help.. laptop is talking to me [Closed]

:smashcomp: ... hi, this very strange pop up screen came and also a voice saying to call this number and i have lots of problems they can fix... i figure its a scam somehow.. but can i please get help cleanin up this laptop.. thanks... I will post a picture of the pop up screens... and then the farbar scan results... thanks!!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016

Ran by Devan (administrator) on SHIZNIT (29-04-2016 21:19:34)

Running from C:\Users\Devan\Downloads

Loaded Profiles: Devan & (Available Profiles: Devan)

Platform: Windows 8.1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(RaMMicHaeL) C:\Users\Devan\Desktop\Unchecky\bin\unchecky_svc.exe

(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe

(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(RaMMicHaeL) C:\Users\Devan\Desktop\Unchecky\bin\unchecky_bg.exe

(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe

(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)

HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA Corporation)

HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-01-16] (Alcor Micro Corp.)

HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)

HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [467360 2013-03-08] (TOSHIBA)

HKLM-x32\...\Run: [Intel AppUp® center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2012-10-04] (Intel Corporation)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [807392 2016-03-11] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-03-30] (Avira Operations GmbH & Co. KG)

HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION

HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION

HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION

HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: ** <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION

HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\utorrent\utorrent.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\utorrent\utorrent.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\utorrent\utorrent.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\utorrent\utorrent.exe <====== ATTENTION

HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation)

HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)

HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\Run: [GoogleChromeAutoLaunch_B2901D6D3EBB18EBD73152F642960645] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)

HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()

HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)

HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\MountPoints2: {05f9bc36-6104-11e4-8250-806e6f6e6963} - "D:\StartMe.EXE"

HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation)

HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)

HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_B2901D6D3EBB18EBD73152F642960645] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)

HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [10566352 2015-09-02] ()

HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)

HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {05f9bc36-6104-11e4-8250-806e6f6e6963} - "D:\StartMe.EXE"

Startup: C:\Users\Devan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-04-27]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 64.59.176.15 64.59.177.227

Tcpip\..\Interfaces\{1D4AD5C3-2E4E-4E8D-8D62-583CCBE4047A}: [DhcpNameServer] 64.59.176.15 64.59.177.227

Tcpip\..\Interfaces\{BCD48357-7DEE-4F1A-BE58-034BE4875ED2}: [DhcpNameServer] 64.59.176.15 64.59.177.227

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKU\S-1-5-21-3712499783-581391182-1704282419-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/

HKU\S-1-5-21-3712499783-581391182-1704282419-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com

HKU\S-1-5-21-3712499783-581391182-1704282419-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.toshiba.ca/welcome/?w=23

HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/

HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com

HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.toshiba.ca/welcome/?w=23

SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =

SearchScopes: HKU\S-1-5-21-3712499783-581391182-1704282419-1001 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =

SearchScopes: HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-03] (Microsoft Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)

BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-04-03] (Microsoft Corporation)

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)

BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-04-03] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2015-10-19] ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3712499783-581391182-1704282419-1001: @nsroblox.roblox.com/launcher -> C:\Users\Devan\AppData\Local\Roblox\Versions\version-fe88b67aa44a44d9\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)

FF Plugin HKU\S-1-5-21-3712499783-581391182-1704282419-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Devan\AppData\Local\Roblox\Versions\version-fe88b67aa44a44d9\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)

FF Plugin HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\Devan\AppData\Local\Roblox\Versions\version-fe88b67aa44a44d9\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)

FF Plugin HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Users\Devan\AppData\Local\Roblox\Versions\version-fe88b67aa44a44d9\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)

Chrome:

=======

CHR StartupUrls: Default -> "hxxps://www.google.ca/?gfe_rd=cr&ei=9Fg6Vp65JIbt8wem2rawDA"

CHR Profile: C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-14]

CHR Extension: (Google Docs) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-14]

CHR Extension: (Google Drive) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]

CHR Extension: (YouTube) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]

CHR Extension: (Google Search) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Google Sheets) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-14]

CHR Extension: (Avira Browser Safety) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-21]

CHR Extension: (Google Docs Offline) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]

CHR Extension: (Skype) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-04-27]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-09]

CHR Extension: (Gmail) - C:\Users\Devan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-14]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [955736 2016-03-11] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [466504 2016-03-11] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [466504 2016-03-11] (Avira Operations GmbH & Co. KG)

S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1424880 2016-03-11] (Avira Operations GmbH & Co. KG)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [272304 2016-03-30] (Avira Operations GmbH & Co. KG)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-04-02] (Microsoft Corporation)

R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()

R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()

S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1286896 2016-04-05] (Overwolf LTD)

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)

R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)

S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-10-17] (TOSHIBA CORPORATION)

R2 Unchecky; C:\Users\Devan\Desktop\Unchecky\bin\unchecky_svc.exe [254904 2016-03-20] (RaMMicHaeL)

R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-03-11] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [137952 2016-03-11] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-08] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [68936 2016-03-11] (Avira Operations GmbH & Co. KG)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-04-16] (Symantec Corporation)

S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)

S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-04-16] (Symantec Corporation) [File not signed]

S3 iscFlash; c:\UBIOS\iscflashx64.sys [60680 2013-02-25] (Insyde Software)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-29] (Malwarebytes)

R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)

R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2987224 2013-11-24] (Realtek Semiconductor Corporation )

R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-03-14] (Synaptics Incorporated)

R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [111488 2013-10-15] (TOSHIBA Corporation)

R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-29 21:19 - 2016-04-29 21:20 - 00051155 _____ C:\Users\Devan\Downloads\FRST.txt

2016-04-29 21:12 - 2016-04-29 21:19 - 00000000 ____D C:\FRST

2016-04-29 21:11 - 2016-04-29 21:11 - 02376704 _____ (Farbar) C:\Users\Devan\Downloads\FRST64.exe

2016-04-27 20:28 - 2016-04-27 20:29 - 06882192 _____ (Piriform Ltd) C:\Users\Devan\Downloads\ccsetup517.exe

2016-04-25 22:23 - 2016-04-27 22:09 - 00000000 ____D C:\Users\Devan\Documents\OneNote Notebooks

2016-04-25 22:22 - 2016-04-25 22:22 - 00002347 _____ C:\Users\Devan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk

2016-04-23 23:46 - 2016-04-27 17:32 - 00000000 ____D C:\Users\Devan\AppData\LocalLow\RbxLogs

2016-04-23 23:46 - 2016-04-24 00:05 - 00000246 _____ C:\Users\Devan\AppData\LocalLow\rbxcsettings.rbx

2016-04-23 23:46 - 2016-04-23 23:49 - 00000000 ____D C:\Users\Devan\AppData\Local\Roblox

2016-04-23 23:46 - 2016-04-23 23:46 - 00001413 _____ C:\Users\Devan\Desktop\ROBLOX Player.lnk

2016-04-23 23:46 - 2016-04-23 23:46 - 00001228 _____ C:\Users\Devan\Desktop\ROBLOX Studio.lnk

2016-04-23 23:46 - 2016-04-23 23:46 - 00000000 ____D C:\Users\Devan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox

2016-04-18 15:39 - 2016-04-18 15:39 - 00008084 _____ C:\Users\Devan\Downloads\register (13)

2016-04-18 15:32 - 2016-04-18 15:32 - 00008084 _____ C:\Users\Devan\Downloads\register (12)

2016-04-18 15:32 - 2016-04-18 15:32 - 00008084 _____ C:\Users\Devan\Downloads\register (11)

2016-04-18 15:31 - 2016-04-18 15:31 - 00008084 _____ C:\Users\Devan\Downloads\register (9)

2016-04-18 15:31 - 2016-04-18 15:31 - 00008084 _____ C:\Users\Devan\Downloads\register (10)

2016-04-18 15:12 - 2016-04-18 15:12 - 00008084 _____ C:\Users\Devan\Downloads\register (8)

2016-04-18 15:08 - 2016-04-18 15:08 - 00008084 _____ C:\Users\Devan\Downloads\register (7)

2016-04-18 15:07 - 2016-04-18 15:07 - 00008084 _____ C:\Users\Devan\Downloads\register (6)

2016-04-18 15:06 - 2016-04-18 15:06 - 00008084 _____ C:\Users\Devan\Downloads\register (5)

2016-04-18 15:05 - 2016-04-18 15:05 - 00008084 _____ C:\Users\Devan\Downloads\register (4)

2016-04-18 15:05 - 2016-04-18 15:05 - 00008084 _____ C:\Users\Devan\Downloads\register (3)

2016-04-18 15:04 - 2016-04-18 15:04 - 00008084 _____ C:\Users\Devan\Downloads\register (2)

2016-04-18 15:04 - 2016-04-18 15:04 - 00008084 _____ C:\Users\Devan\Downloads\register (1)

2016-04-18 15:03 - 2016-04-18 15:03 - 00008084 _____ C:\Users\Devan\Downloads\register

2016-04-18 14:38 - 2016-04-18 14:38 - 00000000 ____D C:\Users\Public\Documents\Blizzard Entertainment

2016-04-18 14:26 - 2016-04-27 20:34 - 00000000 ____D C:\Users\Devan\AppData\Roaming\TS3Client

2016-04-18 14:25 - 2016-04-18 14:25 - 00001185 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk

2016-04-18 14:25 - 2016-04-18 14:25 - 00001147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk

2016-04-18 14:25 - 2016-04-18 14:25 - 00000000 ____D C:\Program Files (x86)\TeamSpeak 3 Client

2016-04-18 14:23 - 2016-04-18 14:23 - 29265912 _____ (TeamSpeak Systems GmbH) C:\Users\Devan\Downloads\TeamSpeak3-Client-win32-3.0.19.exe

2016-04-18 13:53 - 2016-04-18 14:26 - 00003728 _____ C:\WINDOWS\System32\Tasks\Overwolf Updater Task

2016-04-18 13:53 - 2016-04-18 14:26 - 00000000 ____D C:\Program Files (x86)\Overwolf

2016-04-18 13:53 - 2016-04-18 13:53 - 00000000 ____D C:\Users\Devan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overwolf

2016-04-18 13:53 - 2016-04-18 13:53 - 00000000 ____D C:\Users\Devan\AppData\Local\CEF

2016-04-18 13:53 - 2016-04-18 13:53 - 00000000 ____D C:\ProgramData\Overwolf

2016-04-18 13:52 - 2016-04-18 14:26 - 00000000 ____D C:\Users\Devan\AppData\Local\Overwolf

2016-04-18 13:49 - 2016-04-18 13:50 - 31414688 _____ (TeamSpeak Systems GmbH) C:\Users\Devan\Downloads\TeamSpeak3-Client-win64-3.0.19.exe

2016-04-18 12:16 - 2016-04-27 15:15 - 00000000 ____D C:\Users\Devan\AppData\LocalLow\uTorrent

2016-04-18 12:00 - 2016-04-27 15:16 - 00000000 ____D C:\Users\Devan\Downloads\ExcaliburWoW Burning Crusade 2.4.3 - With Basic AddOns

2016-04-15 23:22 - 2016-04-15 23:22 - 00001122 _____ C:\Users\Devan\Desktop\Driver Support - Shortcut.lnk

2016-04-15 16:50 - 2016-02-08 21:31 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2016-04-15 16:50 - 2016-02-08 21:31 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2016-04-15 16:50 - 2016-02-08 21:31 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2016-04-15 16:50 - 2016-02-08 21:31 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2016-04-15 16:50 - 2016-02-08 15:48 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2016-04-15 16:50 - 2016-02-08 13:12 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2016-04-15 16:50 - 2016-02-08 12:53 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll

2016-04-15 16:50 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll

2016-04-15 16:50 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll

2016-04-15 16:50 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll

2016-04-15 16:50 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll

2016-04-15 16:50 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll

2016-04-15 16:50 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll

2016-04-15 16:50 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll

2016-04-15 16:50 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll

2016-04-15 16:49 - 2016-04-04 02:35 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2016-04-15 16:49 - 2016-04-02 09:26 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2016-04-15 16:49 - 2016-04-02 09:26 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2016-04-15 16:49 - 2016-03-28 09:21 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2016-04-15 16:49 - 2016-03-28 09:21 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2016-04-15 16:49 - 2016-03-28 09:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2016-04-15 16:49 - 2016-03-28 09:21 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2016-04-15 16:49 - 2016-03-28 09:21 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2016-04-15 16:49 - 2016-02-08 21:31 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe

2016-04-15 16:49 - 2016-02-08 16:55 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll

2016-04-15 16:49 - 2016-02-08 16:15 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll

2016-04-15 16:49 - 2016-02-08 16:02 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll

2016-04-15 16:49 - 2016-02-08 15:43 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe

2016-04-15 16:49 - 2016-02-08 15:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll

2016-04-15 16:49 - 2016-02-08 15:39 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll

2016-04-15 16:49 - 2016-02-08 15:37 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll

2016-04-15 16:49 - 2016-02-08 15:35 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll

2016-04-15 16:49 - 2016-02-08 15:34 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll

2016-04-15 16:49 - 2016-02-08 15:33 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll

2016-04-15 16:49 - 2016-02-08 14:50 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll

2016-04-15 16:49 - 2016-02-08 13:55 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll

2016-04-15 16:49 - 2016-02-08 13:33 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll

2016-04-15 16:49 - 2016-02-08 13:02 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe

2016-04-15 16:49 - 2016-02-08 13:00 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll

2016-04-15 16:49 - 2016-02-08 12:58 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll

2016-04-15 16:49 - 2016-02-08 12:55 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll

2016-04-15 16:49 - 2016-02-08 12:53 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2016-04-15 16:49 - 2016-02-08 12:50 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll

2016-04-15 16:49 - 2016-02-08 12:50 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll

2016-04-15 16:49 - 2016-02-08 12:48 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll

2016-04-15 16:49 - 2016-02-08 12:47 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll

2016-04-15 16:49 - 2016-02-08 12:44 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2016-04-15 16:49 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe

2016-04-15 16:49 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys

2016-04-15 16:49 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2016-04-15 16:49 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2016-04-15 16:49 - 2014-11-07 22:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll

2016-04-15 16:49 - 2014-11-07 22:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll

2016-04-13 21:10 - 2016-01-27 11:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll

2016-04-13 21:10 - 2016-01-26 15:15 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys

2016-04-13 21:09 - 2016-02-05 11:11 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL

2016-04-13 21:09 - 2016-02-05 11:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL

2016-04-13 21:09 - 2016-02-05 11:07 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL

2016-04-13 21:09 - 2016-02-05 11:02 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL

2016-04-13 21:09 - 2016-02-04 12:23 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll

2016-04-13 21:09 - 2016-02-04 12:22 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll

2016-04-13 21:09 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll

2016-04-13 21:09 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll

2016-04-13 21:08 - 2016-02-05 15:07 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2016-04-13 21:07 - 2016-02-04 14:07 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll

2016-04-13 21:07 - 2016-02-04 13:35 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll

2016-04-13 21:07 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys

2016-04-13 21:06 - 2016-01-22 01:22 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll

2016-04-13 21:06 - 2016-01-22 01:11 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll

2016-04-13 21:05 - 2016-03-10 15:19 - 07452512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2016-04-13 21:05 - 2016-03-10 15:17 - 01663192 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2016-04-13 21:05 - 2016-03-10 15:17 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2016-04-13 21:05 - 2016-03-10 15:17 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2016-04-13 21:05 - 2016-03-10 15:17 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2016-04-13 21:05 - 2016-03-10 15:17 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2016-04-13 21:05 - 2016-03-10 13:48 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2016-04-13 21:05 - 2016-03-10 13:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll

2016-04-13 21:05 - 2016-03-10 12:55 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll

2016-04-13 21:05 - 2016-03-10 12:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll

2016-04-13 21:05 - 2016-02-06 19:05 - 00551256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys

2016-04-13 21:05 - 2016-02-06 18:41 - 00316760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys

2016-04-13 21:05 - 2016-02-02 13:18 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe

2016-04-13 21:05 - 2016-01-31 13:17 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe

2016-04-13 21:05 - 2016-01-20 18:40 - 00099672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys

2016-04-12 16:45 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-04-12 16:45 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2016-04-12 16:45 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2016-04-12 16:45 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2016-04-12 16:45 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2016-04-12 16:45 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-04-12 16:45 - 2016-03-30 19:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2016-04-12 16:45 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2016-04-12 16:45 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2016-04-12 16:45 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2016-04-12 16:45 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2016-04-12 16:45 - 2016-03-30 19:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2016-04-12 16:45 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2016-04-12 16:45 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2016-04-12 16:45 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2016-04-12 16:45 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2016-04-12 16:45 - 2016-03-30 19:43 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2016-04-12 16:45 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2016-04-12 16:45 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-04-12 16:45 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2016-04-12 16:45 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2016-04-12 16:45 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2016-04-12 16:45 - 2016-03-30 19:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2016-04-12 16:45 - 2016-03-30 19:27 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2016-04-12 16:45 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2016-04-12 16:45 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2016-04-12 16:45 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2016-04-12 16:45 - 2016-03-30 19:23 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2016-04-12 16:45 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-04-12 16:45 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2016-04-12 16:45 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2016-04-12 16:45 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2016-04-12 16:45 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2016-04-12 16:45 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2016-04-12 16:44 - 2016-03-29 10:05 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2016-04-12 16:44 - 2016-03-15 19:00 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2016-04-12 16:44 - 2016-03-15 10:14 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2016-04-12 16:44 - 2016-03-11 10:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll

2016-04-12 16:44 - 2016-03-10 14:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys

2016-04-12 16:44 - 2016-03-10 14:21 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys

2016-04-12 16:44 - 2016-03-10 14:20 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys

2016-04-12 16:44 - 2016-03-10 13:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll

2016-04-12 16:44 - 2016-03-10 13:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll

2016-04-12 16:44 - 2016-03-10 13:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll

2016-04-12 16:44 - 2016-03-10 12:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll

2016-04-12 16:44 - 2016-03-03 12:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll

2016-04-12 16:44 - 2016-03-03 12:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll

2016-04-12 16:44 - 2016-03-03 12:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll

2016-04-12 16:44 - 2016-03-02 21:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll

2016-04-12 16:44 - 2016-03-02 21:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll

2016-04-11 17:09 - 2016-04-25 22:22 - 00003178 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3712499783-581391182-1704282419-1001

2016-04-11 17:09 - 2016-04-11 17:09 - 00000000 ____D C:\ProgramData\Microsoft OneDrive

2016-04-11 16:55 - 2016-04-11 16:55 - 00002488 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk

2016-04-11 16:55 - 2016-04-11 16:55 - 00002452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk

2016-04-11 16:55 - 2016-04-11 16:55 - 00002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk

2016-04-11 16:55 - 2016-04-11 16:55 - 00002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk

2016-04-11 16:55 - 2016-04-11 16:55 - 00002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk

2016-04-11 16:55 - 2016-04-11 16:55 - 00002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk

2016-04-11 16:55 - 2016-04-11 16:55 - 00002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk

2016-04-11 16:55 - 2016-04-11 16:55 - 00002397 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk

2016-04-11 16:55 - 2016-04-11 16:55 - 00002389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk

2016-04-11 16:55 - 2016-04-11 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools

2016-04-11 16:41 - 2016-04-11 16:41 - 03300032 _____ (Microsoft Corporation) C:\Users\Devan\Downloads\Setup.X86.en-us_O365ProPlusRetail_4363c9a4-4085-4c4e-b271-767d4ecefc25_TX_PR_b_64_.exe

2016-04-11 16:41 - 2016-04-11 16:41 - 00000000 ____D C:\Program Files\Microsoft Office 15

2016-04-09 15:38 - 2016-04-27 21:38 - 00000000 ____D C:\WINDOWS\softwaredistribution.bak1

2016-04-09 15:38 - 2016-04-09 15:39 - 00000000 ____D C:\Users\Devan\AppData\Local\ElevatedDiagnostics

2016-04-09 15:35 - 2016-04-09 15:36 - 00007605 _____ C:\Users\Devan\AppData\Local\resmon.resmoncfg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-29 21:01 - 2014-04-16 16:12 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3712499783-581391182-1704282419-1001

2016-04-29 20:59 - 2015-04-18 14:53 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-04-29 20:59 - 2014-10-23 10:01 - 00000000 ____D C:\Users\Devan\AppData\Roaming\uTorrent

2016-04-29 20:58 - 2015-04-01 15:36 - 00003328 _____ C:\WINDOWS\System32\Tasks\Driver Support

2016-04-29 20:57 - 2014-10-31 18:44 - 00000000 __RDO C:\Users\Devan\OneDrive

2016-04-29 20:56 - 2015-07-14 21:48 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-04-29 20:26 - 2015-07-14 21:48 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-04-29 18:32 - 2014-10-31 18:51 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7D973A59-42C4-44B7-8470-D096E850F37B}

2016-04-29 18:27 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps

2016-04-29 18:27 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-04-29 12:42 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf

2016-04-27 22:22 - 2015-10-10 00:25 - 00175104 ___SH C:\Users\Devan\Downloads\Thumbs.db

2016-04-27 22:09 - 2015-07-14 21:27 - 00513536 ___SH C:\Users\Devan\Desktop\Thumbs.db

2016-04-27 21:38 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-04-27 21:37 - 2014-10-31 09:56 - 00000000 ____D C:\Users\Devan

2016-04-27 21:37 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2016-04-27 20:31 - 2015-09-27 22:23 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk

2016-04-25 23:15 - 2014-05-16 13:33 - 00000000 ____D C:\Users\Devan\AppData\LocalLow\Adblock Plus for IE

2016-04-25 22:31 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF

2016-04-24 19:16 - 2014-05-30 13:01 - 00000000 ____D C:\Users\Devan\AppData\Roaming\Skype

2016-04-24 17:23 - 2015-09-12 13:15 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-04-24 17:23 - 2014-05-30 13:01 - 00000000 ____D C:\ProgramData\Skype

2016-04-21 12:59 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2016-04-21 12:57 - 2013-12-18 19:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2016-04-18 16:25 - 2014-09-24 03:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-04-18 15:35 - 2014-05-16 13:33 - 00000000 ____D C:\ProgramData\Package Cache

2016-04-18 12:18 - 2015-08-31 03:44 - 00001161 _____ C:\Users\Public\Desktop\Avira Launcher.lnk

2016-04-18 12:18 - 2015-04-03 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2016-04-17 17:43 - 2013-04-26 04:47 - 00000000 ____D C:\ProgramData\Toshiba

2016-04-16 05:54 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache

2016-04-16 00:24 - 2014-12-26 15:37 - 00000000 ____D C:\WINDOWS\system32\appraiser

2016-04-16 00:24 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData

2016-04-15 22:53 - 2014-05-06 10:11 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-04-15 22:53 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-04-15 22:48 - 2014-05-06 10:11 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-04-15 22:15 - 2015-10-23 23:03 - 00000000 ____D C:\Users\Devan\Downloads\PopcornTime

2016-04-15 22:01 - 2013-08-22 10:44 - 00473824 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-04-12 22:32 - 2016-03-08 15:54 - 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2016-04-12 22:32 - 2016-03-08 15:54 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2016-04-12 22:32 - 2016-03-08 15:54 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll

2016-04-12 16:42 - 2016-01-13 20:35 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys

2016-04-11 16:41 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2016-04-09 15:32 - 2016-01-05 15:49 - 13598796 _____ C:\Users\Devan\Downloads\gross sores.zip

2016-04-09 15:27 - 2015-04-18 14:52 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-04-09 15:27 - 2015-04-18 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-04-09 15:27 - 2015-04-18 14:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-04-09 15:22 - 2014-06-09 00:07 - 00000000 ____D C:\Users\Devan\AppData\Local\CrashDumps

2016-04-09 15:22 - 2014-04-16 16:02 - 00000000 ____D C:\WINDOWS\softwaredistribution.bak

2016-04-05 17:53 - 2015-03-24 17:10 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2016-04-05 17:53 - 2015-03-24 17:10 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-11-02 19:56 - 2015-11-02 19:56 - 0016384 _____ () C:\Users\Devan\AppData\Roaming\CryptoPrevent_Test_Module.exe

2014-06-04 22:18 - 2014-06-04 22:18 - 0000042 _____ () C:\Users\Devan\AppData\Roaming\WB.CFG

2015-10-24 12:00 - 2015-10-24 12:00 - 0181192 _____ () C:\Users\Devan\AppData\Local\ars.cache

2015-10-24 12:00 - 2015-10-24 12:00 - 0480772 _____ () C:\Users\Devan\AppData\Local\census.cache

2015-10-24 11:48 - 2015-10-24 11:48 - 0000036 _____ () C:\Users\Devan\AppData\Local\housecall.guid.cache

2016-04-09 15:35 - 2016-04-09 15:36 - 0007605 _____ () C:\Users\Devan\AppData\Local\resmon.resmoncfg

2015-10-24 11:57 - 2015-10-24 11:57 - 0000010 _____ () C:\Users\Devan\AppData\Local\sponge.last.runtime.cache

Some files in TEMP:

====================

C:\Users\Devan\AppData\Local\Temp\avgnt.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-29 18:43

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-04-2016

Ran by Devan (2016-04-29 21:20:45)

Running from C:\Users\Devan\Downloads

Windows 8.1 (X64) (2014-10-31 22:39:38)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3712499783-581391182-1704282419-500 - Administrator - Disabled)

Devan (S-1-5-21-3712499783-581391182-1704282419-1001 - Administrator - Enabled) => C:\Users\Devan

Guest (S-1-5-21-3712499783-581391182-1704282419-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3712499783-581391182-1704282419-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)

µTorrent (HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)

Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.4.1245.72462 - Alcor Micro Corp.)

Alcor Micro USB Card Reader (x32 Version: 4.4.1245.72462 - Alcor Micro Corp.) Hidden

AMD Catalyst Install Manager (HKLM\...\{5D42947B-E961-C0B5-5A70-EA0F753331EB}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)

Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.16.282 - Avira Operations GmbH & Co. KG)

Avira Launcher (HKLM-x32\...\{74d1ef14-dd39-4749-b051-e183a1e27f5e}) (Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG)

Avira Launcher (x32 Version: 1.1.58.35540 - Avira Operations GmbH & Co. KG) Hidden

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)

CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)

CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC)

Driver Support (HKLM-x32\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 9.1 - PC Drivers Headquarters, LP)

DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)

Elgato Game Capture HD (HKLM-x32\...\{B3837224-9767-4976-8148-3C72E96FF527}) (Version: 2.10.72.879 - Elgato Systems GmbH)

Evernote v. 5.9.1 (HKLM-x32\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)

FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)

Game Capture HD60 v2.1.1.3 (HKLM-x32\...\Software_Elgato_Game Capture HD60) (Version: 2.1.1.3 - Elgato Systems)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)

Intel AppUp® center (HKLM-x32\...\Intel AppUp® center 41504) (Version: 3.8.0.41504.23 - Intel)

iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6001.1073 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\OneDriveSetup.exe) (Version: 17.3.6386.0412 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.6386.0412 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)

OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden

Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1073 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1073 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1073 - Microsoft Corporation) Hidden

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )

Overwolf (HKLM-x32\...\Overwolf) (Version: 0.93.20.0 - Overwolf Ltd.)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.4.0.0 - Popcorn Time)

Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)

REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)

REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden

Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)

ROBLOX Player for Devan (HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)

ROBLOX Player for Devan (HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)

RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)

Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)

TheSkyX First Light Edition (HKLM-x32\...\{ECE3188A-3B11-4332-B1B9-43FAA9A02626}) (Version: 10.0.2 - Software Bisque, Inc.)

TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)

TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)

TOSHIBA Display Utility (HKLM\...\{B6619F14-F766-4000-BC8A-522D4CC4E44F}) (Version: 1.0.4.5 - Toshiba Corporation)

TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)

TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)

TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.2.0000 - Toshiba Corporation)

TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.341 - Toshiba Corporation)

TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.9.09.6400 - Toshiba Corporation)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)

TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)

TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)

TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)

TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.49.124 - Toshiba Corporation)

Unchecky v0.4.3 (HKLM-x32\...\Unchecky) (Version: 0.4.3 - RaMMicHaeL)

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)

WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden

Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)

WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3712499783-581391182-1704282419-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Devan\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileCoAuthLib64.dll ()

CustomCLSID: HKU\S-1-5-21-3712499783-581391182-1704282419-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Devan\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3712499783-581391182-1704282419-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Devan\AppData\Local\Roblox\Versions\version-fe88b67aa44a44d9\RobloxProxy64.dll (ROBLOX Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {175E215A-1DD2-4553-8512-20108A5D1D44} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-04-03] (Microsoft Corporation)

Task: {1EE96351-4DFD-4236-B61B-8136067F0087} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)

Task: {2E540EB4-9783-4A34-8A72-3289BD7F5DC8} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2016-03-29] (PC Drivers Headquarters)

Task: {4285EBEE-4E20-4523-A2C7-E40A7441C1C7} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2016-03-29] (PC Drivers Headquarters)

Task: {6858D621-4A6A-42B6-8C17-A61CA838ED6C} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2016-03-29] (PC Drivers Headquarters)

Task: {7EEDCF4E-3C3E-4C5E-A7BD-3AAE24AB6344} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-04-03] (Microsoft Corporation)

Task: {902C2D40-67A3-467D-B3CF-442A4C7F0708} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-14] (Google Inc.)

Task: {A4D2DA06-0745-4962-B967-C124F97190F3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-02] (Microsoft Corporation)

Task: {AD6C0445-F9BC-4CD0-9AE7-4D92B10E3019} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-04-03] (Microsoft Corporation)

Task: {AF41CB4A-E844-4218-8A13-B17011BA0901} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-04-05] (Overwolf LTD)

Task: {B5541412-DEB4-4CF1-AE40-FCCBA2B7E243} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-02] (Microsoft Corporation)

Task: {BC673E06-D3FA-4772-8636-DA65BF6DE05E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {CAF19129-4EA6-4768-B539-265F6B7851BB} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)

Task: {CE627A4E-8FF1-42DD-B171-B180209382B0} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3712499783-581391182-1704282419-1001 => C:\Users\Devan\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-04-25] (Microsoft Corporation)

Task: {D547A25F-6A6D-472C-8608-C5D04B5EE5A3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-15] (Microsoft Corporation)

Task: {D67269D7-7E85-49C3-A417-9DF68407A44E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)

Task: {D6FD76C9-9159-406E-A53D-206113751CE6} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2016-03-29] (PC Drivers Headquarters)

Task: {D77E6B1F-98DC-4735-9AD5-98C8E940E03E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-14] (Google Inc.)

Task: {DB778CCA-F8A3-43C6-9BD0-BF7D05C95DC2} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)

Task: {E1688F73-A385-44E0-9D1D-25CB296148F2} - System32\Tasks\{339823DA-8C73-4347-87CD-D41622A68989} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.0.112/en/abandoninstall?page=tsProgressBar

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-03-27 19:53 - 2013-03-27 19:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe

2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2016-04-11 16:41 - 2016-04-02 22:08 - 00171720 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll

2013-09-10 12:54 - 2013-09-10 12:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe

2016-04-21 12:55 - 2016-04-03 01:08 - 08911040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll

2015-04-01 15:36 - 2016-03-29 22:09 - 00365696 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Common.XmlSerializers.dll

2014-05-22 13:14 - 2016-03-29 22:09 - 00496768 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll

2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll

2013-12-18 19:02 - 2012-10-04 15:48 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll

2013-12-18 19:02 - 2012-10-04 15:48 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll

2013-12-18 19:02 - 2012-10-04 15:48 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll

2013-12-18 19:02 - 2012-10-04 15:48 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll

2013-12-18 19:02 - 2012-10-04 15:48 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll

2013-12-18 19:02 - 2012-10-04 15:48 - 00020480 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll

2013-12-18 19:02 - 2012-10-04 15:48 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll

2013-12-18 19:02 - 2012-10-04 15:48 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll

2013-12-18 19:02 - 2012-10-04 15:48 - 00064512 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll

2016-04-21 12:55 - 2016-04-03 00:52 - 08911048 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll

2016-04-11 17:26 - 2016-04-06 06:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll

2016-04-11 17:26 - 2016-04-06 06:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\driversupport.com -> hxxp://apps.driversupport.com

IE trusted site: HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\driversupport.com -> hxxps://apps.driversupport.com

IE trusted site: HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\sharepoint.com -> hxxps://lakeheadschools-files.sharepoint.com

IE trusted site: HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\driversupport.com -> hxxp://apps.driversupport.com

IE trusted site: HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\driversupport.com -> hxxps://apps.driversupport.com

IE trusted site: HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\sharepoint.com -> hxxps://lakeheadschools-files.sharepoint.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-04-27 21:38 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly

0.0.0.0 tracking.opencandy.com.s3.amazonaws.com

0.0.0.0 media.opencandy.com

0.0.0.0 cdn.opencandy.com

0.0.0.0 tracking.opencandy.com

0.0.0.0 api.opencandy.com

0.0.0.0 api.recommendedsw.com

0.0.0.0 installer.betterinstaller.com

0.0.0.0 installer.filebulldog.com

0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net

0.0.0.0 inno.bisrv.com

0.0.0.0 nsis.bisrv.com

0.0.0.0 cdn.file2desktop.com

0.0.0.0 cdn.goateastcach.us

0.0.0.0 cdn.guttastatdk.us

0.0.0.0 cdn.inskinmedia.com

0.0.0.0 cdn.insta.oibundles2.com

0.0.0.0 cdn.insta.playbryte.com

0.0.0.0 cdn.llogetfastcach.us

0.0.0.0 cdn.montiera.com

0.0.0.0 cdn.msdwnld.com

0.0.0.0 cdn.mypcbackup.com

0.0.0.0 cdn.ppdownload.com

0.0.0.0 cdn.riceateastcach.us

0.0.0.0 cdn.shyapotato.us

0.0.0.0 cdn.solimba.com

0.0.0.0 cdn.tuto4pc.com

0.0.0.0 cdn.appround.biz

0.0.0.0 cdn.bigspeedpro.com

0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3712499783-581391182-1704282419-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Devan\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg

HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Devan\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg

DNS Servers: 64.59.176.15 - 64.59.177.227

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\StartupApproved\Run: => "Skype"

HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

HKU\S-1-5-21-3712499783-581391182-1704282419-1001\...\StartupApproved\Run: => "FileHippo.com"

HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Skype"

HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "CCleaner Monitoring"

HKU\S-1-5-21-3712499783-581391182-1704282419-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "FileHippo.com"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{01139214-E379-4536-8A01-6FF210951893}] => (Allow) C:\Users\Devan\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{BBC220F0-F85B-402E-88CF-24792377FC67}] => (Allow) C:\Users\Devan\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{10AA6DC1-FC29-4B2D-A9DC-F47D60351023}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{84E33C39-FDA4-4245-9825-810BCDFB653C}] => (Allow) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

FirewallRules: [TCP Query User{1FA95F93-F8AD-4C26-8BBF-76F08746D697}C:\users\devan\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\devan\appdata\local\popcorn time\node-webkit\popcorn time.exe

FirewallRules: [UDP Query User{01BA4A13-DE7E-4069-ACD2-5A1044A9478C}C:\users\devan\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\devan\appdata\local\popcorn time\node-webkit\popcorn time.exe

FirewallRules: [TCP Query User{5C06F4A7-631F-439E-B804-024A069715B8}C:\users\devan\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\devan\appdata\local\popcorn time\node-webkit\popcorn time.exe

FirewallRules: [UDP Query User{79665D0C-6B99-412B-8294-BB090ABEA7E5}C:\users\devan\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\devan\appdata\local\popcorn time\node-webkit\popcorn time.exe

FirewallRules: [{B1785EC1-A611-48D7-8C7B-32AEDDBCAE51}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{7CE5BCEA-4689-4E6B-9385-C230D6C4221D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{99BF1994-12D2-48C5-88D7-704DAB47AAFF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{2B0ECFA9-914C-49DA-BBA0-BDA805025879}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{FF79FE56-EA21-425C-9931-0075B7F9CA67}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

FirewallRules: [{39E1F026-3065-42F1-A8B8-EEACFF96400A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

FirewallRules: [{91D99E08-4BF4-4C3B-A22F-D65DC7C21A1A}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

FirewallRules: [{5E426B1D-947F-467C-81BB-04F568EEFD53}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

FirewallRules: [TCP Query User{00320D6D-4361-4F8D-ADC3-894E958018BA}C:\users\devan\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\devan\appdata\local\popcorn time\nw.exe

FirewallRules: [UDP Query User{C9BF010F-9341-4243-9EA3-032FB5F3E310}C:\users\devan\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\devan\appdata\local\popcorn time\nw.exe

FirewallRules: [TCP Query User{9DD053FA-DD52-425E-9635-75CAE3C42152}C:\users\devan\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\devan\appdata\local\popcorn time\nw.exe

FirewallRules: [UDP Query User{61E58CA4-280E-4530-A747-FB78FB5EF0BB}C:\users\devan\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\devan\appdata\local\popcorn time\nw.exe

FirewallRules: [{B6D4312C-4C23-49A2-9A1F-24FD5A5A24D0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{EB9112E0-B7A0-4EBF-85ED-96C47036898B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{8611EE91-E198-4AF2-92F0-79D6C7047D08}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{23ADEAD4-62D1-48CD-810C-B07F95BA5761}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [TCP Query User{C0EE9C84-CAA5-43EE-9EA0-BF23B8A4369F}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe

FirewallRules: [UDP Query User{9DB618EB-A0A4-4A4E-8C15-651B781EAC8D}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe

FirewallRules: [TCP Query User{560FFBA4-AD87-4340-9DD4-CA5BB1D1526C}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe

FirewallRules: [UDP Query User{E2D534D7-2171-4DA0-9B04-54EFE28999EE}C:\program files (x86)\popcorn time\popcorntimedesktop.exe] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe

FirewallRules: [{E64DC865-9CFF-49FE-84E6-B0D9AFF798E2}] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe

FirewallRules: [{EC284868-65DF-46F9-B42B-F120A5AA57CD}] => (Allow) C:\program files (x86)\popcorn time\popcorntimedesktop.exe

FirewallRules: [{684345A7-7939-4496-BD1A-FABA48037150}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{9A1575F0-99BB-4741-A1C4-09F5DC5D99DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{9184A8D4-18D4-423A-8B3F-9EF74BCB2580}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{06D17E52-3ECB-4733-B6B0-78A805DF6F12}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{F1C78B68-7E19-4DC0-8A14-614DA6AC8FA2}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe

FirewallRules: [{3A8AB80B-2FC6-40D9-8745-E2DD87BC854C}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe

FirewallRules: [{692AB064-F397-4C9D-8229-6FD613FAE5FE}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe

FirewallRules: [{D3C59810-982F-49C1-8AB5-87C4524F018D}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe

FirewallRules: [{F3D5FD42-5D08-41A3-B4EA-5D30DF8C6E23}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe

FirewallRules: [{7772A696-83A4-4B60-BB35-F04B3B9F072E}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe

FirewallRules: [{87DED608-FE84-4603-8403-031587017943}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{784B96D7-CEC0-4535-827F-168C1EBDC1B0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{C61E9DC5-4559-4F6A-92D3-ACF8B25D58EA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{0E5FA2AE-4626-4D92-899B-C029CED6DEB2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{51C98D49-970A-4020-99E4-20498317CB79}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{0C9D897C-4507-47A9-8009-F70D84F1E398}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

FirewallRules: [{A8CF38CA-0CEB-4513-8930-684517BDCAD4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe

FirewallRules: [{66A633E0-F050-411D-BC5A-3A31118284DE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe

FirewallRules: [{3D53BA3B-7A32-46A9-A1B2-286C5868D1F9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

FirewallRules: [{95DA7DA8-0120-4829-B544-315D09D01936}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

FirewallRules: [{1B591878-5EE4-4061-993A-5AF19E44C8A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

28-04-2016 14:24:33 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (04/29/2016 08:49:00 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program chrome.exe version 49.0.2623.112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1930

Start Time: 01d1a277abaf8e02

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 53124b2c-0e6d-11e6-bf36-0c54a54d6c01

Faulting package full name:

Faulting package-relative application ID:

Error: (04/29/2016 08:13:54 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )

Description: Subscription licensing service failed: -1073418220

Error: (04/29/2016 03:57:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1328

Error: (04/29/2016 03:57:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1328

Error: (04/29/2016 03:57:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/29/2016 03:42:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 4672703

Error: (04/29/2016 03:42:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 4672703

Error: (04/29/2016 03:42:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/29/2016 02:24:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 13515

Error: (04/29/2016 02:24:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 13515

System errors:

=============

Error: (04/27/2016 10:26:26 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Device Association Service service, but this action failed with the following error:

%%1056

Error: (04/27/2016 10:25:30 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Connection Broker service, but this action failed with the following error:

%%1056