 - 2016-04-09 15:36 - 00007605 _____ C:\Users\Devan\AppData\Local\resmon.resmoncfg
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-29 21:01 - 2014-04-16 16:12 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3712499783-581391182-1704282419-1001
2016-04-29 20:59 - 2015-04-18 14:53 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-29 20:59 - 2014-10-23 10:01 - 00000000 ____D C:\Users\Devan\AppData\Roaming\uTorrent
2016-04-29 20:58 - 2015-04-01 15:36 - 00003328 _____ C:\WINDOWS\System32\Tasks\Driver Support
2016-04-29 20:57 - 2014-10-31 18:44 - 00000000 __RDO C:\Users\Devan\OneDrive
2016-04-29 20:56 - 2015-07-14 21:48 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-29 20:26 - 2015-07-14 21:48 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-29 18:32 - 2014-10-31 18:51 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7D973A59-42C4-44B7-8470-D096E850F37B}
2016-04-29 18:27 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-29 18:27 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-29 12:42 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-04-27 22:22 - 2015-10-10 00:25 - 00175104 ___SH C:\Users\Devan\Downloads\Thumbs.db
2016-04-27 22:09 - 2015-07-14 21:27 - 00513536 ___SH C:\Users\Devan\Desktop\Thumbs.db
2016-04-27 21:38 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-27 21:37 - 2014-10-31 09:56 - 00000000 ____D C:\Users\Devan
2016-04-27 21:37 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-27 20:31 - 2015-09-27 22:23 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-25 23:15 - 2014-05-16 13:33 - 00000000 ____D C:\Users\Devan\AppData\LocalLow\Adblock Plus for IE
2016-04-25 22:31 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-24 19:16 - 2014-05-30 13:01 - 00000000 ____D C:\Users\Devan\AppData\Roaming\Skype
2016-04-24 17:23 - 2015-09-12 13:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-24 17:23 - 2014-05-30 13:01 - 00000000 ____D C:\ProgramData\Skype
2016-04-21 12:59 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-21 12:57 - 2013-12-18 19:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-18 16:25 - 2014-09-24 03:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-18 15:35 - 2014-05-16 13:33 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-18 12:18 - 2015-08-31 03:44 - 00001161 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-04-18 12:18 - 2015-04-03 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-04-17 17:43 - 2013-04-26 04:47 - 00000000 ____D C:\ProgramData\Toshiba
2016-04-16 05:54 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2016-04-16 00:24 - 2014-12-26 15:37 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-16 00:24 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-04-15 22:53 - 2014-05-06 10:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-15 22:53 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-15 22:48 - 2014-05-06 10:11 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-15 22:15 - 2015-10-23 23:03 - 00000000 ____D C:\Users\Devan\Downloads\PopcornTime
2016-04-15 22:01 - 2013-08-22 10:44 - 00473824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-12 22:32 - 2016-03-08 15:54 - 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-04-12 22:32 - 2016-03-08 15:54 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-04-12 22:32 - 2016-03-08 15:54 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-04-12 16:42 - 2016-01-13 20:35 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-04-11 16:41 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-09 15:32 - 2016-01-05 15:49 - 13598796 _____ C:\Users\Devan\Downloads\gross sores.zip
2016-04-09 15:27 - 2015-04-18 14:52 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-09 15:27 - 2015-04-18 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-09 15:27 - 2015-04-18 14:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-09 15:22 - 2014-06-09 00:07 - 00000000 ____D C:\Users\Devan\AppData\Local\CrashDumps
2016-04-09 15:22 - 2014-04-16 16:02 - 00000000 ____D C:\WINDOWS\softwaredistribution.bak
2016-04-05 17:53 - 2015-03-24 17:10 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-05 17:53 - 2015-03-24 17:10 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-11-02 19:56 - 2015-11-02 19:56 - 0016384 _____ () C:\Users\Devan\AppData\Roaming\CryptoPrevent_Test_Module.exe
2014-06-04 22:18 - 2014-06-04 22:18 - 0000042 _____ () C:\Users\Devan\AppData\Roaming\WB.CFG
2015-10-24 12:00 - 2015-10-24 12:00 - 0181192 _____ () C:\Users\Devan\AppData\Local\ars.cache
2015-10-24 12:00 - 2015-10-24 12:00 - 0480772 _____ () C:\Users\Devan\AppData\Local\census.cache
2015-10-24 11:48 - 2015-10-24 11:48 - 0000036 _____ () C:\Users\Devan\AppData\Local\housecall.guid.cache
2016-04-09 15:35 - 2016-04-09 15:36 - 0007605 _____ () C:\Users\Devan\AppData\Local\resmon.resmoncfg
2015-10-24 11:57 - 2015-10-24 11:57 - 0000010 _____ () C:\Users\Devan\AppData\Local\sponge.last.runtime.cache
 
Some files in TEMP:
====================
C:\Users\Devan\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-29 18:43
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
Ran by Devan (2016-04-29 21:20:45)
Running from C:\Users\Devan\Downloads
Windows 8.1 (X64) (2014-10-31 22:39:38)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3712499783-581391182-1704282419-500 - Administrator - Disabled)
Devan (S-1-5-21-3712499783-581391182-1704282419-1001 - Administrator - Enabled) => C:\Users\Devan
Guest (S-1-5-21-3712499783-581391182-1704282419-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3712499783-581391182-1704282419-1006 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.4.1245.72462 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.4.1245.72462 - Alcor Micro Corp.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5D42947B-E961-C0B5-5A70-EA0F753331EB}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
Driver Support (HKLM-x32\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 9.1 - PC Drivers Headquarters, LP)
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Elgato Game Capture HD (HKLM-x32\...\{B3837224-9767-4976-8148-3C72E96FF527}) (Version: 2.10.72.879 - Elgato Systems GmbH)
Evernote v. 5.9.1 (HKLM-x32\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
Game Capture HD60 v2.1.1.3 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.3 - Elgato Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)
Intel AppUp® center (HKLM-x32\...\Intel AppUp® center 41504) (Version: 3.8.0.41504.23 - Intel)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6001.1073 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\OneDriveSetup.exe) (Version: 17.3.6386.0412 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.6386.0412 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1073 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.93.20.0 - Overwolf Ltd.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.0.0 - Popcorn Time)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
ROBLOX Player for Devan (HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for Devan (HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TheSkyX First Light Edition (HKLM-x32\...\{ECE3188A-3B11-4332-B1B9-43FAA9A02626}) (Version: 10.0.2 - Software Bisque, Inc.)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{B6619F14-F766-4000-BC8A-522D4CC4E44F}) (Version: 1.0.4.5 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.2.0000 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.341 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.49.124  - Toshiba Corporation)
Unchecky v0.4.3 (HKLM-x32\...\Unchecky) (Version: 0.4.3 - RaMMicHaeL)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3712499783-581391182-1704282419-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Devan\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3712499783-581391182-1704282419-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Devan\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3712499783-581391182-1704282419-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Devan\AppData\Local\Roblox\Versions\version-fe88b67aa44a44d9\RobloxProxy64.dll (ROBLOX Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {175E215A-1DD2-4553-8512-20108A5D1D44} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-04-03] (Microsoft Corporation)
Task: {1EE96351-4DFD-4236-B61B-8136067F0087} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {2E540EB4-9783-4A34-8A72-3289BD7F5DC8} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2016-03-29] (PC Drivers Headquarters)
Task: {4285EBEE-4E20-4523-A2C7-E40A7441C1C7} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2016-03-29] (PC Drivers Headquarters)
Task: {6858D621-4A6A-42B6-8C17-A61CA838ED6C} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2016-03-29] (PC Drivers Headquarters)
Task: {7EEDCF4E-3C3E-4C5E-A7BD-3AAE24AB6344} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-03] (Microsoft Corporation)
Task: {902C2D40-67A3-467D-B3CF-442A4C7F0708} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-14] (Google Inc.)
Task: {A4D2DA06-0745-4962-B967-C124F97190F3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-02] (Microsoft Corporation)
Task: {AD6C0445-F9BC-4CD0-9AE7-4D92B10E3019} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-04-03] (Microsoft Corporation)
Task: {AF41CB4A-E844-4218-8A13-B17011BA0901} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-04-05] (Overwolf LTD)
Task: {B5541412-DEB4-4CF1-AE40-FCCBA2B7E243} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-02] (Microsoft Corporation)
Task: {BC673E06-D3FA-4772-8636-DA65BF6DE05E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {CAF19129-4EA6-4768-B539-265F6B7851BB} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {CE627A4E-8FF1-42DD-B171-B180209382B0} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3712499783-581391182-1704282419-1001 => C:\Users\Devan\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-04-25] (Microsoft Corporation)
Task: {D547A25F-6A6D-472C-8608-C5D04B5EE5A3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-15] (Microsoft Corporation)
Task: {D67269D7-7E85-49C3-A417-9DF68407A44E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {D6FD76C9-9159-406E-A53D-206113751CE6} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2016-03-29] (PC Drivers Headquarters)
Task: {D77E6B1F-98DC-4735-9AD5-98C8E940E03E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-14] (Google Inc.)
Task: {DB778CCA-F8A3-43C6-9BD0-BF7D05C95DC2} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {E1688F73-A385-44E0-9D1D-25CB296148F2} - System32\Tasks\{339823DA-8C73-4347-87CD-D41622A68989} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.112/en/abandoninstall?page=tsProgressBar
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-03-27 19:53 - 2013-03-27 19:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-11 16:41 - 2016-04-02 22:08 - 00171720 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2013-09-10 12:54 - 2013-09-10 12:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-04-21 12:55 - 2016-04-03 01:08 - 08911040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-04-01 15:36 - 2016-03-29 22:09 - 00365696 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Common.XmlSerializers.dll
2014-05-22 13:14 - 2016-03-29 22:09 - 00496768 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-12-18 19:02 - 2012-10-04 15:48 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll
2013-12-18 19:02 - 2012-10-04 15:48 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll
2013-12-18 19:02 - 2012-10-04 15:48 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll
2013-12-18 19:02 - 2012-10-04 15:48 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll
2013-12-18 19:02 - 2012-10-04 15:48 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll
2013-12-18 19:02 - 2012-10-04 15:48 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll
2013-12-18 19:02 - 2012-10-04 15:48 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll
2013-12-18 19:02 - 2012-10-04 15:48 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll
2013-12-18 19:02 - 2012-10-04 15:48 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll
2016-04-21 12:55 - 2016-04-03 00:52 - 08911048 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-04-11 17:26 - 2016-04-06 06:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-11 17:26 - 2016-04-06 06:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\sharepoint.com -> hxxps://lakeheadschools-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\sharepoint.com -> hxxps://lakeheadschools-files.sharepoint.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2016-04-27 21:38 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
There are 4 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3712499783-581391182-1704282419-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Devan\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Devan\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 64.59.176.15 - 64.59.177.227
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\StartupApproved\Run: => "FileHippo.com"
HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "FileHippo.com"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{01139214-E379-4536-8A01-6FF210951893}] => (Allow) C:\Users\Devan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BBC220F0-F85B-402E-88CF-24792377FC67}] => (Allow) C:\Users\Devan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{10AA6DC1-FC29-4B2D-A9DC-F47D60351023}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{84E33C39-FDA4-4245-9825-810BCDFB653C}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
FirewallRules: [TCP Query User{1FA95F93-F8AD-4C26-8BBF-76F08746D697}C:\users\devan\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\devan\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{01BA4A13-DE7E-4069-ACD2-5A1044A9478C}C:\users\devan\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\devan\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{5C06F4A7-631F-439E-B804-024A069715B8}C:\users\devan\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\devan\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{79665D0C-6B99-412B-8294-BB090ABEA7E5}C:\users\devan\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\devan\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{B1785EC1-A611-48D7-8C7B-32AEDDBCAE51}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7CE5BCEA-4689-4E6B-9385-C230D6C4221D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{99BF1994-12D2-48C5-88D7-704DAB47AAFF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2B0ECFA9-914C-49DA-BBA0-BDA805025879}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FF79FE56-EA21-425C-9931-0075B7F9CA67}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{39E1F026-3065-42F1-A8B8-EEACFF96400A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{91D99E08-4BF4-4C3B-A22F-D65DC7C21A1A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{5E426B1D-947F-467C-81BB-04F568EEFD53}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [TCP Query User{00320D6D-4361-4F8D-ADC3-894E958018BA}C:\users\devan\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\devan\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{C9BF010F-9341-4243-9EA3-032FB5F3E310}C:\users\devan\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\devan\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{9DD053FA-DD52-425E-9635-75CAE3C42152}C:\users\devan\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\devan\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{61E58CA4-280E-4530-A747-FB78FB5EF0BB}C:\users\devan\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\devan\appdata\local\popcorn time\nw.exe
FirewallRules: [{B6D4312C-4C23-49A2-9A1F-24FD5A5A24D0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EB9112E0-B7A0-4EBF-85ED-96C47036898B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8611EE91-E198-4AF2-92F0-79D6C7047D08}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{23ADEAD4-62D1-48CD-810C-B07F95BA5761}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{C0EE9C84-CAA5-43EE-9EA0-BF23B8A4369F}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{9DB618EB-A0A4-4A4E-8C15-651B781EAC8D}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{560FFBA4-AD87-4340-9DD4-CA5BB1D1526C}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [UDP Query User{E2D534D7-2171-4DA0-9B04-54EFE28999EE}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [{E64DC865-9CFF-49FE-84E6-B0D9AFF798E2}] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [{EC284868-65DF-46F9-B42B-F120A5AA57CD}] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe
FirewallRules: [{684345A7-7939-4496-BD1A-FABA48037150}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9A1575F0-99BB-4741-A1C4-09F5DC5D99DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9184A8D4-18D4-423A-8B3F-9EF74BCB2580}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{06D17E52-3ECB-4733-B6B0-78A805DF6F12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1C78B68-7E19-4DC0-8A14-614DA6AC8FA2}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{3A8AB80B-2FC6-40D9-8745-E2DD87BC854C}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{692AB064-F397-4C9D-8229-6FD613FAE5FE}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{D3C59810-982F-49C1-8AB5-87C4524F018D}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{F3D5FD42-5D08-41A3-B4EA-5D30DF8C6E23}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{7772A696-83A4-4B60-BB35-F04B3B9F072E}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{87DED608-FE84-4603-8403-031587017943}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{784B96D7-CEC0-4535-827F-168C1EBDC1B0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C61E9DC5-4559-4F6A-92D3-ACF8B25D58EA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0E5FA2AE-4626-4D92-899B-C029CED6DEB2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{51C98D49-970A-4020-99E4-20498317CB79}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0C9D897C-4507-47A9-8009-F70D84F1E398}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A8CF38CA-0CEB-4513-8930-684517BDCAD4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{66A633E0-F050-411D-BC5A-3A31118284DE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3D53BA3B-7A32-46A9-A1B2-286C5868D1F9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{95DA7DA8-0120-4829-B544-315D09D01936}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1B591878-5EE4-4061-993A-5AF19E44C8A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
28-04-2016 14:24:33 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/29/2016 08:49:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 49.0.2623.112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1930
 
Start Time: 01d1a277abaf8e02
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 53124b2c-0e6d-11e6-bf36-0c54a54d6c01
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/29/2016 08:13:54 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (04/29/2016 03:57:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1328
 
Error: (04/29/2016 03:57:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1328
 
Error: (04/29/2016 03:57:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/29/2016 03:42:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4672703
 
Error: (04/29/2016 03:42:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4672703
 
Error: (04/29/2016 03:42:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (04/29/2016 02:24:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13515
 
Error: (04/29/2016 02:24:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13515
 
 
System errors:
=============
Error: (04/27/2016 10:26:26 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Device Association Service service, but this action failed with the following error: 
%%1056
 
Error: (04/27/2016 10:25:30 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Connection Broker service, but this action failed with the following error: 
%%1056
 
Error: (04/27/2016 10:25:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WLAN AutoConfig service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/27/2016 10:25:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Diagnostic System Host service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/27/2016 10:25:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Distributed Link Tracking Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/27/2016 10:25:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/27/2016 10:25:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Program Compatibility Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/27/2016 10:25:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Network Connection Broker service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (04/27/2016 10:25:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HomeGroup Listener service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/27/2016 10:25:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Human Interface Device Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: AMD A10-5745M APU with Radeon™ HD Graphics 
Percentage of memory in use: 33%
Total physical RAM: 7374.26 MB
Available physical RAM: 4909.55 MB
Total Virtual: 11982.26 MB
Available Virtual: 8806.08 MB
 
==================== Drives ================================
 
Drive c: (TI80141400B) (Fixed) (Total:919.13 GB) (Free:440 GB) NTFS
Drive d: (01 03 2008) (CDROM) (Total:0.07 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================20160429_204743_resized.jpg 20160429_204755_resized.jpg
 
 

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi dere :wave:

Was this on a specific website ?

And can you see if it still appears after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
2016-04-21 12:59 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#3
canadianchicklet

canadianchicklet

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts

hey! here is the log... i hope i did it right!Attached File  Fixlog.txt   2.29KB   65 downloads


  • 0

#4
canadianchicklet

canadianchicklet

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 338 posts
Fix result of Farbar Recovery Scan Tool (x64) Version:30-04-2016
Ran by Devan (2016-04-30 20:57:16) Run:1
Running from C:\Users\Devan\Downloads
Loaded Profiles: Devan &  (Available Profiles: Devan)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
2016-04-21 12:59 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
 
*****************
 
Restore point was successfully created.
C:\ProgramData\regid.1991-06.com.microsoft => moved successfully
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3712499783-581391182-1704282419-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3712499783-581391182-1704282419-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{9D817213-59F1-4202-9D32-3A68F6835583} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 408 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 20:58:13 ====
 
 
in case i was supposed to post this way:)

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Either way is good for me :)

How is the computer now ? Is it still talking
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP