Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Startsearch


  • This topic is locked This topic is locked

#1
Triskelion

Triskelion

    Member

  • Member
  • PipPipPip
  • 663 posts

My wife's laptop was infected with Startsearch.org, which to my understanding is a BHO.

Despite my best efforts to remove it I have fallen short, and need some help, please!!!

 

I have tried 3 times to post the FRST and Addition Logs, but when I hit post, I get a forbidden message.

What should I do?


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Can you try an attach the logs
  • 0

#3
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts

Hey Zep! It's been awhile, but you've helped me before!

Glad to have you steering this ship..

 

I'll try and attach the logs.

Attached Files


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Let me see if I can post those logs directly in.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2016
Ran by JButler (administrator) on MERISA (29-08-2016 17:07:48)
Running from C:\Users\JButler\Desktop
Loaded Profiles: JButler (Available Profiles: JButler & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZUpdateNotifier.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-02] (IDT, Inc.)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-10-22] (Atheros Commnucations)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [716224 2016-03-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2014-07-30] (CANON INC.)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4612544 2016-02-19] (iolo technologies, LLC)
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [DiamondView] => C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe [949760 2012-01-06] (Manulife Financial)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [deskPDF Creator] => C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe [2346664 2013-11-02] (Docudesk Corporation)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [Dropbox Update] => C:\Users\JButler\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [HP Officejet Pro X476dw MFP (NET)] => C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [HP Officejet Pro X476dw MFP (NET) #2] => C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [Google Update] => C:\Users\JButler\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-21] (Google Inc.)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1336320 2015-11-25] (Autodesk, Inc.)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\RunOnce: [Uninstall C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\RunOnce: [Uninstall C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\RunOnce: [Uninstall C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\RunOnce: [Uninstall C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\RunOnce: [Uninstall C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Policies\Explorer: []
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1336320 2015-11-25] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-05] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll No File
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-08-25]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-08-25]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-08-25]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk [2015-10-17]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * autocheck smrgdf C:\Users\JButler\AppData\Roaming\iolo\
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.114
Tcpip\..\Interfaces\{741988cf-45ef-475a-8565-48234b797e9e}: [DhcpNameServer] 192.168.1.254 75.153.171.114
Tcpip\..\Interfaces\{b6e2de1c-2cbb-4c2e-b03f-3ab93f3b8626}: [DhcpNameServer] 192.168.1.254 75.153.171.114

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {EDFBB4EE-982F-443F-9340-23CB4FD46E9A} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2011-11-03] ()
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-16] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-10-22] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2011-11-03] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-16] (Oracle Corporation)
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2011-11-03] ()
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\.DEFAULT -> No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
Toolbar: HKU\.DEFAULT -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E008A543-CEFB-4559-912F-C27C2B89F13B} hxxps://www.avdlext.com/dwa7W.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2011-11-03] ()

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-14] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2255940260-1588004598-2344460268-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\JButler\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2255940260-1588004598-2344460268-1001: @talk.google.com/O1DPlugin -> C:\Users\JButler\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2255940260-1588004598-2344460268-1001: @tools.google.com/Google Update;version=3 -> C:\Users\JButler\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2255940260-1588004598-2344460268-1001: @tools.google.com/Google Update;version=9 -> C:\Users\JButler\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2255940260-1588004598-2344460268-1001: facebook.com/fbDesktopPlugin -> C:\Users\JButler\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\JButler\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\JButler\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR StartupUrls: Profile 1 -> "hxxps://www.google.ca/"
CHR Profile: C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-10]
CHR Extension: (Adblock Plus) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-18]
CHR Extension: (IE Tab Multi (Enhance)) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea [2014-04-22]
CHR Extension: (Google Voice (by Google)) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-10-10]
CHR Extension: (TweetDeck Launcher) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmjdnkpkpnjblbgbnkeedepgnomafojk [2014-04-22]
CHR Extension: (Google Wallet) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
CHR Profile: C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Newark element14 Canada) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dmgphfdogbejgokkokppoijjkjaneomb [2016-01-21]
CHR Extension: (TweetDeck by Twitter) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JButler\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-16]
CHR HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - <no Path/update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1231376 2016-03-23] (Autodesk Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
S4 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-12-12] (Fitbit, Inc.) [File not signed]
S4 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [142336 2010-04-12] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-11-02] (Realsil Microelectronics Inc.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2014-05-15] ()
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4759600 2016-02-19] (iolo technologies, LLC)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2014-03-25] (CYREN Inc.)
R2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2014-03-25] (CYREN Inc.)
S3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2014-03-25] (CYREN Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-22] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R2 AMP; C:\WINDOWS\system32\Drivers\amp.sys [174856 2014-03-25] (CYREN Inc.)
R2 AMPSE; C:\WINDOWS\system32\Drivers\ampse.sys [1728776 2014-03-25] (CYREN Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-17] (Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-09-18] (EldoS Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [4767488 2015-10-29] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-10-18] (HP)
U3 idsvc; no ImagePath
S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-29 17:07 - 2016-08-29 17:12 - 00055164 _____ C:\Users\JButler\Desktop\FRST.txt
2016-08-29 17:04 - 2016-08-29 17:06 - 02397696 _____ (Farbar) C:\Users\JButler\Desktop\FRST64.exe
2016-08-29 14:52 - 2016-08-29 14:52 - 00000000 _____ C:\WINDOWS\system32\smrgdf.txt
2016-08-29 09:43 - 2016-08-29 09:43 - 00003562 _____ C:\WINDOWS\System32\Tasks\{B9C883CF-FFE6-42AE-8B5F-5A3E67539BF0}
2016-08-29 00:28 - 2016-08-29 00:28 - 00000000 ____D C:\ProgramData\Sophos
2016-08-29 00:27 - 2016-08-29 00:27 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-08-29 00:27 - 2016-08-29 00:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-08-29 00:27 - 2016-08-29 00:27 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-08-29 00:22 - 2016-08-29 00:24 - 151888864 _____ (Sophos Limited) C:\Users\JButler\Downloads\Sophos Virus Removal Tool.exe
2016-08-28 23:42 - 2016-08-28 23:42 - 00000408 _____ C:\WINDOWS\SysWOW64\iolo.ini
2016-08-28 23:42 - 2016-08-28 23:42 - 00000408 _____ C:\WINDOWS\system32\iolo.ini
2016-08-28 21:35 - 2016-08-28 21:35 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-08-28 21:34 - 2016-08-28 23:35 - 00264014 _____ C:\WINDOWS\ntbtlog.txt
2016-08-28 21:14 - 2016-08-28 21:14 - 00000000 ____D C:\ProgramData\Commtouch
2016-08-28 21:14 - 2016-08-28 21:14 - 00000000 ____D C:\Program Files\Common Files\Commtouch
2016-08-28 21:14 - 2014-03-25 15:59 - 01728776 ____R (CYREN Inc.) C:\WINDOWS\system32\Drivers\ampse.sys
2016-08-28 21:14 - 2014-03-25 15:59 - 00174856 ____R (CYREN Inc.) C:\WINDOWS\system32\Drivers\amp.sys
2016-08-28 21:08 - 2016-08-29 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC Desktop
2016-08-28 21:08 - 2016-08-29 00:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
2016-08-28 21:08 - 2016-08-28 21:08 - 00000258 __RSH C:\Users\JButler\ntuser.pol
2016-08-28 21:06 - 2016-08-28 21:06 - 00001558 _____ C:\Users\Public\Desktop\System Mechanic Professional.lnk
2016-08-28 21:06 - 2016-02-19 07:20 - 02182248 _____ (iolo technologies, LLC) C:\WINDOWS\system32\Incinerator64.dll
2016-08-28 20:46 - 2016-08-28 20:46 - 00003312 _____ C:\WINDOWS\System32\Tasks\{E7AD7AB2-8D65-4874-822D-3B6245BD1D64}
2016-08-28 14:46 - 2016-08-28 15:21 - 00000000 ____D C:\ProgramData\b9aca1e9-2f15-1
2016-08-28 14:46 - 2016-08-28 15:21 - 00000000 ____D C:\ProgramData\b9aca1e9-0265-0
2016-08-28 14:45 - 2016-08-28 14:53 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2016-08-28 14:45 - 2016-08-28 14:45 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-08-28 14:41 - 2016-08-28 14:42 - 03904175 _____ C:\Users\JButler\Downloads\CyberLink PowerDirector 14 Crack.rar
2016-08-26 18:22 - 2016-08-26 18:22 - 00003332 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-26 18:20 - 2016-08-26 18:20 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Skype
2016-08-26 17:27 - 2016-08-26 17:27 - 00003224 _____ C:\WINDOWS\System32\Tasks\{590280A9-2B45-49CC-AE52-D87180C79760}
2016-08-25 22:48 - 2016-08-22 14:00 - 1675086704 _____ C:\Users\JButler\Documents\Tragically Hip Concert.mp4
2016-08-25 22:13 - 2016-08-25 22:13 - 00000000 ____D C:\Users\JButler\Documents\NeroVideo
2016-08-25 22:13 - 2016-08-25 22:13 - 00000000 ____D C:\Users\JButler\AppData\Local\Nero
2016-08-25 21:39 - 2016-08-25 21:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Nero
2016-08-25 21:38 - 2016-08-25 21:38 - 00002929 ____N C:\Users\Public\Desktop\Nero 2016.lnk
2016-08-25 21:34 - 2016-08-25 21:39 - 00000000 ____D C:\Program Files (x86)\Nero
2016-08-25 21:34 - 2016-08-25 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2016
2016-08-25 21:34 - 2016-08-25 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2016-08-25 21:19 - 2016-08-25 21:19 - 00000000 ____D C:\Users\JButler\Desktop\NERO
2016-08-25 21:05 - 2016-08-25 22:13 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Nero
2016-08-25 20:48 - 2016-08-25 22:13 - 00000000 ____D C:\ProgramData\Nero
2016-08-25 20:35 - 2016-08-25 20:35 - 00003534 _____ C:\WINDOWS\System32\Tasks\Adobe
2016-08-25 20:33 - 2016-08-25 20:37 - 00000000 ____D C:\ProgramData\Isolated Storage
2016-08-25 20:33 - 2016-08-25 20:33 - 00000000 ____D C:\Program Files (x86)\%npp.6.9.2.Installen%
2016-08-25 20:06 - 2016-08-25 20:06 - 00000000 ____D C:\Users\JButler\Documents\Tragically Hip Project
2016-08-25 20:04 - 2016-08-25 20:04 - 00000000 ____D C:\Users\JButler\.thumb
2016-08-25 19:53 - 2016-08-25 19:55 - 42062499 _____ (Thüring IT-Consulting ) C:\Users\JButler\Downloads\DVDStyler-3.0.2-win64.exe
2016-08-25 17:09 - 2016-08-25 17:12 - 55263032 _____ ( ) C:\Users\JButler\Downloads\DVD_Menus_Pack_Standard.exe
2016-08-25 17:08 - 2016-08-25 17:08 - 00000000 ____D C:\ProgramData\Wondershare
2016-08-25 16:40 - 2016-08-25 17:13 - 00000000 ____D C:\Users\JButler\Documents\Wondershare DVD Creator
2016-08-25 16:40 - 2016-08-25 16:40 - 00001267 ____N C:\Users\JButler\Desktop\Wondershare DVD Creator.lnk
2016-08-25 16:40 - 2016-08-25 16:40 - 00000000 ____D C:\Users\JButler\AppData\Local\Wondershare
2016-08-25 16:40 - 2016-08-25 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-08-25 16:40 - 2016-08-25 16:40 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-08-25 16:36 - 2016-08-25 21:19 - 00000000 ____D C:\Users\JButler\AppData\Local\WinZip
2016-08-25 16:36 - 2016-08-25 16:36 - 00002248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Update Notifier.lnk
2016-08-25 16:36 - 2016-08-25 16:36 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip BG Tools.lnk
2016-08-25 16:36 - 2016-08-25 16:36 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-08-25 16:36 - 2016-08-25 16:36 - 00002185 ____N C:\Users\Public\Desktop\WinZip.lnk
2016-08-25 16:36 - 2016-08-25 16:36 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 20.5
2016-08-25 16:36 - 2016-08-25 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 20.5
2016-08-25 16:36 - 2016-08-25 16:36 - 00000000 ____D C:\Program Files\WinZip
2016-08-25 16:35 - 2016-08-25 16:35 - 00000000 ____D C:\ProgramData\UniqueId
2016-08-25 16:34 - 2016-08-25 16:35 - 00706032 _____ (WinZip Computing, S.L.) C:\Users\JButler\Downloads\winzip20-home.exe
2016-08-25 13:03 - 2016-08-25 13:03 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
2016-08-25 12:02 - 2016-08-29 17:02 - 00000296 _____ C:\WINDOWS\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D}.job
2016-08-25 12:02 - 2016-08-25 12:02 - 00002836 _____ C:\WINDOWS\System32\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D}
2016-08-25 12:02 - 2016-08-25 12:02 - 00002569 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2016-08-25 12:02 - 2016-08-25 12:02 - 00000000 ____D C:\Users\JButler\AppData\Roaming\{2F6919D2-0A3B-74A4-610D-5376BDDFAE48}
2016-08-25 12:02 - 2016-08-25 12:02 - 00000000 ____D C:\Users\JButler\AppData\Local\Setup1724781
2016-08-25 12:02 - 2016-08-25 12:02 - 00000000 ____D C:\Users\JButler\AppData\Local\chromium
2016-08-25 12:02 - 2016-08-25 12:02 - 00000000 ____D C:\Users\JButler\AppData\Local\{2F341968-0B9C-75D0-6604-5038426CACA0}
2016-08-25 12:01 - 2016-08-25 12:02 - 00000000 ____D C:\Users\JButler\AppData\Local\reto
2016-08-25 12:01 - 2016-08-25 12:01 - 03838492 _____ (LIGHTNING UK!) C:\Users\JButler\Downloads\SetupImgBurn_2.5.8.0.exe
2016-08-24 20:13 - 2016-08-24 20:13 - 00641460 _____ C:\Users\JButler\Downloads\OffLimitsGameitsjustlikeTabooFREEPACK.pdf
2016-08-23 18:28 - 2016-08-23 18:28 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-19 16:23 - 2016-08-19 17:30 - 00000000 ____D C:\Users\JButler\Documents\Comic Life
2016-08-19 16:23 - 2016-08-19 16:23 - 00001058 ____N C:\Users\Public\Desktop\Comic Life.lnk
2016-08-19 16:23 - 2016-08-19 16:23 - 00000004 __RSH C:\ProgramData\sysqcl1129139270.dat
2016-08-19 16:23 - 2016-08-19 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\plasq
2016-08-19 16:23 - 2016-08-19 16:23 - 00000000 ____D C:\Program Files (x86)\plasq
2016-08-19 16:22 - 2016-08-19 16:22 - 11770368 _____ C:\Users\JButler\Downloads\comiclife-win.exe
2016-08-16 22:12 - 2016-08-16 22:12 - 00590402 _____ C:\Users\JButler\Downloads\Dexter_-_Season_1_-_480p_-_BRRip_-_x264_-_AC3_5.1_-={SPARROW}=-.zip
2016-08-09 15:44 - 2016-08-03 05:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-09 15:44 - 2016-08-03 05:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-09 15:44 - 2016-08-03 05:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-09 15:44 - 2016-08-03 04:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-09 15:44 - 2016-08-03 04:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-09 15:44 - 2016-08-03 04:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-09 15:44 - 2016-08-03 04:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-09 15:44 - 2016-08-03 04:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-09 15:44 - 2016-08-03 04:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-09 15:44 - 2016-08-03 04:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-09 15:44 - 2016-08-03 04:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-09 15:44 - 2016-08-03 04:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-09 15:44 - 2016-08-03 04:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-09 15:44 - 2016-08-03 04:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-09 15:44 - 2016-08-03 04:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-09 15:44 - 2016-08-03 04:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-09 15:44 - 2016-08-03 04:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-09 15:44 - 2016-08-03 04:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-09 15:44 - 2016-08-03 04:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-09 15:44 - 2016-08-03 04:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-09 15:44 - 2016-08-03 04:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-09 15:44 - 2016-08-03 04:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-09 15:44 - 2016-08-03 03:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-09 15:44 - 2016-08-03 03:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-09 15:44 - 2016-08-03 03:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-09 15:44 - 2016-08-03 03:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-09 15:44 - 2016-08-03 03:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-09 15:44 - 2016-08-03 03:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-09 15:44 - 2016-08-03 03:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-09 15:44 - 2016-08-03 03:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-09 15:44 - 2016-08-03 03:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-09 15:44 - 2016-08-03 03:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-09 15:44 - 2016-08-03 03:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-09 15:44 - 2016-08-03 03:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-09 15:44 - 2016-08-03 03:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-09 15:44 - 2016-08-03 03:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-09 15:44 - 2016-08-03 03:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-09 15:44 - 2016-08-03 03:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-09 15:44 - 2016-08-03 03:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-09 15:44 - 2016-08-03 03:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-09 15:44 - 2016-08-03 03:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-09 15:44 - 2016-08-03 03:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-09 15:44 - 2016-08-03 03:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-09 15:44 - 2016-08-03 03:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-09 15:44 - 2016-08-03 03:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-09 15:44 - 2016-08-03 03:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-09 15:44 - 2016-08-03 03:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-09 15:44 - 2016-08-03 03:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-09 15:44 - 2016-08-03 03:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-09 15:44 - 2016-08-03 03:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-09 15:44 - 2016-08-03 03:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-09 15:44 - 2016-08-03 03:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-09 15:44 - 2016-08-03 03:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-09 15:44 - 2016-08-03 03:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-09 15:44 - 2016-08-03 03:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-09 15:44 - 2016-08-03 03:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-09 15:44 - 2016-08-03 03:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-09 15:44 - 2016-08-03 03:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-09 15:44 - 2016-08-03 03:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-09 15:44 - 2016-08-03 03:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-09 15:44 - 2016-08-03 03:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-09 15:44 - 2016-08-03 03:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-09 15:44 - 2016-08-03 03:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-09 15:44 - 2016-08-03 03:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-09 15:44 - 2016-08-03 03:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-09 15:44 - 2016-08-03 03:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-09 15:44 - 2016-08-03 03:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-09 15:44 - 2016-08-03 03:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-09 15:44 - 2016-08-03 03:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-09 15:44 - 2016-08-03 03:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-09 15:44 - 2016-08-02 23:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-09 15:44 - 2016-08-02 23:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-09 15:44 - 2016-08-02 23:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-09 15:44 - 2016-08-02 23:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-09 15:44 - 2016-08-02 23:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-09 15:44 - 2016-08-02 23:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-09 15:44 - 2016-08-02 23:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-09 15:44 - 2016-08-02 23:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-09 15:44 - 2016-08-02 23:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-09 15:44 - 2016-08-02 23:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-09 15:44 - 2016-08-02 22:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-09 15:44 - 2016-08-02 22:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-09 15:44 - 2016-08-02 22:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-09 15:44 - 2016-08-02 22:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-09 15:44 - 2016-08-02 22:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-09 15:44 - 2016-08-02 22:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-09 15:44 - 2016-08-02 22:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-09 15:44 - 2016-08-02 22:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-09 15:44 - 2016-08-02 22:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-09 15:44 - 2016-08-02 22:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-09 15:44 - 2016-08-02 22:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-09 15:44 - 2016-08-02 22:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-09 15:44 - 2016-08-02 22:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-09 15:44 - 2016-08-02 22:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-09 15:44 - 2016-08-02 22:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-09 15:44 - 2016-08-02 22:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-09 15:44 - 2016-08-02 22:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-09 15:44 - 2016-08-02 22:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-09 15:44 - 2016-08-02 22:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-09 15:44 - 2016-08-02 22:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-09 15:44 - 2016-08-02 22:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-09 15:44 - 2016-08-02 22:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-09 15:44 - 2016-08-02 22:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-09 15:44 - 2016-08-02 22:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-09 15:44 - 2016-08-02 22:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-09 15:44 - 2016-08-02 22:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-09 15:44 - 2016-08-02 22:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-09 15:44 - 2016-08-02 22:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 15:44 - 2016-08-02 22:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-09 15:43 - 2016-08-03 04:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-09 15:43 - 2016-08-03 04:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-09 15:43 - 2016-08-03 04:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-09 15:43 - 2016-08-03 04:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-09 15:43 - 2016-08-03 03:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-09 15:43 - 2016-08-03 03:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-09 15:43 - 2016-08-03 03:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-09 15:43 - 2016-08-03 03:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-09 15:43 - 2016-08-03 03:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-09 15:43 - 2016-08-03 03:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-09 15:43 - 2016-08-03 03:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-09 15:43 - 2016-08-03 03:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-09 15:43 - 2016-08-03 03:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-09 15:43 - 2016-08-03 03:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-09 15:43 - 2016-08-03 03:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-09 15:43 - 2016-08-03 03:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-09 15:43 - 2016-08-03 03:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-09 15:43 - 2016-08-03 03:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-09 15:43 - 2016-08-03 03:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-09 15:43 - 2016-08-03 03:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-09 15:43 - 2016-08-03 03:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-09 15:43 - 2016-08-02 22:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-09 15:43 - 2016-08-02 22:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-09 15:43 - 2016-08-02 22:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-09 15:43 - 2016-08-02 22:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-04 16:35 - 2016-08-04 16:35 - 00000082 _____ C:\Users\JButler\AppData\Roaming\mbam.context.scan
2016-07-31 13:13 - 2016-07-31 13:13 - 00000000 ____D C:\WINDOWS\system32\config\SM Registry Backup
2016-07-31 13:13 - 2016-07-31 13:13 - 00000000 ____D C:\WINDOWS\system32\config\Before Compact
2016-07-31 12:37 - 2016-07-31 12:37 - 00000000 ____D C:\WINDOWS\system32\config\Original

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-29 17:07 - 2014-04-22 11:04 - 00000000 ____D C:\FRST
2016-08-29 17:01 - 2015-11-21 11:30 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA.job
2016-08-29 16:47 - 2012-04-03 22:56 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-29 16:40 - 2015-03-12 17:23 - 00000000 ____D C:\Program Files (x86)\Workspace
2016-08-29 16:39 - 2015-03-12 17:23 - 00000000 ____D C:\Users\JButler\Documents\Workspace Logs
2016-08-29 16:22 - 2016-03-05 10:45 - 00000000 ____D C:\ProgramData\Freemake
2016-08-29 16:17 - 2015-06-16 17:01 - 00000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA.job
2016-08-29 16:01 - 2015-11-21 11:30 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core.job
2016-08-29 14:05 - 2014-07-29 22:36 - 00000000 ___RD C:\Users\JButler\Dropbox
2016-08-29 00:17 - 2015-06-16 17:01 - 00000874 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core.job
2016-08-29 00:01 - 2011-10-06 16:07 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{68809F62-1306-49BA-99C4-8BAF2943F43D}
2016-08-28 23:42 - 2013-10-10 13:16 - 00000392 _____ C:\WINDOWS\SysWOW64\iolo.ini.txt
2016-08-28 23:41 - 2016-06-17 16:58 - 00000000 ___RD C:\Users\JButler\iCloudDrive
2016-08-28 23:38 - 2015-12-24 06:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-28 23:37 - 2015-10-30 00:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-08-28 22:06 - 2011-05-17 12:59 - 00000000 ____D C:\ProgramData\WildTangent
2016-08-28 22:06 - 2011-05-17 12:59 - 00000000 ____D C:\Program Files (x86)\HP Games
2016-08-28 22:06 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-08-28 21:29 - 2016-04-15 14:00 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-08-28 21:12 - 2013-10-10 12:47 - 00000000 ____D C:\ProgramData\iolo
2016-08-28 21:08 - 2015-12-24 05:56 - 00000000 ____D C:\Users\JButler
2016-08-28 21:06 - 2013-10-10 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional
2016-08-28 21:05 - 2015-10-30 01:24 - 00000000 __RSD C:\WINDOWS\Media
2016-08-28 21:05 - 2013-12-14 15:41 - 00003222 _____ C:\WINDOWS\System32\Tasks\iolo Process Governor
2016-08-28 21:05 - 2013-12-14 15:41 - 00000000 ____D C:\ProgramData\ioloGovernor
2016-08-28 15:21 - 2015-12-25 02:46 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-28 14:54 - 2016-03-09 18:43 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-08-28 14:53 - 2011-10-06 17:36 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-28 14:45 - 2009-07-13 21:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-08-28 14:44 - 2012-11-04 12:55 - 00002295 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-08-28 14:44 - 2011-10-06 17:35 - 00000000 ___RD C:\Users\JButler\Desktop\Utilities
2016-08-28 14:28 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-27 11:52 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-27 00:35 - 2015-05-14 21:10 - 00000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJButler.job
2016-08-27 00:28 - 2016-03-10 18:58 - 00000000 ____D C:\Users\JButler\AppData\Roaming\qBittorrent
2016-08-26 18:22 - 2015-10-18 09:20 - 00002409 ____N C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-26 18:22 - 2015-01-07 18:07 - 00000000 ___RD C:\Users\JButler\OneDrive
2016-08-26 17:28 - 2016-03-03 23:41 - 00000000 ____D C:\Program Files\Handbrake
2016-08-26 16:40 - 2016-03-11 07:15 - 00007318 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-26 16:29 - 2015-05-14 21:10 - 00003254 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJButler
2016-08-26 15:37 - 2015-12-24 05:43 - 00545368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-25 18:23 - 2015-09-29 18:56 - 00000000 ____D C:\Users\JButler\Desktop\CADD201
2016-08-25 16:37 - 2014-12-19 21:36 - 00000000 ____D C:\ProgramData\WinZip
2016-08-25 11:40 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-23 18:28 - 2012-06-22 15:59 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Dropbox
2016-08-22 16:56 - 2016-06-17 16:56 - 00003490 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-08-19 03:21 - 2012-09-28 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-13 00:57 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-10 18:43 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 18:43 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-09 20:01 - 2015-09-09 23:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-09 19:56 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-09 19:55 - 2015-10-30 03:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-09 19:55 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-09 16:50 - 2013-08-21 10:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-09 16:50 - 2011-10-09 00:03 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-31 13:36 - 2015-12-24 06:41 - 00000000 ___DC C:\WINDOWS\Panther
2016-07-31 13:36 - 2014-08-30 16:42 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Kodi
2016-07-31 13:12 - 2015-10-30 01:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-07-31 13:12 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\Offline Web Pages

==================== Files in the root of some directories =======

2012-10-12 11:38 - 2012-10-12 11:38 - 0000474 _____ () C:\Program Files (x86)\INSTALL.LOG
2012-10-12 11:38 - 1999-06-25 10:55 - 0149504 _____ () C:\Program Files (x86)\UNWISE.EXE
2016-08-04 16:35 - 2016-08-04 16:35 - 0000082 _____ () C:\Users\JButler\AppData\Roaming\mbam.context.scan
2012-10-05 13:45 - 2012-10-05 13:45 - 0003584 _____ () C:\Users\JButler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-16 14:21 - 2012-03-16 14:21 - 0000095 _____ () C:\Users\JButler\AppData\Local\fusioncache.dat
2012-10-10 12:30 - 2012-10-10 12:30 - 0000017 _____ () C:\Users\JButler\AppData\Local\resmon.resmoncfg
2016-06-04 00:55 - 2016-06-04 00:55 - 0000000 _____ () C:\Users\JButler\AppData\Local\{D4BA9573-CB99-4635-A967-719C89D162EA}
2015-08-16 13:51 - 2015-08-16 13:51 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-08-19 16:23 - 2016-08-19 16:23 - 0000004 __RSH () C:\ProgramData\sysqcl1129139270.dat

Files to move or delete:
====================
C:\ProgramData\sysqcl1129139270.dat
C:\Windows\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D}.job


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-29 14:34

==================== End of FRST.txt ============================
  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Additions.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-08-2016
Ran by JButler (29-08-2016 17:17:58)
Running from C:\Users\JButler\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-24 12:40:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2255940260-1588004598-2344460268-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2255940260-1588004598-2344460268-1005 - Limited - Enabled)
DefaultAccount (S-1-5-21-2255940260-1588004598-2344460268-503 - Limited - Disabled)
Guest (S-1-5-21-2255940260-1588004598-2344460268-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2255940260-1588004598-2344460268-1003 - Limited - Enabled)
JButler (S-1-5-21-2255940260-1588004598-2344460268-1001 - Administrator - Enabled) => C:\Users\JButler

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: System Shield (Enabled - Up to date) {51A1F251-72D6-FBFA-1969-EBE1F52F559F}
AS: System Shield (Enabled - Up to date) {EAC013B5-54EC-F474-23D9-D0938EA81F22}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
A360 Desktop (HKLM\...\{A74E6AC6-623F-4DFE-B362-32C7986EE871}) (Version: 6.2.10.1700 - Autodesk)
ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Android Sync Manager WiFi (HKLM-x32\...\{13D946AF-DAD9-0200-0000-000000000000}) (Version: 11.10.2763 - Mobile Action)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft PhotoImpression 6 (HKLM-x32\...\{D03E7B00-CA85-4684-9321-1888873C34BD}) (Version: 6 - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version: - ArcSoft)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.102 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 6.0.108.150 - Autodesk)
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
Autodesk ReCap 2016 (Version: 1.5.0.33 - Autodesk) Hidden
Avantage d'Or / Golden Edge (HKLM-x32\...\{0AE17B00-31FA-11D6-BED9-000629F77048}) (Version: - )
AVS Media Player 4.1.9.95 (HKLM-x32\...\AVS Media Player_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVSDK5 (Version: 5.4.11 - CYREN Inc.) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{F315BB02-95E7-4937-88FA-5DAC15E7DA2B}) (Version: 2.26.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.3.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.6.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.3.0 - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.02 - Canon Inc.)
Canon MX490 series On-screen Manual (HKLM-x32\...\Canon MX490 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon MX490 series User Registration (HKLM-x32\...\Canon MX490 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.)
CenoPDF (32-bit) (x32 Version: 3.6.230.0 - Lystech Computing) Hidden
CenoPDF v3.6.230.0 (HKLM-x32\...\{446a474f-287b-4c98-8036-2dd6bbaf6dfb}) (Version: 3.6.230.0 - Lystech Computing)
CGS17_Setup_x64 (Version: 17.6 - Corel Corporation) Hidden
Comic Life (HKLM-x32\...\{6A1F0A1A-474C-4151-8534-5F61832D88CD}) (Version: 1.3.6 - plasq)
Corel Graphics - Windows Shell Extension (HKLM\...\_{52166132-E642-447F-9785-F9133563CE59}) (Version: 17.6.0.1021 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.6.1021 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.6.1021 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - BR (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - ES (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FR (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1.0.843 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.6.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.6.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.6.0.1021 - Corel Corporation)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4305 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
deskPDF Studio X (HKLM-x32\...\deskPDF Studio_is1) (Version: - Docudesk)
direcTORY Application (HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\121406415.www.c-vote.ca) (Version: - www.c-vote.ca)
D-Link DWA-171 Wireless AC Dual Band Adapter (HKLM-x32\...\{5F1C0C6E-0E47-4D60-8971-6EF9FC439B8B}) (Version: 1 - D-Link)
Dropbox (HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
EPSON Print CD (HKLM-x32\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.60.000 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON Stylus Photo RX680 Series Scanner Driver Update (HKLM-x32\...\{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}) (Version: - )
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Fitbit Connect (HKLM-x32\...\{D626E72A-ED95-489A-9B8B-0B2A7B649A85}) (Version: 2.0.0.6518 - Fitbit Inc.)
Foxit Phantom (HKLM\...\{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}) (Version: 2.2.0225 - Foxit Software Company)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}) (Version: 1.2.0.0 - Hewlett-Packard)
HP LaserJet Professional CP1520 Series (HKLM-x32\...\{5C069542-CA13-4f1b-B90C-28C6430F4992}) (Version: - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro X476dw MFP Basic Device Software (HKLM\...\{39A2D5AC-305A-4FAD-8845-4CC8C76C0BE2}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Officejet Pro X476dw MFP Help (HKLM-x32\...\{D99D6F87-451C-4BCF-8053-DC62C8E341B9}) (Version: 29.0.0 - Hewlett Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.5.26.37 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{E15C68A1-9CA5-44AC-A7F7-6C0673F196A8}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJUT (HKLM-x32\...\{229D6185-BD7E-494B-A73B-C5215BE0690E}) (Version: 1.00.0008 - HP)
hppCP1520LaserJetService (x32 Version: 001.007.00319 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.007.00397 - Hewlett-Packard) Hidden
hppTLBXFXCP1520 (x32 Version: 001.007.00647 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 006.007.00770 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6423.0 - IDT)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 15.5.0 - iolo technologies, LLC)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kies Air Discovery Service (HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Kies Air Discovery Service) (Version: - Samsung)
Kobo (HKLM-x32\...\Kobo) (Version: 3.1.5 - Kobo Inc.)
Kodi (HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Kodi) (Version: - XBMC-Foundation)
Licensing Service (03000201) (x32 Version: 03.00.02.15 - Protexis Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2016 (HKLM-x32\...\{9C637A56-4287-487F-95BF-1422FC1AA879}) (Version: 17.0.04500 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Nero Self Extractor 12.0.3.0 (HKLM-x32\...\Nero Self Extractor 12.0.3.0) (Version: 12.0.3.0 - Nero Self Extractor)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
Player (HKLM-x32\...\Player) (Version: - )
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
Product Improvement Study for HP Officejet Pro X476dw MFP (HKLM\...\{3531419E-DA6B-45DD-BFF7-9105F1A67807}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RegimeRetraiteIndividuel (HKLM-x32\...\{09064D50-FF4A-407C-9B13-15B9D231EBA2}) (Version: - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RPS CRT (x32 Version: 9.0.48 - TELUS) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SetupCrystalReports (HKLM-x32\...\{DE723887-712F-499D-8B82-5A1EC8F46062}) (Version: 1.0.0 - DSF)
Shopping Helper Smartbar Engine (HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\{2cdca571-9571-43bf-8129-ad453d9a55c8}) (Version: 10.215.63.15249 - ReSoft Ltd.) <==== ATTENTION
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden
StudioTax 2014 (HKLM-x32\...\{41720083-9D3D-46C1-B01A-D29BE92C80B6}) (Version: 10.0.6.1 - BHOK IT Consulting)
StudioTax 2015 (HKLM-x32\...\{38A3BBA2-1AA6-4DCC-AABF-ECDC37C6B3DB}) (Version: 11.0.5.1 - BHOK IT Consulting)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
System Mechanic 12 Professional (x32 Version: 15.5.0 - ) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.6.1 - Tweaking.com)
TweetDeck (HKLM-x32\...\{FA6381E9-96D2-4F6F-866C-4D16E5986FF6}) (Version: 2.7.1 - Twitter, Inc.)
VIO Player version 1.2 (HKLM-x32\...\{2A9009E1-122C-4692-B442-A750C0DE7BA1}_is1) (Version: 1.2 - VIO Player)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinX DVD Ripper Platinum 7.5.13 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
WinZip 20.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24105}) (Version: 20.5.12118 - WinZip Computing, S.L. )
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Wondershare DVD Creator(Build 3.4.0) (HKLM-x32\...\Wondershare DVD Creator_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
WOT for Internet Explorer (HKLM\...\{C0DA129B-1E45-494D-A362-5CD0109C306B}) (Version: 11.11.7.0 - WOT Services Oy)
Yahoo! Powered (HKLM-x32\...\winsearch) (Version: - )
ZoomExpressKeyView14.1 (HKLM-x32\...\{C007CFA1-FC3C-49B8-8D30-DB5BF3396632}) (Version: 14.1.04 - ...)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\JButler\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JButler\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {032FF7FB-8F4A-422E-A149-59576FB52AEC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {0672D3D5-C923-4E23-90AD-04E329E73C4F} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {0B7AC043-D85E-4F57-8E74-8BA2FAB6615C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {0BFBFB4D-FEE6-4837-A47B-ED7DCD36F002} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {12BBACE1-BF60-4E17-84EE-D1C66B77E7A5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1B5C2A26-AA64-4688-A4D4-A630F7020BC2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {1BA50F2C-AFF8-4F0B-A939-A8ACA1A54356} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-09] (Microsoft Corporation)
Task: {218F1E4C-A15B-4C7F-A40B-CA86BDFA00D6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {22411407-511C-4312-8099-E7924A68EF50} - System32\Tasks\{E7AD7AB2-8D65-4874-822D-3B6245BD1D64} => pcalua.exe -a C:\WINDOWS\75d20eaa396690e6ab4815c7a42ca198.exe -d C:\Windows\ImmersiveControlPanel
Task: {24B86B2D-CD7D-4DB5-9834-04906FC2F158} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core => C:\Users\JButler\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-21] (Google Inc.)
Task: {25A0BFC4-3CB9-46E5-BA48-2BCA172F39A3} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {29013EC2-5113-42AF-BB44-F1594232C723} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3009EF85-AEFA-4DD3-BED6-6397266DB0C3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA => C:\Users\JButler\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {3A82BBE0-C3B3-42F9-A9A4-1D23C8696413} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {3CE1158D-158A-453E-84EF-8C334C9EDD2C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {3F7D4E45-3BCE-49AE-A59A-772F9276F7F9} - System32\Tasks\{3C168FBD-975E-4E72-80D7-67CC0591F7D3} => pcalua.exe -a C:\Users\JButler\Downloads\InstallInSync324.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {3FDA38DA-37F2-4FF3-B53C-25B907C62F74} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {43F48598-6B90-4B51-9055-DE0AA287A089} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {44CC7AA6-29D9-4E28-A3FB-763ECC39214C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {458723E2-28EC-4592-B2E6-CCBE7F21D9F4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {479222BC-8036-4A0D-A208-9662B826B4D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {49275A7C-3F56-4DA4-A6D9-315831D580B8} - System32\Tasks\FaxApplications.exe_{E4FCF074-00C3-439E-A8BA-34311A80C2B5} => C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\FaxApplications.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {4BE80749-44F3-4B95-B551-EFE245E5C503} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {4EAF5005-1C1E-49C5-8F7E-FA52F84CAFC0} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {504D6BD9-9F53-4AB1-B022-333FB258B369} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {533F31B9-17FD-4A74-B40D-BA4DE7FC2BA8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {597016BC-C9C0-4CE1-9258-3AB43B7B4390} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5BBCF1C6-B051-4CFD-81C5-615F7AD7E12A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {5F3258DB-B6E7-45B3-B3E4-832429355F16} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {5FC50BBF-C91E-4D98-A69B-22386376CDA5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {64958502-564C-4615-8F1D-B9C0E3A8888A} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2016-02-19] (iolo technologies, LLC)
Task: {673484DA-11F6-41A4-A8EA-2347D6B22DC9} - System32\Tasks\HPCeeScheduleForJButler => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {68444FA3-025E-4119-AD1C-E8D029529F69} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6A69FF7B-618E-478F-B7FF-172C75ABF0B1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6AC19412-E143-4BA5-BE36-595319871724} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2016-03-01] (Nero AG)
Task: {6B0AC538-663D-4BF8-9ABB-1CF2C92923ED} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {6DA486F9-52D5-483F-8C23-AFF9BF3E61E9} - System32\Tasks\{B9C883CF-FFE6-42AE-8B5F-5A3E67539BF0} => pcalua.exe -a C:\Users\JButler\AppData\Local\{2F341968-0B9C-75D0-6604-5038426CACA0}\uninst.exe -c -FN="C:\Users\JButler\AppData\Roaming\{2F6919D2-0A3B-74A4-610D-5376BDDFAE48}\SyncTask.exe"-P=/Uninstall /s /noun /DelSelfDir
Task: {6DBF2317-7A17-4B9E-BE6B-E85079B052F4} - System32\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D} => C:\Users\JButler\AppData\Roaming\{2F691~1\SyncTask.exe [2013-04-25] () <==== ATTENTION
Task: {7928B189-420F-4218-8D5C-57EF5698838F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7F5D594F-F232-48C3-9ACC-AF6DC3768302} - System32\Tasks\{BC45F2BC-BDEF-4171-B119-5536EEB7702D} => pcalua.exe -a C:\Users\JButler\Desktop\AMV95Setup.exe -d C:\Users\JButler\Desktop
Task: {8117C21D-4376-46FB-925A-B9E293713691} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {87876009-4FE2-4836-9988-5BA63F63FA54} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {87E11C20-456F-458B-80D1-7BA3161E3D16} - System32\Tasks\{590280A9-2B45-49CC-AE52-D87180C79760} => pcalua.exe -a "C:\Program Files\Handbrake\uninst.exe"
Task: {8A4E1821-2723-47B8-9B0A-03D4AF574D9D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8A996289-3D89-412B-88D1-E069368B15C9} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {8F05D060-FF41-49BE-A7D9-C9B25E69D5D1} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {9148ACD7-429F-48ED-9031-79AF4568745B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {9349A0AE-8611-467E-BC1E-BC09F04A702A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {94C0A6DC-C763-419E-B8C3-2B5DF0555BAC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {9D5D8B64-3BA8-4A0D-9C73-20875EF72DF5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {AB1F7109-88BC-4CAA-9F75-3EB96E4A9176} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {AE68B485-5057-47B9-B5E0-4A0C4F8E3A83} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {B2686D9A-ED77-4DC7-9BD8-5D8DACD81CFE} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {B5733E3F-1289-46EF-BF71-7A33E221F387} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {B5BA9E8B-9839-432C-B9BF-0DCD95564D9C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA => C:\Users\JButler\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-21] (Google Inc.)
Task: {B9315AEE-9F62-4BB6-B0FA-F84211803CD4} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BD791F1A-9F77-4400-8CDA-A1D7E0AA1EA8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C2239A6F-144D-43E2-BB85-0C07D7CD2E28} - System32\Tasks\HPCustParticipation HP Officejet Pro X476dw MFP => C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {C897FA96-84BB-465B-98D7-B2A5D944EFAB} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-04-22] (Apple Inc.)
Task: {C89DD698-504F-4039-86FF-601D66E3760E} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-05-02] (Hewlett Packard)
Task: {C8D9FBC8-BFA2-4DAE-9D59-3C505CC32EBF} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {CC1C55FD-EC90-47A1-BDDF-C42DF09F642A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {CCB6F37C-879F-48CF-9E29-983551D8EF17} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {D19FE2FB-5C76-4F71-BBF8-3B63AE529618} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {D2F270C6-BD35-4FB4-AAB0-F86CC297540A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core => C:\Users\JButler\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {D31282A1-4D5E-4212-8924-E57DBD5C557C} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-26] (Microsoft Corporation)
Task: {D6B2AF60-9F01-4692-85B7-733C92556F09} - System32\Tasks\{1010F0F3-84B5-4DED-AC92-802C0B6FF4A4} => pcalua.exe -a C:\PROGRA~1\DIFX\B60D12~1\DPInst64.exe -c /u C:\Windows\System32\DriverStore\FileRepository\leapfrog-02-03-05-012-1373324.inf_amd64_neutral_8d32ba055a076abd\leapfrog-02-03-05-012-1373324.inf
Task: {D80BD92A-0111-4D59-8B52-D189288580E0} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe
Task: {D931E858-733D-427B-9F68-E1E097E77B7C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {DFBEF069-17B6-487D-9747-5049CF4E23A0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-07-06] (CyberLink)
Task: {E3403E52-AD30-4974-BE5E-6B3D02170491} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {E84C1363-6C49-4FBE-A1D3-40B91FB4AA1C} - System32\Tasks\{663009E6-25DC-4C8A-B006-F13E3799DA9F} => pcalua.exe -a C:\Users\JButler\Downloads\Inforce_13.exe -d C:\Users\JButler\Downloads
Task: {EDB20B8F-28A4-4472-89E1-33A40F028DCB} - System32\Tasks\Adobe => C:\Users\JButler\AppData\Local\Temp\keye.exe <==== ATTENTION
Task: {EF962840-5DBD-4D5D-9AD6-0894B6270B2A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core => C:\Users\JButler\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {F96B678B-B478-4542-8C21-8712EAC66E5C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FB3924D7-2DAD-4DC1-9C2D-8BF96EDCE55D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FD539FCE-A3F8-4931-97D7-B56BFEB21D5C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core.job => C:\Users\JButler\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA.job => C:\Users\JButler\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core.job => C:\Users\JButler\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA.job => C:\Users\JButler\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJButler.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D}.job =>

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\JButler\Desktop\Utilities\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\JButler\Desktop\Utilities\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\JButler\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\JButler\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\JButler\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()

ShortcutWithArgument: C:\Users\JButler\Desktop\Sweet Home 3D.lnk -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\javaws.exe (Oracle Corporation) -> -localfile -offline -J-Djnlp.application.href=hxxp://www.sweethome3d.com/SweetHome3D.jnlp "C:\Users\JButler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\247e2df4-1f577b90"
ShortcutWithArgument: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\direcTORY Application.lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 121406415.www.c-vote.ca
ShortcutWithArgument: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eTeks Sweet Home 3D\Sweet Home 3D.lnk -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\javaws.exe (Oracle Corporation) -> -localfile -offline -J-Djnlp.application.href=hxxp://www.sweethome3d.com/SweetHome3D.jnlp "C:\Users\JButler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\247e2df4-1f577b90"
ShortcutWithArgument: C:\Users\JButler\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-21 23:09 - 2015-08-21 23:09 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 08:08 - 2014-02-11 08:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 08:08 - 2014-02-11 08:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-08-21 23:09 - 2015-08-21 23:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-04-15 15:45 - 2014-05-15 19:25 - 00084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2016-07-13 00:27 - 2016-06-30 22:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 00:27 - 2016-06-30 22:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-08-26 18:21 - 2016-08-26 18:21 - 01864384 _____ () C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-10-30 01:18 - 2015-10-30 01:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2015-12-24 14:53 - 2015-12-06 22:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 00:29 - 2016-06-30 21:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 00:27 - 2016-06-30 21:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 00:27 - 2016-06-30 21:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 00:27 - 2016-06-30 21:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 00:27 - 2016-06-30 21:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-21 23:09 - 2015-08-21 23:09 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-04-19 17:55 - 2016-04-19 17:56 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-08-15 18:30 - 2016-08-15 18:30 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-15 18:30 - 2016-08-15 18:30 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-02 18:12 - 2016-06-02 18:12 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-03-03 17:50 - 2016-03-03 17:51 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-08-24 16:51 - 2016-08-24 16:51 - 03763712 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
2012-05-02 14:29 - 2012-03-11 14:56 - 00086608 _____ () C:\WINDOWS\System32\cpwmon64.dll
2014-04-23 14:58 - 2013-06-17 17:40 - 00035944 _____ () C:\Windows\system32\ddmon4-64x.dll
2016-06-04 21:55 - 2016-03-23 04:02 - 00110608 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2016-06-04 21:55 - 2016-03-23 04:02 - 00061968 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2016-08-26 18:20 - 2016-08-26 18:20 - 01383616 _____ () C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-26 18:20 - 2016-08-26 18:20 - 00118976 _____ () C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-08-08 16:28 - 2016-08-02 18:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 16:28 - 2016-08-02 18:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 00244024 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-08-23 18:27 - 2016-07-11 20:07 - 00035792 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00145864 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00019408 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00116688 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-08-23 18:27 - 2016-07-11 20:07 - 00100296 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00018888 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\select.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00019760 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00694224 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00020816 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00123856 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 01682760 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00020808 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00021312 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00052024 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00105928 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00025424 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00038696 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00392144 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-08-23 18:27 - 2016-07-11 20:09 - 00020936 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00024528 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00114640 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00381752 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00124880 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00024016 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00175560 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00030160 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00043472 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00048592 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00026456 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00057808 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00024016 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00246592 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00028616 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00020800 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00019776 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00020800 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00144848 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-08-23 18:27 - 2016-07-11 20:08 - 00241104 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00020280 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00023376 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00350152 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00022352 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00024392 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00036296 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\librsync.dll
2016-08-23 18:27 - 2016-08-23 17:17 - 00031568 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2016-08-23 18:27 - 2016-08-23 17:02 - 00293392 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2016-08-23 18:27 - 2016-08-23 17:17 - 00084280 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-08-23 18:27 - 2016-08-23 17:17 - 01826096 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00083912 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\sip.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 03929392 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 01972016 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00531248 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00132912 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00224056 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00207672 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00020288 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00060880 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00037192 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00024904 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00546096 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00357680 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00168248 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00042808 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-06-04 21:55 - 2013-09-23 11:52 - 00043912 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_MFCMigrationFramework_Ad_2.dll
2016-06-04 21:55 - 2015-11-05 06:07 - 00052224 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qoauth_Ad_1.dll
2016-06-04 21:55 - 2015-11-05 06:07 - 00195584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson_Ad_0.dll
2016-06-04 21:55 - 2015-11-05 06:07 - 00742400 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qca_Ad_2.dll
2016-06-04 21:55 - 2016-03-23 03:35 - 00284608 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\en-US\AdWingManRes.dll
2016-06-04 21:55 - 2015-09-08 00:31 - 40640808 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libcef.dll
2016-06-04 21:55 - 2014-09-02 18:29 - 00912384 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libglesv2.dll
2016-06-04 21:55 - 2014-09-02 18:29 - 00134144 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libegl.dll
2016-06-04 21:55 - 2014-09-02 18:29 - 00950272 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\ffmpegsumo.dll
2016-04-19 17:55 - 2016-04-19 17:56 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 17:55 - 2016-04-19 17:56 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\Users\JButler\AppData\Local\Temp:{34004D00-5100-3800-4500-650042004E00} [192]
AlternateDataStreams: C:\Users\JButler\AppData\Local\Temp:{6F004C00-4500-7100-7100-2B0069007500} [664]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2016-08-25 20:03 - 00000853 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254 - 75.153.171.114
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\StartupApproved\Run: => "deskPDF Creator"
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\StartupApproved\Run: => "DiamondView"
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\StartupApproved\Run: => "Dropbox Update"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{9A4CE18C-89B9-43AC-BF9D-CC0C46A96267}] => (Block) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{B4BB3C5D-16F2-426B-AADE-F0C5FB1006C4}] => (Block) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{61C3FE30-69BA-4FE0-AFF4-A17B923F8C2A}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{5CC04526-2F8B-4FA7-A77E-9A5801B3A3A3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{3E12A13B-E544-4FCD-90B5-B711B34435AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7E758B92-90B3-4AB3-B6F8-1F552640E47C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7452C170-2E01-434D-ABD2-463D12A75C82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DFDBFC09-0B97-4318-9435-47B311EB198A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5A8E6DD-0F69-4695-AAB9-0F4038F5E2F9}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{EDCF9443-1BBD-4478-AFBB-3B229F3FDA56}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{DF765507-946B-4DE8-BEA2-2BA562CBADD1}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{1D1A38E2-2390-47B2-A906-430C23648210}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{18DDC92A-D9D3-40AE-9A99-AAD3B91472C6}] => (Allow) C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe
FirewallRules: [{40C8CF68-71F9-42CC-8B3E-8019A4DF677D}] => (Allow) C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe
FirewallRules: [{351861F3-3379-494A-AFF4-F69F0DF4A182}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{097B0F34-D9B9-41D9-89A0-A7FAD400B2B4}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{8234CB96-F0C9-4C33-B02D-F4754FD2B766}] => (Allow) c:\users\jbutler\appdata\roaming\allmyapps\allmyapps.exe
FirewallRules: [{894A9A89-B5DF-40AE-A4DF-EA0BC58F04E2}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{EE25172D-EC22-464D-ADA2-F4DA89B9074D}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{10423B55-CF7D-4ED0-BBB3-0417C8311405}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
FirewallRules: [{AB553565-1E17-4D18-A7E7-EBEFAB565EC9}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
FirewallRules: [TCP Query User{D664876B-8CA0-4640-9F0A-8AF767EEE013}C:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{805B0B07-CB10-4052-B1BE-5E17E4CB32A6}C:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{B3F53259-CD56-48CB-A045-6A3137B7B660}C:\users\jbutler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\jbutler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{E207F3C7-5CE7-4B83-93E2-37AF0E22E576}C:\users\jbutler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\jbutler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{8D28E559-4463-4654-B05B-84D89415B5D8}C:\users\jbutler\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\jbutler\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{565D6609-C2F4-4272-8307-D201949A6A12}C:\users\jbutler\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\jbutler\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [{303BB543-FB5A-450D-96F6-48B23DAD6A47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AE1B6A92-99D9-4A07-A12F-09D9140A3B1E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{40CD332C-CA79-49C7-B043-0055840EEE1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A5BB1022-8486-4249-951A-FFA314D3D9A2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0BC130D-3D11-46D4-9008-216797D30948}] => (Allow) C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4E24283D-F8BB-4690-84E4-9AD775A20B59}] => (Allow) C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{FA5AD1B6-84DA-47F8-B4EC-0AD195A996B3}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [UDP Query User{2CF6DD1E-A946-4FF6-9453-88FB3A81C254}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{B2453638-37C5-4D6C-808C-EFAAAD1A45EF}] => (Allow) C:\Users\JButler\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{9D936E3D-427C-40C4-A3C4-918B135C6B5E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C5847BEC-72CD-4ABD-B568-23935A4872B5}] => (Allow) LPort=2869
FirewallRules: [{54EB54DE-AF1C-42E0-98A8-402BCE2CE5AE}] => (Allow) LPort=1900
FirewallRules: [{05FDD273-04E2-4254-824B-1A1A2BEC1B1F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{808CA976-56C1-4BDC-8608-23D0322FB37C}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [UDP Query User{5AFE3CCE-B0D4-46D1-A704-C0B03B3F6CCE}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{EAA4C18E-FF9E-45C7-BACE-4A2183D941E4}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{1758033F-747C-4273-8F59-AA099C23FF11}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{8C398438-E510-4C6B-AAA1-FBE3C0AC2199}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\bin\FaxApplications.exe
FirewallRules: [{C0D615E5-F11F-44E1-A1A2-65DDD3C79898}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\bin\DigitalWizards.exe
FirewallRules: [{4DDF382C-2541-4BED-A8B8-77C09C762C1B}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\bin\SendAFax.exe
FirewallRules: [{B007FD2E-000A-4FDF-B908-6B02CF9E5AAA}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\DeviceSetup.exe
FirewallRules: [{E29A31BA-94E4-400E-A5EB-DF578DE7686C}] => (Allow) LPort=5357
FirewallRules: [{6035340E-289E-42FD-AF3A-E4D455071F93}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{4FC1E9F0-4EFB-4F22-99D1-CCD30CD7E404}C:\users\jbutler\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jbutler\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{09BA0549-246A-4FCA-868E-81E5AD10CD77}C:\users\jbutler\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jbutler\appdata\local\akamai\netsession_win.exe
FirewallRules: [{58EDA83C-4734-49C1-8643-47B638781279}] => (Block) C:\users\jbutler\appdata\local\akamai\netsession_win.exe
FirewallRules: [{E9B536EA-2C35-474A-96EE-4C0C44C3276D}] => (Block) C:\users\jbutler\appdata\local\akamai\netsession_win.exe
FirewallRules: [{E2333097-495F-4142-855B-A8110785CE77}] => (Allow) LPort=50248
FirewallRules: [{B78715E0-C55A-46A6-AEC9-C69282087843}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{7ED169C8-1ED3-4D1F-A482-F78EF2B445CE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{D873E428-03C9-4F8F-A2B4-46535A8D03A3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{F1300B25-94A9-4CC9-B80D-5335897880B9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{CDA68E17-51D7-40DE-B491-7924526FEA9B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{F04D2505-6E43-46BB-92B1-53D465BB2799}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{A3BFCAD9-AB6E-48C1-A54A-081652ECB556}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
FirewallRules: [{E2B2A5E8-55A2-466C-AD9B-B35AB776C6FB}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
FirewallRules: [{31566EDC-F94F-4092-9540-9EE1C2D632E2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{4E60A968-BB00-44E8-A77E-5A0CE39C2630}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{4FCC11DE-615B-4E80-8A52-3F9A804D2FB0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{52F368B3-520F-4ACF-9AA0-5B9C80611566}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{F71C86A1-5914-41DD-9055-6B99AD5BBC30}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{AC30DD3E-7CD8-441D-BCC4-CE81ADD30FEE}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{86A3BBBD-7002-4515-90EF-50C5D8D921AE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{306464D5-FEF8-48D9-BE48-60B622728444}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{00897D3F-0C59-44F2-8A54-A3A975CD20B1}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{49940FCC-A7D7-428B-A88A-030AF883BBAA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E47EB17F-E38F-4DD8-BB8D-41199A48066C}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{380A8686-DC2A-49B4-864F-65DE5E42EAAF}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{5A32EC2E-76C8-4365-BF30-29F418CAF16C}] => (Allow) C:\Program Files (x86)\Nero\KM\MediaHome.exe
FirewallRules: [{4BCC47FC-7731-4F6E-B288-42476BF680EC}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{F4B9B381-7FBE-4925-A2A7-860C76BEB984}] => (Allow) C:\Users\JButler\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{1325C87E-98AC-4583-BB63-581C47327D5B}] => (Allow) C:\Users\JButler\AppData\Local\Temp\MPCOnline\MPCDownload.exe

==================== Restore Points =========================

29-08-2016 00:25:17 Installed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/29/2016 05:24:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Connect.Service.ContentService.exe, version: 20.1.49.0, time stamp: 0x54d43c57
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffbf969d1ed
Faulting process id: 0x129c
Faulting application start time: 0x01d2024c822fb9d6
Faulting application path: C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
Faulting module path: unknown
Report Id: fe926d5d-7083-4d91-bde5-23bfc1df7b0c
Faulting package full name:
Faulting package-relative application ID:

Error: (08/29/2016 05:24:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Connect.Service.ContentService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at System.Data.SqlServerCe.SqlCeException.ToString()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (08/29/2016 05:24:37 PM) (Source: Autodesk Content Service) (EventID: 0) (User: )
Description: UNHANDLED EXCEPTION. Process is terminating: True.
EXCEPTION: System.NullReferenceException: Object reference not set to an instance of an object.
at System.Data.SqlServerCe.SqlCeException.ToString()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (08/29/2016 05:24:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Connect.Service.ContentService.exe, version: 20.1.49.0, time stamp: 0x54d43c57
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffbf96cd1ed
Faulting process id: 0x10bc
Faulting application start time: 0x01d2024c7afe5613
Faulting application path: C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
Faulting module path: unknown
Report Id: e7e17648-4344-41e8-9785-a352fcbf38a0
Faulting package full name:
Faulting package-relative application ID:

Error: (08/29/2016 05:24:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Connect.Service.ContentService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at System.Data.SqlServerCe.SqlCeException.ToString()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (08/29/2016 05:24:25 PM) (Source: Autodesk Content Service) (EventID: 0) (User: )
Description: UNHANDLED EXCEPTION. Process is terminating: True.
EXCEPTION: System.NullReferenceException: Object reference not set to an instance of an object.
at System.Data.SqlServerCe.SqlCeException.ToString()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (08/29/2016 05:24:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Connect.Service.ContentService.exe, version: 20.1.49.0, time stamp: 0x54d43c57
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffbf96cd1ed
Faulting process id: 0x22bc
Faulting application start time: 0x01d2024c73cdc589
Faulting application path: C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
Faulting module path: unknown
Report Id: e805b5c8-e491-4c3b-9a4e-7a9535113e85
Faulting package full name:
Faulting package-relative application ID:

Error: (08/29/2016 05:24:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Connect.Service.ContentService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
at System.Data.SqlServerCe.SqlCeException.ToString()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (08/29/2016 05:24:13 PM) (Source: Autodesk Content Service) (EventID: 0) (User: )
Description: UNHANDLED EXCEPTION. Process is terminating: True.
EXCEPTION: System.NullReferenceException: Object reference not set to an instance of an object.
at System.Data.SqlServerCe.SqlCeException.ToString()
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (08/29/2016 05:24:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Connect.Service.ContentService.exe, version: 20.1.49.0, time stamp: 0x54d43c57
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ffbf96cd1ed
Faulting process id: 0x2a18
Faulting application start time: 0x01d2024c6cb19aaf
Faulting application path: C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
Faulting module path: unknown
Report Id: e9ff1709-989a-4da3-880c-4897a7a7b391
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (08/29/2016 05:24:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Autodesk Content Service service terminated unexpectedly. It has done this 5287 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/29/2016 05:24:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Autodesk Content Service service terminated unexpectedly. It has done this 5286 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/29/2016 05:24:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Autodesk Content Service service terminated unexpectedly. It has done this 5285 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/29/2016 05:24:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Autodesk Content Service service terminated unexpectedly. It has done this 5284 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/29/2016 05:23:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Autodesk Content Service service terminated unexpectedly. It has done this 5283 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/29/2016 05:23:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Autodesk Content Service service terminated unexpectedly. It has done this 5282 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/29/2016 05:23:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Autodesk Content Service service terminated unexpectedly. It has done this 5281 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/29/2016 05:23:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Autodesk Content Service service terminated unexpectedly. It has done this 5280 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/29/2016 05:23:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Autodesk Content Service service terminated unexpectedly. It has done this 5279 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/29/2016 05:22:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Autodesk Content Service service terminated unexpectedly. It has done this 5278 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2016-08-11 11:42:34.497
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-09 20:01:16.319
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-14 20:37:43.210
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-13 03:40:54.563
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-16 23:35:36.040
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-15 20:24:57.111
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-15 20:21:08.466
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-27 18:38:39.276
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-13 20:33:37.761
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-13 16:23:26.112
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A6-3400M APU with Radeon™ HD Graphics
Percentage of memory in use: 48%
Total physical RAM: 5610.9 MB
Available physical RAM: 2879.39 MB
Total Virtual: 11242.9 MB
Available Virtual: 7685.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:682.79 GB) (Free:419.54 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.55 GB) (Free:1.64 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A626DF5C)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=682.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End of Addition.txt ============================
  • 0

#6
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts

Thanks!


  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Please uninstall this program
Shopping Helper Smartbar Engine

Next

Download the enclosed => file.Attached File  fixlist.txt   9.47KB   144 downloads Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.
  • 0

#8
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts

Smartbar engine uninstalled..

 

FixLog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-08-2016
Ran by JButler (29-08-2016 19:17:16) Run:3
Running from C:\Users\JButler\Desktop
Loaded Profiles: JButler (Available Profiles: JButler & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Policies\Explorer: []
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll No File
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {EDFBB4EE-982F-443F-9340-23CB4FD46E9A} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_34&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DtD0D0Fzy0AyB0B0E0EyEtAyBtCzy0EtN0D0Tzu0StCyCzyzztN1L2XzutAtFtByEtFyCtFzytN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtAtDtD0CtCtAzztGtAyE0EyDtG0EtCyDzytGtByB0FyEtGtBtCyBtAyDtD0AtDtAyDyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0EyB0E0FyDyEtCtGyC0CyEyDtGyEtBtAzytG0A0A0B0AtG0E0FyC0FtCtB0Czz0F0AyByB2QtN0A0LzutBtN1B2Z1V1T1S1NzutBtAyBtB%26cr%3D916518046%26a%3Dwbf_fs_16_34%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
Toolbar: HKU\.DEFAULT -> No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - <no Path/update_url>
U3 idsvc; no ImagePath
S3 vpnva; \SystemRoot\System32\drivers\vpnva64-6.sys [X]
Task: {12BBACE1-BF60-4E17-84EE-D1C66B77E7A5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {43F48598-6B90-4B51-9055-DE0AA287A089} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {458723E2-28EC-4592-B2E6-CCBE7F21D9F4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {597016BC-C9C0-4CE1-9258-3AB43B7B4390} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {68444FA3-025E-4119-AD1C-E8D029529F69} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6A69FF7B-618E-478F-B7FF-172C75ABF0B1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6DBF2317-7A17-4B9E-BE6B-E85079B052F4} - System32\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D} => C:\Users\JButler\AppData\Roaming\{2F691~1\SyncTask.exe [2013-04-25] () <==== ATTENTION
Task: {7928B189-420F-4218-8D5C-57EF5698838F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {BD791F1A-9F77-4400-8CDA-A1D7E0AA1EA8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {EDB20B8F-28A4-4472-89E1-33A40F028DCB} - System32\Tasks\Adobe => C:\Users\JButler\AppData\Local\Temp\keye.exe <==== ATTENTION
C:\Users\JButler\AppData\Local\Temp\keye.exe
Task: {F96B678B-B478-4542-8C21-8712EAC66E5C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FD539FCE-A3F8-4931-97D7-B56BFEB21D5C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\Users\JButler\AppData\Local\Temp:{34004D00-5100-3800-4500-650042004E00} [192]
AlternateDataStreams: C:\Users\JButler\AppData\Local\Temp:{6F004C00-4500-7100-7100-2B0069007500} [664]
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\off0" => key removed successfully
"HKCR\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\off1" => key removed successfully
"HKCR\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}" => key removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EDFBB4EE-982F-443F-9340-23CB4FD46E9A}" => key removed successfully
HKCR\CLSID\{EDFBB4EE-982F-443F-9340-23CB4FD46E9A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
HKCR\Wow6432Node\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found. 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} => value removed successfully
HKCR\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03} => key not found. 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih" => key removed successfully
idsvc => service removed successfully
vpnva => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12BBACE1-BF60-4E17-84EE-D1C66B77E7A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12BBACE1-BF60-4E17-84EE-D1C66B77E7A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43F48598-6B90-4B51-9055-DE0AA287A089}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43F48598-6B90-4B51-9055-DE0AA287A089}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{458723E2-28EC-4592-B2E6-CCBE7F21D9F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{458723E2-28EC-4592-B2E6-CCBE7F21D9F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{597016BC-C9C0-4CE1-9258-3AB43B7B4390}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{597016BC-C9C0-4CE1-9258-3AB43B7B4390}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68444FA3-025E-4119-AD1C-E8D029529F69}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68444FA3-025E-4119-AD1C-E8D029529F69}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A69FF7B-618E-478F-B7FF-172C75ABF0B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A69FF7B-618E-478F-B7FF-172C75ABF0B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DBF2317-7A17-4B9E-BE6B-E85079B052F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DBF2317-7A17-4B9E-BE6B-E85079B052F4}" => key removed successfully
C:\WINDOWS\System32\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{786D521F-9AFE-58B1-0879-0AAE95A6378D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7928B189-420F-4218-8D5C-57EF5698838F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7928B189-420F-4218-8D5C-57EF5698838F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD791F1A-9F77-4400-8CDA-A1D7E0AA1EA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD791F1A-9F77-4400-8CDA-A1D7E0AA1EA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDB20B8F-28A4-4472-89E1-33A40F028DCB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDB20B8F-28A4-4472-89E1-33A40F028DCB}" => key removed successfully
C:\WINDOWS\System32\Tasks\Adobe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe" => key removed successfully
"C:\Users\JButler\AppData\Local\Temp\keye.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F96B678B-B478-4542-8C21-8712EAC66E5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F96B678B-B478-4542-8C21-8712EAC66E5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD539FCE-A3F8-4931-97D7-B56BFEB21D5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD539FCE-A3F8-4931-97D7-B56BFEB21D5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
C:\Users\JButler\AppData\Local\Temp => ":{34004D00-5100-3800-4500-650042004E00}" ADS removed successfully.
C:\Users\JButler\AppData\Local\Temp => ":{6F004C00-4500-7100-7100-2B0069007500}" ADS removed successfully.
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {4C95CB41-8D77-4F22-BCAB-78919E6A09F4}.
{AEEAA93A-9817-461D-B6A4-DD2374B3E431} canceled.
{D2D68571-83F1-434D-9090-7BD8A592B2AE} canceled.
2 out of 3 jobs canceled.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21808611 B
Java, Flash, Steam htmlcache => 128597 B
Windows/system/drivers => 71976929 B
Edge => 6594237 B
Chrome => 261739883 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 13824 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 883972 B
NetworkService => 306200 B
JButler => 4697436 B
DefaultAppPool => 13824 B
 
RecycleBin => 182689 B
EmptyTemp: => 351.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 19:21:57 ====

  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Very good,

Lets run some adware scans now

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    Next
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.

    Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

    In your next reply post;
  • The AdwCleaner [C1].txt Log
  • The JRT.txt Log
  • Malwarebytes log


  • 0

#10
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts

Okay... Sorry this took so long, but here we go...

 

AdwClean:

 

# AdwCleaner v6.010 - Logfile created 29/08/2016 at 20:28:05
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-28.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : JButler - MERISA
# Running from : C:\Users\JButler\Desktop\adwcleaner_6.010.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\ProgramData\b9aca1e9-0265-0
[-] Folder deleted: C:\ProgramData\b9aca1e9-2f15-1
[-] Folder deleted: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
[-] Folder deleted: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allmyapps
[-] Folder deleted: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OnlineHD.TV
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC Desktop
[-] Folder deleted: C:\Program Files (x86)\OneSystemCare
[-] Folder deleted: C:\Users\JButler\AppData\Local\Geckofx
[-] Folder deleted: C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0
 
 
***** [ Files ] *****
 
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
[-] File deleted: C:\WINDOWS\SysWOW64\ComputerUpdaterLM.ocx
[-] File deleted: C:\WINDOWS\SysWOW64\CUUpdateComponent.ocx
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{398d7aa7-f5f8-41c0-a7ac-7f134076b9ca}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ComputerUpdater Service
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Wpm
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5D9E7BE9-95E5-4392-8CD2-D82DE89589ED}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ADEA3C4E-2184-40A2-9556-488456427E80}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
[-] Key deleted: HKU\.DEFAULT\Software\Claro LTD
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\AskToolbar
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\Conduit
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\MediaPlayerplus
[-] Key deleted: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\Software\ContentExplorer
[-] Key deleted: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\Software\IM
[-] Key deleted: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\Software\One System Care
[-] Key deleted: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\Software\WEBAPP
[-] Key deleted: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\Software\csastats
[-] Key deleted: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2255940260-1588004598-2344460268-1001\Software\BabylonToolbar
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2255940260-1588004598-2344460268-1001\Software\Claro LTD
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Claro LTD
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\AskToolbar
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\Conduit
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\MediaPlayerplus
[#] Key deleted on reboot: HKCU\Software\ContentExplorer
[#] Key deleted on reboot: HKCU\Software\IM
[#] Key deleted on reboot: HKCU\Software\One System Care
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\WEBAPP
[#] Key deleted on reboot: HKCU\Software\csastats
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Taronja
[-] Key deleted: HKLM\SOFTWARE\W3I
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966d4C29D35B1C9
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\getpricepeep.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\superfish.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mpc.am
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\search.mpc.am
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mpc.am
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\search.mpc.am
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
 
 
***** [ Web browsers ] *****
 
[-] [ask.com] [Search Provider] Deleted: ask.com
[-] [C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [11629 Bytes] - [29/08/2016 20:28:05]
C:\AdwCleaner\AdwCleaner[R1].txt - [4677 Bytes] - [13/02/2014 18:44:21]
C:\AdwCleaner\AdwCleaner[R2].txt - [6975 Bytes] - [22/04/2014 10:08:02]
C:\AdwCleaner\AdwCleaner[S1].txt - [4659 Bytes] - [13/02/2014 19:02:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [6895 Bytes] - [22/04/2014 10:12:29]
C:\AdwCleaner\AdwCleaner[S3].txt - [11784 Bytes] - [29/08/2016 20:25:18]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12069 Bytes] ##########
 
JRT:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64 
Ran by JButler (Administrator) on Mon 08/29/2016 at 20:42:23.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 7 
 
Failed to delete: C:\Program Files (x86)\google\chrome\application\chrome.bat (File) 
Failed to delete: C:\Program Files (x86)\internet explorer\iexplore.bat (File) 
Successfully deleted: C:\ProgramData\pc drivers headquarters (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\search.lnk (Shortcut) 
Successfully deleted: C:\Users\JButler\AppData\Roaming\pdfforge (Folder) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
Successfully deleted: C:\WINDOWS\prefetch\FREEMAKEUOS.EXE-41C4EA51.pf (File) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/29/2016 at 20:48:32.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
MBytes Log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/29/2016
Scan Time: 8:55 PM
Logfile: MBytes.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.08.30.02
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: JButler
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 426113
Time Elapsed: 1 hr, 35 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

How is the computer ?

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#12
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts

Hey Zep... Sorry for the delay, I was at work all day.

Computer is running MUCH better. So far so good.

 

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2016
Ran by JButler (administrator) on MERISA (30-08-2016 16:21:36)
Running from C:\Users\JButler\Desktop
Loaded Profiles: JButler (Available Profiles: JButler & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\WscRmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\WscRmd.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\WscRmd.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\WscRmd.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\WscRmd.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\WscRmd.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZUpdateNotifier.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Dropbox, Inc.) C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Autodesk) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AcWebBrowser\acwebbrowser.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-02] (IDT, Inc.)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-10-22] (Atheros Commnucations)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [716224 2016-03-23] (Autodesk, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2014-07-30] (CANON INC.)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4612544 2016-02-19] (iolo technologies, LLC)
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [DiamondView] => C:\Program Files (x86)\Manulife Financial\Diamond View\Diamondview.exe [949760 2012-01-06] (Manulife Financial)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [deskPDF Creator] => C:\Program Files (x86)\Docudesk\deskPDF Studio X\deskPDFCreator.exe [2346664 2013-11-02] (Docudesk Corporation)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [Dropbox Update] => C:\Users\JButler\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [HP Officejet Pro X476dw MFP (NET)] => C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [HP Officejet Pro X476dw MFP (NET) #2] => C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\ScanToPCActivationApp.exe [3487240 2014-03-06] (Hewlett-Packard Co.)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [Google Update] => C:\Users\JButler\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-21] (Google Inc.)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1336320 2015-11-25] (Autodesk, Inc.)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\RunOnce: [Uninstall C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\RunOnce: [Uninstall C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\RunOnce: [Uninstall C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\RunOnce: [Uninstall C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\RunOnce: [Uninstall C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1336320 2015-11-25] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-05] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt.42.dll [2016-08-23] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-08-29]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-08-29]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-08-29]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-29]
ShortcutTarget: Dropbox.lnk -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk [2016-08-29]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.114
Tcpip\..\Interfaces\{741988cf-45ef-475a-8565-48234b797e9e}: [DhcpNameServer] 192.168.1.254 75.153.171.114
Tcpip\..\Interfaces\{b6e2de1c-2cbb-4c2e-b03f-3ab93f3b8626}: [DhcpNameServer] 192.168.1.254 75.153.171.114
ManualProxies: 
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2011-11-03] ()
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-10-16] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-10-22] (Atheros Commnucations)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2011-11-03] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-10-16] (Oracle Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2011-11-03] ()
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKU\.DEFAULT -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
Toolbar: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E008A543-CEFB-4559-912F-C27C2B89F13B} hxxps://www.avdlext.com/dwa7W.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2011-11-03] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2011-11-03] ()
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-14] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-10-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2016-02-29] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2255940260-1588004598-2344460268-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\JButler\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2255940260-1588004598-2344460268-1001: @talk.google.com/O1DPlugin -> C:\Users\JButler\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2255940260-1588004598-2344460268-1001: @tools.google.com/Google Update;version=3 -> C:\Users\JButler\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2255940260-1588004598-2344460268-1001: @tools.google.com/Google Update;version=9 -> C:\Users\JButler\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2255940260-1588004598-2344460268-1001: facebook.com/fbDesktopPlugin -> C:\Users\JButler\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\JButler\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\JButler\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR StartupUrls: Profile 1 -> "hxxps://www.google.ca/"
CHR Profile: C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-10]
CHR Extension: (Adblock Plus) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-18]
CHR Extension: (IE Tab Multi (Enhance)) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnfnbeppfinmnjnjhedifcfllpcfgeea [2014-04-22]
CHR Extension: (Google Voice (by Google)) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-10-10]
CHR Extension: (TweetDeck Launcher) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmjdnkpkpnjblbgbnkeedepgnomafojk [2014-04-22]
CHR Extension: (Google Wallet) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
CHR Profile: C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Newark element14 Canada) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dmgphfdogbejgokkokppoijjkjaneomb [2016-01-21]
CHR Extension: (TweetDeck by Twitter) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2015-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\JButler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
CHR HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JButler\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1231376 2016-03-23] (Autodesk Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
S4 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-12-12] (Fitbit, Inc.) [File not signed]
S4 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [142336 2010-04-12] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-11-02] (Realsil Microelectronics Inc.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2014-05-15] ()
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4759600 2016-02-19] (iolo technologies, LLC)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2014-03-25] (CYREN Inc.)
R2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2014-03-25] (CYREN Inc.)
S3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2014-03-25] (CYREN Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-22] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R2 AMP; C:\WINDOWS\system32\Drivers\amp.sys [174856 2014-03-25] (CYREN Inc.)
R2 AMPSE; C:\WINDOWS\system32\Drivers\ampse.sys [1728776 2014-03-25] (CYREN Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-17] (Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-09-18] (EldoS Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-30] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [4767488 2015-10-29] (Realtek Semiconductor Corporation                           )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-10-18] (HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-30 16:21 - 2016-08-30 16:25 - 00047388 _____ C:\Users\JButler\Desktop\FRST.txt
2016-08-30 16:04 - 2016-08-30 16:06 - 00280316 _____ C:\WINDOWS\Minidump\083016-29140-01.dmp
2016-08-30 16:04 - 2016-08-30 16:04 - 778136362 _____ C:\WINDOWS\MEMORY.DMP
2016-08-29 20:54 - 2016-08-30 16:20 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-29 20:53 - 2016-08-29 22:56 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-29 20:53 - 2016-08-29 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-29 20:53 - 2016-08-29 20:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-29 20:53 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-29 20:53 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-29 20:40 - 2016-08-29 20:41 - 01610560 _____ (Malwarebytes) C:\Users\JButler\Desktop\JRT.exe
2016-08-29 20:26 - 2016-08-29 20:26 - 00011784 _____ C:\Users\JButler\Desktop\AdwCleaner[S3].txt
2016-08-29 20:19 - 2016-08-29 20:21 - 03826240 _____ C:\Users\JButler\Desktop\adwcleaner_6.010.exe
2016-08-29 17:04 - 2016-08-29 17:06 - 02397696 _____ (Farbar) C:\Users\JButler\Desktop\FRST64.exe
2016-08-29 09:43 - 2016-08-29 09:43 - 00003562 _____ C:\WINDOWS\System32\Tasks\{B9C883CF-FFE6-42AE-8B5F-5A3E67539BF0}
2016-08-29 00:28 - 2016-08-29 00:28 - 00000000 ____D C:\ProgramData\Sophos
2016-08-29 00:27 - 2016-08-29 22:56 - 00002769 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-08-29 00:27 - 2016-08-29 00:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-08-29 00:27 - 2016-08-29 00:27 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-08-29 00:22 - 2016-08-29 00:24 - 151888864 _____ (Sophos Limited) C:\Users\JButler\Downloads\Sophos Virus Removal Tool.exe
2016-08-28 23:42 - 2016-08-30 16:20 - 00000408 _____ C:\WINDOWS\SysWOW64\iolo.ini
2016-08-28 23:42 - 2016-08-30 16:20 - 00000408 _____ C:\WINDOWS\system32\iolo.ini
2016-08-28 21:35 - 2016-08-28 21:35 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-08-28 21:34 - 2016-08-28 23:35 - 00264014 _____ C:\WINDOWS\ntbtlog.txt
2016-08-28 21:14 - 2016-08-28 21:14 - 00000000 ____D C:\ProgramData\Commtouch
2016-08-28 21:14 - 2016-08-28 21:14 - 00000000 ____D C:\Program Files\Common Files\Commtouch
2016-08-28 21:14 - 2014-03-25 15:59 - 01728776 ____R (CYREN Inc.) C:\WINDOWS\system32\Drivers\ampse.sys
2016-08-28 21:14 - 2014-03-25 15:59 - 00174856 ____R (CYREN Inc.) C:\WINDOWS\system32\Drivers\amp.sys
2016-08-28 21:06 - 2016-08-29 22:56 - 00001552 _____ C:\Users\Public\Desktop\System Mechanic Professional.lnk
2016-08-28 21:06 - 2016-02-19 07:20 - 02182248 _____ (iolo technologies, LLC) C:\WINDOWS\system32\Incinerator64.dll
2016-08-28 20:46 - 2016-08-28 20:46 - 00003312 _____ C:\WINDOWS\System32\Tasks\{E7AD7AB2-8D65-4874-822D-3B6245BD1D64}
2016-08-26 18:22 - 2016-08-26 18:22 - 00003332 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-26 18:20 - 2016-08-26 18:20 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Skype
2016-08-26 17:27 - 2016-08-26 17:27 - 00003224 _____ C:\WINDOWS\System32\Tasks\{590280A9-2B45-49CC-AE52-D87180C79760}
2016-08-25 22:48 - 2016-08-22 14:00 - 1675086704 _____ C:\Users\JButler\Documents\Tragically Hip Concert.mp4
2016-08-25 22:13 - 2016-08-25 22:13 - 00000000 ____D C:\Users\JButler\Documents\NeroVideo
2016-08-25 22:13 - 2016-08-25 22:13 - 00000000 ____D C:\Users\JButler\AppData\Local\Nero
2016-08-25 21:39 - 2016-08-25 21:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Nero
2016-08-25 21:38 - 2016-08-29 22:56 - 00002923 _____ C:\Users\Public\Desktop\Nero 2016.lnk
2016-08-25 21:34 - 2016-08-25 21:39 - 00000000 ____D C:\Program Files (x86)\Nero
2016-08-25 21:34 - 2016-08-25 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2016
2016-08-25 21:34 - 2016-08-25 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2016-08-25 21:19 - 2016-08-25 21:19 - 00000000 ____D C:\Users\JButler\Desktop\NERO
2016-08-25 21:05 - 2016-08-25 22:13 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Nero
2016-08-25 20:48 - 2016-08-25 22:13 - 00000000 ____D C:\ProgramData\Nero
2016-08-25 20:33 - 2016-08-25 20:37 - 00000000 ____D C:\ProgramData\Isolated Storage
2016-08-25 20:33 - 2016-08-25 20:33 - 00000000 ____D C:\Program Files (x86)\%npp.6.9.2.Installen%
2016-08-25 20:06 - 2016-08-25 20:06 - 00000000 ____D C:\Users\JButler\Documents\Tragically Hip Project
2016-08-25 20:04 - 2016-08-25 20:04 - 00000000 ____D C:\Users\JButler\.thumb
2016-08-25 19:53 - 2016-08-25 19:55 - 42062499 _____ (Thüring IT-Consulting ) C:\Users\JButler\Downloads\DVDStyler-3.0.2-win64.exe
2016-08-25 17:09 - 2016-08-25 17:12 - 55263032 _____ ( ) C:\Users\JButler\Downloads\DVD_Menus_Pack_Standard.exe
2016-08-25 17:08 - 2016-08-25 17:08 - 00000000 ____D C:\ProgramData\Wondershare
2016-08-25 16:40 - 2016-08-29 22:54 - 00001267 _____ C:\Users\JButler\Desktop\Wondershare DVD Creator.lnk
2016-08-25 16:40 - 2016-08-25 17:13 - 00000000 ____D C:\Users\JButler\Documents\Wondershare DVD Creator
2016-08-25 16:40 - 2016-08-25 16:40 - 00000000 ____D C:\Users\JButler\AppData\Local\Wondershare
2016-08-25 16:40 - 2016-08-25 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-08-25 16:40 - 2016-08-25 16:40 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-08-25 16:36 - 2016-08-29 22:56 - 00002179 _____ C:\Users\Public\Desktop\WinZip.lnk
2016-08-25 16:36 - 2016-08-29 22:55 - 00002248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Update Notifier.lnk
2016-08-25 16:36 - 2016-08-29 22:55 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip BG Tools.lnk
2016-08-25 16:36 - 2016-08-29 22:55 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-08-25 16:36 - 2016-08-25 21:19 - 00000000 ____D C:\Users\JButler\AppData\Local\WinZip
2016-08-25 16:36 - 2016-08-25 16:36 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinZip 20.5
2016-08-25 16:36 - 2016-08-25 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip 20.5
2016-08-25 16:36 - 2016-08-25 16:36 - 00000000 ____D C:\Program Files\WinZip
2016-08-25 16:35 - 2016-08-25 16:35 - 00000000 ____D C:\ProgramData\UniqueId
2016-08-25 16:34 - 2016-08-25 16:35 - 00706032 _____ (WinZip Computing, S.L.) C:\Users\JButler\Downloads\winzip20-home.exe
2016-08-25 12:02 - 2016-08-29 18:02 - 00000296 _____ C:\WINDOWS\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D}.job
2016-08-25 12:02 - 2016-08-25 12:02 - 00000000 ____D C:\Users\JButler\AppData\Local\Setup1724781
2016-08-25 12:02 - 2016-08-25 12:02 - 00000000 ____D C:\Users\JButler\AppData\Local\chromium
2016-08-25 12:01 - 2016-08-25 12:02 - 00000000 ____D C:\Users\JButler\AppData\Local\reto
2016-08-25 12:01 - 2016-08-25 12:01 - 03838492 _____ (LIGHTNING UK!) C:\Users\JButler\Downloads\SetupImgBurn_2.5.8.0.exe
2016-08-24 20:13 - 2016-08-24 20:13 - 00641460 _____ C:\Users\JButler\Downloads\OffLimitsGameitsjustlikeTabooFREEPACK.pdf
2016-08-23 18:28 - 2016-08-23 18:28 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-08-19 16:23 - 2016-08-29 22:56 - 00001052 _____ C:\Users\Public\Desktop\Comic Life.lnk
2016-08-19 16:23 - 2016-08-19 17:30 - 00000000 ____D C:\Users\JButler\Documents\Comic Life
2016-08-19 16:23 - 2016-08-19 16:23 - 00000004 __RSH C:\ProgramData\sysqcl1129139270.dat
2016-08-19 16:23 - 2016-08-19 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\plasq
2016-08-19 16:23 - 2016-08-19 16:23 - 00000000 ____D C:\Program Files (x86)\plasq
2016-08-19 16:22 - 2016-08-19 16:22 - 11770368 _____ C:\Users\JButler\Downloads\comiclife-win.exe
2016-08-09 15:44 - 2016-08-03 05:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-09 15:44 - 2016-08-03 05:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-09 15:44 - 2016-08-03 05:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-09 15:44 - 2016-08-03 04:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-09 15:44 - 2016-08-03 04:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-09 15:44 - 2016-08-03 04:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-09 15:44 - 2016-08-03 04:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-09 15:44 - 2016-08-03 04:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-09 15:44 - 2016-08-03 04:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-09 15:44 - 2016-08-03 04:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-09 15:44 - 2016-08-03 04:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-09 15:44 - 2016-08-03 04:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-09 15:44 - 2016-08-03 04:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-09 15:44 - 2016-08-03 04:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-09 15:44 - 2016-08-03 04:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-09 15:44 - 2016-08-03 04:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-09 15:44 - 2016-08-03 04:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-09 15:44 - 2016-08-03 04:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-09 15:44 - 2016-08-03 04:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-09 15:44 - 2016-08-03 04:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-09 15:44 - 2016-08-03 04:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-09 15:44 - 2016-08-03 04:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-09 15:44 - 2016-08-03 03:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-09 15:44 - 2016-08-03 03:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-09 15:44 - 2016-08-03 03:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-09 15:44 - 2016-08-03 03:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-09 15:44 - 2016-08-03 03:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-09 15:44 - 2016-08-03 03:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-09 15:44 - 2016-08-03 03:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-09 15:44 - 2016-08-03 03:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-09 15:44 - 2016-08-03 03:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-09 15:44 - 2016-08-03 03:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-09 15:44 - 2016-08-03 03:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-09 15:44 - 2016-08-03 03:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-09 15:44 - 2016-08-03 03:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-09 15:44 - 2016-08-03 03:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-09 15:44 - 2016-08-03 03:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-09 15:44 - 2016-08-03 03:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-09 15:44 - 2016-08-03 03:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-09 15:44 - 2016-08-03 03:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-09 15:44 - 2016-08-03 03:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-09 15:44 - 2016-08-03 03:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-09 15:44 - 2016-08-03 03:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-09 15:44 - 2016-08-03 03:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-09 15:44 - 2016-08-03 03:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-09 15:44 - 2016-08-03 03:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-09 15:44 - 2016-08-03 03:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-09 15:44 - 2016-08-03 03:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-09 15:44 - 2016-08-03 03:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-09 15:44 - 2016-08-03 03:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-09 15:44 - 2016-08-03 03:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-09 15:44 - 2016-08-03 03:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-09 15:44 - 2016-08-03 03:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-09 15:44 - 2016-08-03 03:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-09 15:44 - 2016-08-03 03:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-09 15:44 - 2016-08-03 03:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-09 15:44 - 2016-08-03 03:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-09 15:44 - 2016-08-03 03:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-09 15:44 - 2016-08-03 03:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-09 15:44 - 2016-08-03 03:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-09 15:44 - 2016-08-03 03:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-09 15:44 - 2016-08-03 03:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-09 15:44 - 2016-08-03 03:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-09 15:44 - 2016-08-03 03:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-09 15:44 - 2016-08-03 03:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-09 15:44 - 2016-08-03 03:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-09 15:44 - 2016-08-03 03:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-09 15:44 - 2016-08-03 03:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-09 15:44 - 2016-08-03 03:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-09 15:44 - 2016-08-03 03:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-09 15:44 - 2016-08-02 23:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-09 15:44 - 2016-08-02 23:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-09 15:44 - 2016-08-02 23:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-09 15:44 - 2016-08-02 23:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-09 15:44 - 2016-08-02 23:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-09 15:44 - 2016-08-02 23:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-09 15:44 - 2016-08-02 23:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-09 15:44 - 2016-08-02 23:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-09 15:44 - 2016-08-02 23:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-09 15:44 - 2016-08-02 23:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-09 15:44 - 2016-08-02 22:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-09 15:44 - 2016-08-02 22:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-09 15:44 - 2016-08-02 22:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-09 15:44 - 2016-08-02 22:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-09 15:44 - 2016-08-02 22:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-09 15:44 - 2016-08-02 22:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-09 15:44 - 2016-08-02 22:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-09 15:44 - 2016-08-02 22:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-09 15:44 - 2016-08-02 22:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-09 15:44 - 2016-08-02 22:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-09 15:44 - 2016-08-02 22:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-09 15:44 - 2016-08-02 22:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-09 15:44 - 2016-08-02 22:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-09 15:44 - 2016-08-02 22:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-09 15:44 - 2016-08-02 22:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-09 15:44 - 2016-08-02 22:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-09 15:44 - 2016-08-02 22:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-09 15:44 - 2016-08-02 22:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-09 15:44 - 2016-08-02 22:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-09 15:44 - 2016-08-02 22:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-09 15:44 - 2016-08-02 22:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-09 15:44 - 2016-08-02 22:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-09 15:44 - 2016-08-02 22:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-09 15:44 - 2016-08-02 22:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-09 15:44 - 2016-08-02 22:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-09 15:44 - 2016-08-02 22:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-09 15:44 - 2016-08-02 22:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-09 15:44 - 2016-08-02 22:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 15:44 - 2016-08-02 22:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-09 15:43 - 2016-08-03 04:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-09 15:43 - 2016-08-03 04:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-09 15:43 - 2016-08-03 04:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-09 15:43 - 2016-08-03 04:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-09 15:43 - 2016-08-03 03:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-09 15:43 - 2016-08-03 03:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-09 15:43 - 2016-08-03 03:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-09 15:43 - 2016-08-03 03:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-09 15:43 - 2016-08-03 03:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-09 15:43 - 2016-08-03 03:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-09 15:43 - 2016-08-03 03:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-09 15:43 - 2016-08-03 03:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-09 15:43 - 2016-08-03 03:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-09 15:43 - 2016-08-03 03:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-09 15:43 - 2016-08-03 03:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-09 15:43 - 2016-08-03 03:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-09 15:43 - 2016-08-03 03:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-09 15:43 - 2016-08-03 03:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-09 15:43 - 2016-08-03 03:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-09 15:43 - 2016-08-03 03:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-09 15:43 - 2016-08-03 03:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-09 15:43 - 2016-08-02 22:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-09 15:43 - 2016-08-02 22:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-09 15:43 - 2016-08-02 22:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-09 15:43 - 2016-08-02 22:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-04 16:35 - 2016-08-04 16:35 - 00000082 _____ C:\Users\JButler\AppData\Roaming\mbam.context.scan
2016-07-31 13:13 - 2016-07-31 13:13 - 00000000 ____D C:\WINDOWS\system32\config\SM Registry Backup
2016-07-31 13:13 - 2016-07-31 13:13 - 00000000 ____D C:\WINDOWS\system32\config\Before Compact
2016-07-31 12:37 - 2016-07-31 12:37 - 00000000 ____D C:\WINDOWS\system32\config\Original
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-30 16:23 - 2014-07-29 22:36 - 00000000 ___RD C:\Users\JButler\Dropbox
2016-08-30 16:21 - 2016-06-17 16:58 - 00000000 ___RD C:\Users\JButler\iCloudDrive
2016-08-30 16:21 - 2014-04-22 11:04 - 00000000 ____D C:\FRST
2016-08-30 16:20 - 2013-10-10 13:16 - 00000392 _____ C:\WINDOWS\SysWOW64\iolo.ini.txt
2016-08-30 16:18 - 2015-12-24 06:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-30 16:04 - 2015-12-25 02:46 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-30 12:01 - 2015-11-21 11:30 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA.job
2016-08-30 05:47 - 2012-04-03 22:56 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-30 05:39 - 2015-12-24 05:56 - 00000000 ____D C:\Users\JButler
2016-08-30 01:17 - 2015-06-16 17:01 - 00000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA.job
2016-08-30 00:42 - 2011-10-06 16:07 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{68809F62-1306-49BA-99C4-8BAF2943F43D}
2016-08-30 00:17 - 2015-06-16 17:01 - 00000874 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core.job
2016-08-29 22:56 - 2016-06-17 16:47 - 00001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-29 22:56 - 2016-05-21 18:12 - 00002088 _____ C:\Users\Public\Desktop\Wireless Connection Manager.lnk
2016-08-29 22:56 - 2016-04-15 14:19 - 00002092 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk
2016-08-29 22:56 - 2016-03-07 19:34 - 00002192 _____ C:\Users\Public\Desktop\StudioTax 2015.lnk
2016-08-29 22:56 - 2016-03-03 23:28 - 00001401 _____ C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk
2016-08-29 22:56 - 2016-01-31 11:06 - 00002070 _____ C:\Users\Public\Desktop\A360 Desktop.lnk
2016-08-29 22:56 - 2015-12-24 06:18 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-29 22:56 - 2015-11-27 13:27 - 00002411 _____ C:\Users\Public\Desktop\Canon MX490 series On-screen Manual.lnk
2016-08-29 22:56 - 2015-10-30 01:19 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2016-08-29 22:56 - 2015-10-30 01:19 - 00002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2016-08-29 22:56 - 2015-10-30 01:19 - 00002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk
2016-08-29 22:56 - 2015-10-30 01:18 - 00000853 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk
2016-08-29 22:56 - 2015-10-30 01:17 - 00002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2016-08-29 22:56 - 2015-10-09 00:49 - 00002194 _____ C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
2016-08-29 22:56 - 2015-09-28 19:57 - 00002078 _____ C:\Users\Public\Desktop\Autodesk ReCap 2016.lnk
2016-08-29 22:56 - 2015-09-28 19:44 - 00002092 _____ C:\Users\Public\Desktop\AutoCAD 2016 - English.lnk
2016-08-29 22:56 - 2015-08-16 13:54 - 00002266 _____ C:\Users\Public\Desktop\HP Officejet Pro X476dw MFP.lnk
2016-08-29 22:56 - 2015-08-16 13:54 - 00000966 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2016-08-29 22:56 - 2015-07-19 21:46 - 00002499 _____ C:\Users\Public\Desktop\Bitstream Font Navigator (64-Bit).lnk
2016-08-29 22:56 - 2015-07-15 18:37 - 00002152 _____ C:\Users\Public\Desktop\Style Builder 2015.lnk
2016-08-29 22:56 - 2015-07-15 18:37 - 00002066 _____ C:\Users\Public\Desktop\LayOut 2015.lnk
2016-08-29 22:56 - 2015-07-15 18:37 - 00001981 _____ C:\Users\Public\Desktop\SketchUp 2015.lnk
2016-08-29 22:56 - 2015-06-10 21:02 - 00003039 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT X7 (64-Bit).lnk
2016-08-29 22:56 - 2015-06-10 21:02 - 00003036 _____ C:\Users\Public\Desktop\Corel CAPTURE X7 (64-Bit).lnk
2016-08-29 22:56 - 2015-06-10 21:02 - 00002991 _____ C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk
2016-08-29 22:56 - 2015-06-10 21:02 - 00002319 _____ C:\Users\Public\Desktop\Corel CONNECT X7 (64-Bit).lnk
2016-08-29 22:56 - 2015-05-20 16:36 - 00000874 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2016-08-29 22:56 - 2015-03-16 17:52 - 00002119 _____ C:\Users\Public\Desktop\StudioTax 2014.lnk
2016-08-29 22:56 - 2015-01-07 18:19 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-08-29 22:56 - 2015-01-07 18:19 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-08-29 22:56 - 2014-12-18 20:58 - 00000954 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2016-08-29 22:56 - 2014-12-08 21:17 - 00001839 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-08-29 22:56 - 2014-07-29 21:54 - 00002182 _____ C:\Users\Public\Desktop\Style Builder 2014.lnk
2016-08-29 22:56 - 2014-07-29 21:54 - 00002096 _____ C:\Users\Public\Desktop\LayOut 2014.lnk
2016-08-29 22:56 - 2014-07-29 21:54 - 00002011 _____ C:\Users\Public\Desktop\SketchUp 2014.lnk
2016-08-29 22:56 - 2012-10-12 12:16 - 00001809 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sky.lnk
2016-08-29 22:56 - 2011-10-31 11:54 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-08-29 22:56 - 2011-05-17 13:11 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-08-29 22:56 - 2011-05-17 13:11 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-08-29 22:56 - 2011-05-17 13:08 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
2016-08-29 22:55 - 2015-10-18 09:20 - 00002409 _____ C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-29 22:55 - 2014-04-24 10:32 - 00002003 _____ C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2016-08-29 22:55 - 2013-11-24 18:14 - 00001628 _____ C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CIMS.Net.lnk
2016-08-29 22:55 - 2013-10-20 08:46 - 00001393 _____ C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\direcTORY Application.lnk
2016-08-29 22:54 - 2015-10-16 20:04 - 00002123 _____ C:\Users\JButler\Desktop\Tweaking.com - Windows Repair.lnk
2016-08-29 22:54 - 2014-08-30 16:30 - 00001853 _____ C:\Users\JButler\Desktop\Shadow Player.lnk
2016-08-29 22:54 - 2014-08-19 17:55 - 00002171 _____ C:\Users\JButler\Desktop\Sweet Home 3D.lnk
2016-08-29 22:54 - 2014-04-24 10:32 - 00001973 _____ C:\Users\JButler\Desktop\Update Checker.lnk
2016-08-29 22:54 - 2014-04-23 14:58 - 00001306 _____ C:\Users\JButler\Desktop\Create PDF.lnk
2016-08-29 22:54 - 2014-04-23 14:58 - 00001223 _____ C:\Users\JButler\Desktop\deskPDF Studio.lnk
2016-08-29 22:42 - 2015-10-30 00:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-08-29 21:54 - 2011-10-06 17:35 - 00000000 ___RD C:\Users\JButler\Desktop\Utilities
2016-08-29 20:54 - 2012-06-13 17:50 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Malwarebytes
2016-08-29 20:54 - 2012-06-13 17:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-29 20:28 - 2014-02-13 18:44 - 00000000 ____D C:\AdwCleaner
2016-08-29 19:21 - 2011-12-19 12:05 - 00000000 ____D C:\Users\JButler\AppData\LocalLow\Temp
2016-08-29 19:17 - 2009-07-13 21:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-08-29 16:40 - 2015-03-12 17:23 - 00000000 ____D C:\Program Files (x86)\Workspace
2016-08-29 16:39 - 2015-03-12 17:23 - 00000000 ____D C:\Users\JButler\Documents\Workspace Logs
2016-08-29 16:22 - 2016-03-05 10:45 - 00000000 ____D C:\ProgramData\Freemake
2016-08-29 16:01 - 2015-11-21 11:30 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core.job
2016-08-28 22:06 - 2011-05-17 12:59 - 00000000 ____D C:\ProgramData\WildTangent
2016-08-28 22:06 - 2011-05-17 12:59 - 00000000 ____D C:\Program Files (x86)\HP Games
2016-08-28 22:06 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-08-28 21:29 - 2016-04-15 14:00 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-08-28 21:12 - 2013-10-10 12:47 - 00000000 ____D C:\ProgramData\iolo
2016-08-28 21:06 - 2013-10-10 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional
2016-08-28 21:05 - 2015-10-30 01:24 - 00000000 __RSD C:\WINDOWS\Media
2016-08-28 21:05 - 2013-12-14 15:41 - 00003222 _____ C:\WINDOWS\System32\Tasks\iolo Process Governor
2016-08-28 21:05 - 2013-12-14 15:41 - 00000000 ____D C:\ProgramData\ioloGovernor
2016-08-28 14:54 - 2016-03-09 18:43 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-08-28 14:53 - 2011-10-06 17:36 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-28 14:44 - 2012-11-04 12:55 - 00002295 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-08-28 14:28 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-27 11:52 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-27 00:35 - 2015-05-14 21:10 - 00000354 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJButler.job
2016-08-27 00:28 - 2016-03-10 18:58 - 00000000 ____D C:\Users\JButler\AppData\Roaming\qBittorrent
2016-08-26 18:22 - 2015-01-07 18:07 - 00000000 ___RD C:\Users\JButler\OneDrive
2016-08-26 17:28 - 2016-03-03 23:41 - 00000000 ____D C:\Program Files\Handbrake
2016-08-26 16:40 - 2016-03-11 07:15 - 00007318 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-26 16:29 - 2015-05-14 21:10 - 00003254 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJButler
2016-08-26 15:37 - 2015-12-24 05:43 - 00545368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-25 18:23 - 2015-09-29 18:56 - 00000000 ____D C:\Users\JButler\Desktop\CADD201
2016-08-25 16:37 - 2014-12-19 21:36 - 00000000 ____D C:\ProgramData\WinZip
2016-08-25 11:40 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-23 18:28 - 2012-06-22 15:59 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Dropbox
2016-08-22 16:56 - 2016-06-17 16:56 - 00003490 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-08-19 03:21 - 2012-09-28 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-13 00:57 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-10 18:43 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 18:43 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-09 20:01 - 2015-09-09 23:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-09 19:56 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-09 19:55 - 2015-10-30 03:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-09 19:55 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-09 16:50 - 2013-08-21 10:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-09 16:50 - 2011-10-09 00:03 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-31 13:36 - 2015-12-24 06:41 - 00000000 ___DC C:\WINDOWS\Panther
2016-07-31 13:36 - 2014-08-30 16:42 - 00000000 ____D C:\Users\JButler\AppData\Roaming\Kodi
2016-07-31 13:12 - 2015-10-30 01:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-07-31 13:12 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
 
==================== Files in the root of some directories =======
 
2012-10-12 11:38 - 2012-10-12 11:38 - 0000474 _____ () C:\Program Files (x86)\INSTALL.LOG
2012-10-12 11:38 - 1999-06-25 10:55 - 0149504 _____ () C:\Program Files (x86)\UNWISE.EXE
2016-08-04 16:35 - 2016-08-04 16:35 - 0000082 _____ () C:\Users\JButler\AppData\Roaming\mbam.context.scan
2012-10-05 13:45 - 2012-10-05 13:45 - 0003584 _____ () C:\Users\JButler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-16 14:21 - 2012-03-16 14:21 - 0000095 _____ () C:\Users\JButler\AppData\Local\fusioncache.dat
2012-10-10 12:30 - 2012-10-10 12:30 - 0000017 _____ () C:\Users\JButler\AppData\Local\resmon.resmoncfg
2016-06-04 00:55 - 2016-06-04 00:55 - 0000000 _____ () C:\Users\JButler\AppData\Local\{D4BA9573-CB99-4635-A967-719C89D162EA}
2015-08-16 13:51 - 2015-08-16 13:51 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-08-19 16:23 - 2016-08-19 16:23 - 0000004 __RSH () C:\ProgramData\sysqcl1129139270.dat
 
Files to move or delete:
====================
C:\ProgramData\sysqcl1129139270.dat
C:\Windows\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D}.job
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-29 14:34
 
==================== End of FRST.txt ============================
 
Addition Log:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-08-2016
Ran by JButler (30-08-2016 16:27:10)
Running from C:\Users\JButler\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-24 12:40:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2255940260-1588004598-2344460268-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2255940260-1588004598-2344460268-1005 - Limited - Enabled)
DefaultAccount (S-1-5-21-2255940260-1588004598-2344460268-503 - Limited - Disabled)
Guest (S-1-5-21-2255940260-1588004598-2344460268-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2255940260-1588004598-2344460268-1003 - Limited - Enabled)
JButler (S-1-5-21-2255940260-1588004598-2344460268-1001 - Administrator - Enabled) => C:\Users\JButler
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: System Shield (Enabled - Up to date) {51A1F251-72D6-FBFA-1969-EBE1F52F559F}
AS: System Shield (Enabled - Up to date) {EAC013B5-54EC-F474-23D9-D0938EA81F22}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
A360 Desktop (HKLM\...\{A74E6AC6-623F-4DFE-B362-32C7986EE871}) (Version: 6.2.10.1700 - Autodesk)
ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Android Sync Manager WiFi (HKLM-x32\...\{13D946AF-DAD9-0200-0000-000000000000}) (Version: 11.10.2763 - Mobile Action)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft PhotoImpression 6 (HKLM-x32\...\{D03E7B00-CA85-4684-9321-1888873C34BD}) (Version: 6 - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version:  - ArcSoft)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.102 - Atheros)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 6.0.108.150 - Autodesk)
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk ReCap 2016 (HKLM\...\Autodesk ReCap 2016) (Version: 1.5.0.33 - Autodesk)
Autodesk ReCap 2016 (Version: 1.5.0.33 - Autodesk) Hidden
Avantage d'Or / Golden Edge (HKLM-x32\...\{0AE17B00-31FA-11D6-BED9-000629F77048}) (Version:  - )
AVS Media Player 4.1.9.95 (HKLM-x32\...\AVS Media Player_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVSDK5 (Version: 5.4.11 - CYREN Inc.) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{F315BB02-95E7-4937-88FA-5DAC15E7DA2B}) (Version: 2.26.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.3.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.6.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.3.0 - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.02 - Canon Inc.)
Canon MX490 series On-screen Manual (HKLM-x32\...\Canon MX490 series On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon MX490 series User Registration (HKLM-x32\...\Canon MX490 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.6.0 - Canon Inc.)
CenoPDF (32-bit) (x32 Version: 3.6.230.0 - Lystech Computing) Hidden
CenoPDF v3.6.230.0 (HKLM-x32\...\{446a474f-287b-4c98-8036-2dd6bbaf6dfb}) (Version: 3.6.230.0 - Lystech Computing)
CGS17_Setup_x64 (Version: 17.6 - Corel Corporation) Hidden
Comic Life (HKLM-x32\...\{6A1F0A1A-474C-4151-8534-5F61832D88CD}) (Version: 1.3.6 - plasq)
Corel Graphics - Windows Shell Extension (HKLM\...\_{52166132-E642-447F-9785-F9133563CE59}) (Version: 17.6.0.1021 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.6.1021 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.6.1021 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - BR (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - ES (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FR (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (x64) (Version: 16.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (64-Bit) (HKLM\...\_{BDBFAC49-8877-472F-876B-75ADB7DBC955}) (Version: 16.1.0.843 - Corel Corporation)
CorelDRAW Graphics Suite X6 (x64) (Version: 16.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.6.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.6.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.6 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.6 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.6.0.1021 - Corel Corporation)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4305 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
deskPDF Studio X (HKLM-x32\...\deskPDF Studio_is1) (Version:  - Docudesk)
direcTORY Application (HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\121406415.www.c-vote.ca) (Version:  - www.c-vote.ca)
D-Link DWA-171 Wireless AC Dual Band Adapter (HKLM-x32\...\{5F1C0C6E-0E47-4D60-8971-6EF9FC439B8B}) (Version: 1 - D-Link)
Dropbox (HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
EPSON Print CD (HKLM-x32\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.60.000 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Stylus Photo RX680 Series Scanner Driver Update (HKLM-x32\...\{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}) (Version:  - )
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
FARO LS 1.1.502.0 (64bit) (HKLM-x32\...\{66D83FE0-D798-4B38-86FE-FB48151E5AEF}) (Version: 5.2.0.35213 - FARO Scanner Production)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
Fitbit Connect (HKLM-x32\...\{D626E72A-ED95-489A-9B8B-0B2A7B649A85}) (Version: 2.0.0.6518 - Fitbit Inc.)
Foxit Phantom (HKLM\...\{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}) (Version: 2.2.0225 - Foxit Software Company)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}) (Version: 1.2.0.0 - Hewlett-Packard)
HP LaserJet Professional CP1520 Series (HKLM-x32\...\{5C069542-CA13-4f1b-B90C-28C6430F4992}) (Version:  - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro X476dw MFP Basic Device Software (HKLM\...\{39A2D5AC-305A-4FAD-8845-4CC8C76C0BE2}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Officejet Pro X476dw MFP Help (HKLM-x32\...\{D99D6F87-451C-4BCF-8053-DC62C8E341B9}) (Version: 29.0.0 - Hewlett Packard)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.5.32.37 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{E15C68A1-9CA5-44AC-A7F7-6C0673F196A8}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJUT (HKLM-x32\...\{229D6185-BD7E-494B-A73B-C5215BE0690E}) (Version: 1.00.0008 - HP)
hppCP1520LaserJetService (x32 Version: 001.007.00319 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.007.00397 - Hewlett-Packard) Hidden
hppTLBXFXCP1520 (x32 Version: 001.007.00647 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 006.007.00770 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6423.0 - IDT)
Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 15.5.0 - iolo technologies, LLC)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kies Air Discovery Service (HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Kies Air Discovery Service) (Version:  - Samsung)
Kobo (HKLM-x32\...\Kobo) (Version: 3.1.5 - Kobo Inc.)
Kodi (HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\Kodi) (Version:  - XBMC-Foundation)
Licensing Service (03000201) (x32 Version: 03.00.02.15 - Protexis Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 2016 (HKLM-x32\...\{9C637A56-4287-487F-95BF-1422FC1AA879}) (Version: 17.0.04500 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2003 - Nero AG)
Nero Self Extractor 12.0.3.0 (HKLM-x32\...\Nero Self Extractor 12.0.3.0) (Version: 12.0.3.0 - Nero Self Extractor)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.1 - pdfforge)
Player (HKLM-x32\...\Player) (Version:  - )
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
Product Improvement Study for HP Officejet Pro X476dw MFP (HKLM\...\{3531419E-DA6B-45DD-BFF7-9105F1A67807}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
RegimeRetraiteIndividuel (HKLM-x32\...\{09064D50-FF4A-407C-9B13-15B9D231EBA2}) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RPS CRT (x32 Version: 9.0.48 - TELUS) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SetupCrystalReports (HKLM-x32\...\{DE723887-712F-499D-8B82-5A1EC8F46062}) (Version: 1.0.0 - DSF)
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Stashimi Stub Installer (x32 Version: 18.001.1 - Nero AG) Hidden
StudioTax 2014 (HKLM-x32\...\{41720083-9D3D-46C1-B01A-D29BE92C80B6}) (Version: 10.0.6.1 - BHOK IT Consulting)
StudioTax 2015 (HKLM-x32\...\{38A3BBA2-1AA6-4DCC-AABF-ECDC37C6B3DB}) (Version: 11.0.5.1 - BHOK IT Consulting)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
System Mechanic 12 Professional (x32 Version: 15.5.0 - ) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.6.1 - Tweaking.com)
TweetDeck (HKLM-x32\...\{FA6381E9-96D2-4F6F-866C-4D16E5986FF6}) (Version: 2.7.1 - Twitter, Inc.)
VIO Player version 1.2 (HKLM-x32\...\{2A9009E1-122C-4692-B442-A750C0DE7BA1}_is1) (Version: 1.2 - VIO Player)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinX DVD Ripper Platinum 7.5.13 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
WinZip 20.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24105}) (Version: 20.5.12118 - WinZip Computing, S.L. )
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Wondershare DVD Creator(Build 3.4.0) (HKLM-x32\...\Wondershare DVD Creator_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
WOT for Internet Explorer (HKLM\...\{C0DA129B-1E45-494D-A362-5CD0109C306B}) (Version: 11.11.7.0 - WOT Services Oy)
ZoomExpressKeyView14.1 (HKLM-x32\...\{C007CFA1-FC3C-49B8-8D30-DB5BF3396632}) (Version: 14.1.04 - ...)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\JButler\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JButler\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2255940260-1588004598-2344460268-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\JButler\AppData\Roaming\Dropbox\bin\DropboxExt64.42.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {032FF7FB-8F4A-422E-A149-59576FB52AEC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {0672D3D5-C923-4E23-90AD-04E329E73C4F} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {0B7AC043-D85E-4F57-8E74-8BA2FAB6615C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {0BFBFB4D-FEE6-4837-A47B-ED7DCD36F002} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {1B5C2A26-AA64-4688-A4D4-A630F7020BC2} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {1BA50F2C-AFF8-4F0B-A939-A8ACA1A54356} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-09] (Microsoft Corporation)
Task: {218F1E4C-A15B-4C7F-A40B-CA86BDFA00D6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {22411407-511C-4312-8099-E7924A68EF50} - System32\Tasks\{E7AD7AB2-8D65-4874-822D-3B6245BD1D64} => pcalua.exe -a C:\WINDOWS\75d20eaa396690e6ab4815c7a42ca198.exe -d C:\Windows\ImmersiveControlPanel
Task: {24B86B2D-CD7D-4DB5-9834-04906FC2F158} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core => C:\Users\JButler\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-21] (Google Inc.)
Task: {25A0BFC4-3CB9-46E5-BA48-2BCA172F39A3} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {29013EC2-5113-42AF-BB44-F1594232C723} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3009EF85-AEFA-4DD3-BED6-6397266DB0C3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA => C:\Users\JButler\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {3A82BBE0-C3B3-42F9-A9A4-1D23C8696413} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {3CE1158D-158A-453E-84EF-8C334C9EDD2C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {3F7D4E45-3BCE-49AE-A59A-772F9276F7F9} - System32\Tasks\{3C168FBD-975E-4E72-80D7-67CC0591F7D3} => pcalua.exe -a C:\Users\JButler\Downloads\InstallInSync324.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {3FDA38DA-37F2-4FF3-B53C-25B907C62F74} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {44CC7AA6-29D9-4E28-A3FB-763ECC39214C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {479222BC-8036-4A0D-A208-9662B826B4D5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {49275A7C-3F56-4DA4-A6D9-315831D580B8} - System32\Tasks\FaxApplications.exe_{E4FCF074-00C3-439E-A8BA-34311A80C2B5} => C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\FaxApplications.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {4BE80749-44F3-4B95-B551-EFE245E5C503} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {4EAF5005-1C1E-49C5-8F7E-FA52F84CAFC0} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {504D6BD9-9F53-4AB1-B022-333FB258B369} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {533F31B9-17FD-4A74-B40D-BA4DE7FC2BA8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {5BBCF1C6-B051-4CFD-81C5-615F7AD7E12A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {5F3258DB-B6E7-45B3-B3E4-832429355F16} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {5FC50BBF-C91E-4D98-A69B-22386376CDA5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {64958502-564C-4615-8F1D-B9C0E3A8888A} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2016-02-19] (iolo technologies, LLC)
Task: {673484DA-11F6-41A4-A8EA-2347D6B22DC9} - System32\Tasks\HPCeeScheduleForJButler => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {6AC19412-E143-4BA5-BE36-595319871724} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2016-03-01] (Nero AG)
Task: {6B0AC538-663D-4BF8-9ABB-1CF2C92923ED} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {6DA486F9-52D5-483F-8C23-AFF9BF3E61E9} - System32\Tasks\{B9C883CF-FFE6-42AE-8B5F-5A3E67539BF0} => pcalua.exe -a C:\Users\JButler\AppData\Local\{2F341968-0B9C-75D0-6604-5038426CACA0}\uninst.exe -c -FN="C:\Users\JButler\AppData\Roaming\{2F6919D2-0A3B-74A4-610D-5376BDDFAE48}\SyncTask.exe"-P=/Uninstall /s /noun /DelSelfDir
Task: {7F5D594F-F232-48C3-9ACC-AF6DC3768302} - System32\Tasks\{BC45F2BC-BDEF-4171-B119-5536EEB7702D} => pcalua.exe -a C:\Users\JButler\Desktop\AMV95Setup.exe -d C:\Users\JButler\Desktop
Task: {8117C21D-4376-46FB-925A-B9E293713691} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {87876009-4FE2-4836-9988-5BA63F63FA54} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {87E11C20-456F-458B-80D1-7BA3161E3D16} - System32\Tasks\{590280A9-2B45-49CC-AE52-D87180C79760} => pcalua.exe -a "C:\Program Files\Handbrake\uninst.exe"
Task: {8A4E1821-2723-47B8-9B0A-03D4AF574D9D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8A996289-3D89-412B-88D1-E069368B15C9} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {8F05D060-FF41-49BE-A7D9-C9B25E69D5D1} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {9148ACD7-429F-48ED-9031-79AF4568745B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {9349A0AE-8611-467E-BC1E-BC09F04A702A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {94C0A6DC-C763-419E-B8C3-2B5DF0555BAC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {9D5D8B64-3BA8-4A0D-9C73-20875EF72DF5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {AB1F7109-88BC-4CAA-9F75-3EB96E4A9176} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {AE68B485-5057-47B9-B5E0-4A0C4F8E3A83} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {B2686D9A-ED77-4DC7-9BD8-5D8DACD81CFE} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {B5733E3F-1289-46EF-BF71-7A33E221F387} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {B5BA9E8B-9839-432C-B9BF-0DCD95564D9C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA => C:\Users\JButler\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-21] (Google Inc.)
Task: {B9315AEE-9F62-4BB6-B0FA-F84211803CD4} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C2239A6F-144D-43E2-BB85-0C07D7CD2E28} - System32\Tasks\HPCustParticipation HP Officejet Pro X476dw MFP => C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {C897FA96-84BB-465B-98D7-B2A5D944EFAB} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-04-22] (Apple Inc.)
Task: {C89DD698-504F-4039-86FF-601D66E3760E} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-05-02] (Hewlett Packard)
Task: {C8D9FBC8-BFA2-4DAE-9D59-3C505CC32EBF} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {CC1C55FD-EC90-47A1-BDDF-C42DF09F642A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {CCB6F37C-879F-48CF-9E29-983551D8EF17} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {D19FE2FB-5C76-4F71-BBF8-3B63AE529618} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {D2F270C6-BD35-4FB4-AAB0-F86CC297540A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core => C:\Users\JButler\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {D31282A1-4D5E-4212-8924-E57DBD5C557C} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-26] (Microsoft Corporation)
Task: {D6B2AF60-9F01-4692-85B7-733C92556F09} - System32\Tasks\{1010F0F3-84B5-4DED-AC92-802C0B6FF4A4} => pcalua.exe -a C:\PROGRA~1\DIFX\B60D12~1\DPInst64.exe -c /u C:\Windows\System32\DriverStore\FileRepository\leapfrog-02-03-05-012-1373324.inf_amd64_neutral_8d32ba055a076abd\leapfrog-02-03-05-012-1373324.inf
Task: {D80BD92A-0111-4D59-8B52-D189288580E0} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe
Task: {D931E858-733D-427B-9F68-E1E097E77B7C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {DFBEF069-17B6-487D-9747-5049CF4E23A0} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-07-06] (CyberLink)
Task: {E3403E52-AD30-4974-BE5E-6B3D02170491} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {E84C1363-6C49-4FBE-A1D3-40B91FB4AA1C} - System32\Tasks\{663009E6-25DC-4C8A-B006-F13E3799DA9F} => pcalua.exe -a C:\Users\JButler\Downloads\Inforce_13.exe -d C:\Users\JButler\Downloads
Task: {EF962840-5DBD-4D5D-9AD6-0894B6270B2A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core => C:\Users\JButler\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {FB3924D7-2DAD-4DC1-9C2D-8BF96EDCE55D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core.job => C:\Users\JButler\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA.job => C:\Users\JButler\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001Core.job => C:\Users\JButler\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2255940260-1588004598-2344460268-1001UA.job => C:\Users\JButler\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJButler.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D}.job => 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\JButler\Desktop\Utilities\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\JButler\Desktop\Utilities\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\JButler\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\JButler\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\JButler\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
 
ShortcutWithArgument: C:\Users\JButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\direcTORY Application.lnk -> C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe (Microsoft Corporation) -> 121406415.www.c-vote.ca
ShortcutWithArgument: C:\Users\JButler\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat () -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2012-05-02 14:29 - 2012-03-11 14:56 - 00086608 _____ () C:\WINDOWS\System32\cpwmon64.dll
2014-04-23 14:58 - 2013-06-17 17:40 - 00035944 _____ () C:\Windows\system32\ddmon4-64x.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-21 23:09 - 2015-08-21 23:09 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 08:08 - 2014-02-11 08:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 08:08 - 2014-02-11 08:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2015-08-21 23:09 - 2015-08-21 23:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-04-15 15:45 - 2014-05-15 19:25 - 00084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2016-07-13 00:27 - 2016-06-30 22:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 00:27 - 2016-06-30 22:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-08-26 18:21 - 2016-08-26 18:21 - 01864384 _____ () C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2015-12-24 14:53 - 2015-12-06 22:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 00:29 - 2016-06-30 21:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 00:27 - 2016-06-30 21:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 00:27 - 2016-06-30 21:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 00:27 - 2016-06-30 21:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 00:27 - 2016-06-30 21:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-04 21:55 - 2016-03-23 04:02 - 00061968 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_Service-head.dll
2016-06-04 21:55 - 2016-03-23 04:02 - 00110608 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson0.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-08-26 18:20 - 2016-08-26 18:20 - 01383616 _____ () C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-26 18:20 - 2016-08-26 18:20 - 00118976 _____ () C:\Users\JButler\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 00244024 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-06-04 21:55 - 2013-09-23 11:52 - 00043912 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\QtSolutions_MFCMigrationFramework_Ad_2.dll
2016-06-04 21:55 - 2015-11-05 06:07 - 00052224 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qoauth_Ad_1.dll
2016-06-04 21:55 - 2015-11-05 06:07 - 00195584 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qjson_Ad_0.dll
2016-06-04 21:55 - 2015-11-05 06:07 - 00742400 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\qca_Ad_2.dll
2016-06-04 21:55 - 2016-03-23 03:35 - 00284608 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\en-US\AdWingManRes.dll
2016-06-04 21:55 - 2015-09-08 00:31 - 40640808 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libcef.dll
2016-08-23 18:27 - 2016-07-11 20:07 - 00035792 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00145864 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00019408 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00116688 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-08-23 18:27 - 2016-07-11 20:07 - 00100296 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00018888 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\select.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00019760 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00694224 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00020816 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00123856 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 01682760 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00020808 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00021312 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00052024 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00105928 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00025424 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00038696 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00392144 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-08-23 18:27 - 2016-07-11 20:09 - 00020936 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00024528 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00114640 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00381752 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00124880 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00024016 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00175560 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00030160 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00043472 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00048592 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00026456 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00057808 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00024016 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00246592 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00028616 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00020800 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00019776 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00020800 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00144848 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-08-23 18:27 - 2016-07-11 20:08 - 00241104 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00020280 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00023376 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00350152 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00022352 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00024392 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00036296 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\librsync.dll
2016-08-23 18:27 - 2016-08-23 17:17 - 00031568 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2016-08-23 18:27 - 2016-08-23 17:02 - 00293392 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2016-08-23 18:27 - 2016-08-23 17:17 - 00084280 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-08-23 18:27 - 2016-08-23 17:17 - 01826096 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-08-23 18:27 - 2016-07-11 20:07 - 00083912 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\sip.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 03929392 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 01972016 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00531248 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00132912 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00224056 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00207672 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00020288 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2016-08-23 18:27 - 2016-07-11 20:09 - 00060880 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00037192 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00024904 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00546096 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00357680 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00168248 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-08-23 18:27 - 2016-08-23 17:17 - 00042808 _____ () C:\Users\JButler\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-06-04 21:55 - 2014-09-02 18:29 - 00912384 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libglesv2.dll
2016-06-04 21:55 - 2014-09-02 18:29 - 00134144 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\libegl.dll
2016-06-04 21:55 - 2014-09-02 18:29 - 00950272 _____ () C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\ffmpegsumo.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2016-08-29 19:17 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254 - 75.153.171.114
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\StartupApproved\Run: => "deskPDF Creator"
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\StartupApproved\Run: => "DiamondView"
HKU\S-1-5-21-2255940260-1588004598-2344460268-1001\...\StartupApproved\Run: => "Dropbox Update"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{9A4CE18C-89B9-43AC-BF9D-CC0C46A96267}] => (Block) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{B4BB3C5D-16F2-426B-AADE-F0C5FB1006C4}] => (Block) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{61C3FE30-69BA-4FE0-AFF4-A17B923F8C2A}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{5CC04526-2F8B-4FA7-A77E-9A5801B3A3A3}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{3E12A13B-E544-4FCD-90B5-B711B34435AA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7E758B92-90B3-4AB3-B6F8-1F552640E47C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7452C170-2E01-434D-ABD2-463D12A75C82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DFDBFC09-0B97-4318-9435-47B311EB198A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5A8E6DD-0F69-4695-AAB9-0F4038F5E2F9}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{EDCF9443-1BBD-4478-AFBB-3B229F3FDA56}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{DF765507-946B-4DE8-BEA2-2BA562CBADD1}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{1D1A38E2-2390-47B2-A906-430C23648210}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{18DDC92A-D9D3-40AE-9A99-AAD3B91472C6}] => (Allow) C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe
FirewallRules: [{40C8CF68-71F9-42CC-8B3E-8019A4DF677D}] => (Allow) C:\Program Files (x86)\TELUS\TELUS security advisor\ServicepointService.exe
FirewallRules: [{351861F3-3379-494A-AFF4-F69F0DF4A182}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{097B0F34-D9B9-41D9-89A0-A7FAD400B2B4}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{8234CB96-F0C9-4C33-B02D-F4754FD2B766}] => (Allow) c:\users\jbutler\appdata\roaming\allmyapps\allmyapps.exe
FirewallRules: [{894A9A89-B5DF-40AE-A4DF-EA0BC58F04E2}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{EE25172D-EC22-464D-ADA2-F4DA89B9074D}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{10423B55-CF7D-4ED0-BBB3-0417C8311405}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
FirewallRules: [{AB553565-1E17-4D18-A7E7-EBEFAB565EC9}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
FirewallRules: [TCP Query User{D664876B-8CA0-4640-9F0A-8AF767EEE013}C:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{805B0B07-CB10-4052-B1BE-5E17E4CB32A6}C:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jbutler\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{B3F53259-CD56-48CB-A045-6A3137B7B660}C:\users\jbutler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\jbutler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{E207F3C7-5CE7-4B83-93E2-37AF0E22E576}C:\users\jbutler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\jbutler\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{8D28E559-4463-4654-B05B-84D89415B5D8}C:\users\jbutler\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\jbutler\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{565D6609-C2F4-4272-8307-D201949A6A12}C:\users\jbutler\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\jbutler\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [{303BB543-FB5A-450D-96F6-48B23DAD6A47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AE1B6A92-99D9-4A07-A12F-09D9140A3B1E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{40CD332C-CA79-49C7-B043-0055840EEE1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A5BB1022-8486-4249-951A-FFA314D3D9A2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0BC130D-3D11-46D4-9008-216797D30948}] => (Allow) C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4E24283D-F8BB-4690-84E4-9AD775A20B59}] => (Allow) C:\Users\JButler\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{FA5AD1B6-84DA-47F8-B4EC-0AD195A996B3}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [UDP Query User{2CF6DD1E-A946-4FF6-9453-88FB3A81C254}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{B2453638-37C5-4D6C-808C-EFAAAD1A45EF}] => (Allow) C:\Users\JButler\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{9D936E3D-427C-40C4-A3C4-918B135C6B5E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C5847BEC-72CD-4ABD-B568-23935A4872B5}] => (Allow) LPort=2869
FirewallRules: [{54EB54DE-AF1C-42E0-98A8-402BCE2CE5AE}] => (Allow) LPort=1900
FirewallRules: [{05FDD273-04E2-4254-824B-1A1A2BEC1B1F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{808CA976-56C1-4BDC-8608-23D0322FB37C}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [UDP Query User{5AFE3CCE-B0D4-46D1-A704-C0B03B3F6CCE}C:\program files (x86)\xbmc\xbmc.exe] => (Allow) C:\program files (x86)\xbmc\xbmc.exe
FirewallRules: [{EAA4C18E-FF9E-45C7-BACE-4A2183D941E4}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{1758033F-747C-4273-8F59-AA099C23FF11}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{8C398438-E510-4C6B-AAA1-FBE3C0AC2199}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\bin\FaxApplications.exe
FirewallRules: [{C0D615E5-F11F-44E1-A1A2-65DDD3C79898}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\bin\DigitalWizards.exe
FirewallRules: [{4DDF382C-2541-4BED-A8B8-77C09C762C1B}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\bin\SendAFax.exe
FirewallRules: [{B007FD2E-000A-4FDF-B908-6B02CF9E5AAA}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\DeviceSetup.exe
FirewallRules: [{E29A31BA-94E4-400E-A5EB-DF578DE7686C}] => (Allow) LPort=5357
FirewallRules: [{6035340E-289E-42FD-AF3A-E4D455071F93}] => (Allow) C:\Program Files\HP\HP Officejet Pro X476dw MFP\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{4FC1E9F0-4EFB-4F22-99D1-CCD30CD7E404}C:\users\jbutler\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jbutler\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{09BA0549-246A-4FCA-868E-81E5AD10CD77}C:\users\jbutler\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\jbutler\appdata\local\akamai\netsession_win.exe
FirewallRules: [{58EDA83C-4734-49C1-8643-47B638781279}] => (Block) C:\users\jbutler\appdata\local\akamai\netsession_win.exe
FirewallRules: [{E9B536EA-2C35-474A-96EE-4C0C44C3276D}] => (Block) C:\users\jbutler\appdata\local\akamai\netsession_win.exe
FirewallRules: [{E2333097-495F-4142-855B-A8110785CE77}] => (Allow) LPort=50248
FirewallRules: [{B78715E0-C55A-46A6-AEC9-C69282087843}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{7ED169C8-1ED3-4D1F-A482-F78EF2B445CE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{D873E428-03C9-4F8F-A2B4-46535A8D03A3}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{F1300B25-94A9-4CC9-B80D-5335897880B9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{CDA68E17-51D7-40DE-B491-7924526FEA9B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{F04D2505-6E43-46BB-92B1-53D465BB2799}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{A3BFCAD9-AB6E-48C1-A54A-081652ECB556}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
FirewallRules: [{E2B2A5E8-55A2-466C-AD9B-B35AB776C6FB}] => (Allow) C:\Program Files (x86)\iolo\System Mechanic Professional\SysMech.exe
FirewallRules: [{31566EDC-F94F-4092-9540-9EE1C2D632E2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{4E60A968-BB00-44E8-A77E-5A0CE39C2630}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{4FCC11DE-615B-4E80-8A52-3F9A804D2FB0}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{52F368B3-520F-4ACF-9AA0-5B9C80611566}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{F71C86A1-5914-41DD-9055-6B99AD5BBC30}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{AC30DD3E-7CD8-441D-BCC4-CE81ADD30FEE}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{86A3BBBD-7002-4515-90EF-50C5D8D921AE}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{306464D5-FEF8-48D9-BE48-60B622728444}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{00897D3F-0C59-44F2-8A54-A3A975CD20B1}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{49940FCC-A7D7-428B-A88A-030AF883BBAA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E47EB17F-E38F-4DD8-BB8D-41199A48066C}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{380A8686-DC2A-49B4-864F-65DE5E42EAAF}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{5A32EC2E-76C8-4365-BF30-29F418CAF16C}] => (Allow) C:\Program Files (x86)\Nero\KM\MediaHome.exe
FirewallRules: [{4BCC47FC-7731-4F6E-B288-42476BF680EC}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{F4B9B381-7FBE-4925-A2A7-860C76BEB984}] => (Allow) C:\Users\JButler\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{1325C87E-98AC-4583-BB63-581C47327D5B}] => (Allow) C:\Users\JButler\AppData\Local\Temp\MPCOnline\MPCDownload.exe
 
==================== Restore Points =========================
 
29-08-2016 00:25:17 Installed Sophos Virus Removal Tool.
29-08-2016 20:42:28 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/30/2016 04:14:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Connect.Service.ContentService.exe, version: 20.1.49.0, time stamp: 0x54d43c57
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ff8839fd1ed
Faulting process id: 0x23ac
Faulting application start time: 0x01d2030be22db4bc
Faulting application path: C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
Faulting module path: unknown
Report Id: 10f94344-6441-44aa-a076-3b60a722b208
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/30/2016 04:14:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Connect.Service.ContentService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at System.Data.SqlServerCe.SqlCeException.ToString()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
 
Error: (08/30/2016 04:14:32 PM) (Source: Autodesk Content Service) (EventID: 0) (User: )
Description: UNHANDLED EXCEPTION.  Process is terminating: True.
 EXCEPTION: System.NullReferenceException: Object reference not set to an instance of an object.
   at System.Data.SqlServerCe.SqlCeException.ToString()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
 
Error: (08/30/2016 04:14:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Connect.Service.ContentService.exe, version: 20.1.49.0, time stamp: 0x54d43c57
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ff8839fd1ed
Faulting process id: 0x508
Faulting application start time: 0x01d2030bdad3e4d6
Faulting application path: C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
Faulting module path: unknown
Report Id: 11449f3e-423b-440e-a0c9-152ea4869813
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/30/2016 04:14:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Connect.Service.ContentService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at System.Data.SqlServerCe.SqlCeException.ToString()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
 
Error: (08/30/2016 04:14:20 PM) (Source: Autodesk Content Service) (EventID: 0) (User: )
Description: UNHANDLED EXCEPTION.  Process is terminating: True.
 EXCEPTION: System.NullReferenceException: Object reference not set to an instance of an object.
   at System.Data.SqlServerCe.SqlCeException.ToString()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
 
Error: (08/30/2016 04:14:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Connect.Service.ContentService.exe, version: 20.1.49.0, time stamp: 0x54d43c57
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ff8839dd1ed
Faulting process id: 0x4b8
Faulting application start time: 0x01d2030bd38863c5
Faulting application path: C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
Faulting module path: unknown
Report Id: 1b178f9d-d57b-4923-b2d1-4692ef8d15e1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (08/30/2016 04:14:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Connect.Service.ContentService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.NullReferenceException
   at System.Data.SqlServerCe.SqlCeException.ToString()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
 
Error: (08/30/2016 04:14:08 PM) (Source: Autodesk Content Service) (EventID: 0) (User: )
Description: UNHANDLED EXCEPTION.  Process is terminating: True.
 EXCEPTION: System.NullReferenceException: Object reference not set to an instance of an object.
   at System.Data.SqlServerCe.SqlCeException.ToString()
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
 
Error: (08/30/2016 04:13:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Connect.Service.ContentService.exe, version: 20.1.49.0, time stamp: 0x54d43c57
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00007ff8839ed1ed
Faulting process id: 0x2244
Faulting application start time: 0x01d2030bcc3e874c
Faulting application path: C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
Faulting module path: unknown
Report Id: ff4a0d98-a02b-4e5a-8fa1-bcc39e312621
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (08/30/2016 04:19:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HPWMISVC service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/30/2016 04:19:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HPWMISVC service to connect.
 
Error: (08/30/2016 04:19:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Autodesk Content Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/30/2016 04:19:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.
 
Error: (08/30/2016 04:18:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (08/30/2016 04:18:33 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126
 
Error: (08/30/2016 04:18:00 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
Error: (08/30/2016 04:18:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:05:00 PM on ‎8/‎30/‎2016 was unexpected.
 
Error: (08/30/2016 04:14:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Autodesk Content Service service terminated unexpectedly.  It has done this 32 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/30/2016 04:13:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Autodesk Content Service service terminated unexpectedly.  It has done this 31 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-11 11:42:34.497
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-09 20:01:16.319
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-14 20:37:43.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-07-13 03:40:54.563
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-16 23:35:36.040
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-15 20:24:57.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-06-15 20:21:08.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-27 18:38:39.276
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-13 20:33:37.761
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-05-13 16:23:26.112
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-3400M APU with Radeon™ HD Graphics
Percentage of memory in use: 42%
Total physical RAM: 5610.9 MB
Available physical RAM: 3217.73 MB
Total Virtual: 11242.9 MB
Available Virtual: 8752.96 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:682.79 GB) (Free:417.94 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.55 GB) (Free:1.64 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: A626DF5C)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=682.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End of Addition.txt ============================

  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

A few items to fix,

Download the enclosed => Attached File  fixlist.txt   338bytes   116 downloads Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.
  • 0

#14
Triskelion

Triskelion

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 663 posts

Here you go!!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-08-2016
Ran by JButler (30-08-2016 18:04:32) Run:4
Running from C:\Users\JButler\Desktop
Loaded Profiles: JButler (Available Profiles: JButler & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
C:\ProgramData\sysqcl1129139270.dat
C:\Windows\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D}.job
Task: {5FC50BBF-C91E-4D98-A69B-22386376CDA5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D}.job => 
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
C:\ProgramData\sysqcl1129139270.dat => moved successfully
C:\Windows\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D}.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FC50BBF-C91E-4D98-A69B-22386376CDA5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FC50BBF-C91E-4D98-A69B-22386376CDA5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
C:\WINDOWS\Tasks\{786D521F-9AFE-58B1-0879-0AAE95A6378D}.job => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9615782 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 74816 B
Edge => 0 B
Chrome => 40101373 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 46856 B
NetworkService => 0 B
JButler => 52947 B
DefaultAppPool => 0 B
 
RecycleBin => 175130 B
EmptyTemp: => 47.8 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:05:02 ====

  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Your logs are clean. If there are no further issues we can remove the tools and close the topic.


The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.



Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP