Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Mom n Dad (administrator) on MOMNDAD-PC (12-09-2016 13:38:39)
Running from C:\Users\Mom n Dad\Downloads
Loaded Profiles: Mom n Dad (Available Profiles: Mom n Dad & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Pantech) C:\Program Files (x86)\NCMC\EUDL\UTM\PantechUTM.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
(Google Inc.) C:\Users\Mom n Dad\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Mindspark) C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\AppIntegrator64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
(Farbar) C:\Users\Mom n Dad\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [Corel Update Helper] => c:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\pua.exe [2012104 2015-11-28] (Corel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-11-29] (RealNetworks, Inc.)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1885088 2012-02-23] (Affinegy, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [HomeworkSimplified AppIntegrator 32-bit] => C:\PROGRA~2\HOMEWO~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [HomeworkSimplified AppIntegrator 64-bit] => C:\PROGRA~2\HOMEWO~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [EasyMailLogin EPM Support] => C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\dimedint.exe [12824 2015-07-13] (Mindspark)
HKLM-x32\...\Run: [EasyMailLogin AppIntegrator 32-bit] => C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\APPINTEGRATOR.EXE [230424 2015-07-13] (Mindspark)
HKLM-x32\...\Run: [EasyMailLogin AppIntegrator 64-bit] => C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\AppIntegrator64.exe [265752 2015-07-13] (Mindspark)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [5673824 2014-10-01] (PC Drivers Headquarters)
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\Run: [Google Update] => C:\Users\Mom n Dad\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-07-15] (Google Inc.)
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\Run: [Chromium] => c:\users\mom n dad\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\Run: [GoogleChromeAutoLaunch_EDEAD0EEDAACD124313EA82B8625168E] => C:\Users\Mom n Dad\AppData\Local\Chromium\Application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\RunOnce: [Uninstall C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\RunOnce: [Uninstall C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\RunOnce: [Uninstall C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\MountPoints2: {5d3af21f-6686-11e6-8d98-ed656eb76b56} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\MountPoints2: {5d3af332-6686-11e6-8d98-ed656eb76b56} - "E:\HTC_Sync_Manager_PC.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:13101
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1185df9b-6f1d-4fef-88ab-b9873ef8a071}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{285d4a35-be8b-4254-975d-0a0a65203b73}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
URLSearchHook: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 - (No Name) - {f78d8db4-444a-4a47-bec1-32164fe6b224} - C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\diSrcAs.dll (Mindspark)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {0D9AF04D-D70D-4AF8-A51B-CADA5C050768} URL = hxxps://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {67A88121-0959-44EB-B659-E80911541B35} URL = hxxps://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-08-27] (Microsoft Corporation)
BHO-x32: Toolbar BHO -> {2be98f70-2202-4f66-886c-c56f85bc28ce} -> C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\dibar.dll [2015-07-13] (Mindspark)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Search Assistant BHO -> {38c497c4-02cd-47d8-b69a-0658bdcc505c} -> C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\diSrcAs.dll [2015-07-13] (Mindspark)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-04] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-04] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM-x32 - EasyMailLogin - {99d36030-fbbc-4f19-a436-3911134193db} - C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\dibar.dll [2015-07-13] (Mindspark)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-08-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-11-29] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1399685641-2452391960-3966799618-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Plugin HKU\S-1-5-21-1399685641-2452391960-3966799618-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Mom n Dad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1399685641-2452391960-3966799618-1001: @talk.google.com/O1DPlugin -> C:\Users\Mom n Dad\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1399685641-2452391960-3966799618-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1399685641-2452391960-3966799618-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mom n Dad\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Mom n Dad\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-24]
CHR Extension: (Google Docs) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-24]
CHR Extension: (Google Drive) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-22]
CHR Extension: (YouTube) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-22]
CHR Extension: (Google Sheets) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-24]
CHR Extension: (Google Docs Offline) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
CHR Extension: (RealDownloader) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-24]
CHR Extension: (Gmail) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-24]
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2981056 2016-08-11] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S2 Pantech UTM Service; C:\Program Files (x86)\NCMC\EUDL\UTM\PantechService.exe [65536 2011-05-20] (TODO: <Company name>) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2011-11-29] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4341424 2016-01-19] (Qualcomm Atheros Communications, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation)
S1 gwrvpwes; C:\WINDOWS\system32\drivers\gwrvpwes.sys [55168 2016-09-12] (Microsoft Corporation)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S2 sxuptp; C:\Windows\System32\drivers\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 {10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64; C:\Windows\System32\drivers\{10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64.sys [48832 2014-11-06] (StdLib)
R1 {255a824a-3cde-4dee-9785-284605606456}Gw64; C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}Gw64.sys [48832 2014-10-28] (StdLib)
R1 {3cac76e7-8310-45ea-8277-96d048a78c60}Gw64; C:\Windows\System32\drivers\{3cac76e7-8310-45ea-8277-96d048a78c60}Gw64.sys [48784 2014-11-27] (StdLib)
R1 {4530e639-76ab-4435-889d-a5e81ae090a4}Gw64; C:\Windows\System32\drivers\{4530e639-76ab-4435-889d-a5e81ae090a4}Gw64.sys [48784 2014-10-20] (StdLib)
R1 {46a147d8-5171-42d8-b8a8-6a187525781d}Gw64; C:\Windows\System32\drivers\{46a147d8-5171-42d8-b8a8-6a187525781d}Gw64.sys [48784 2014-10-15] (StdLib)
R1 {51b9c91c-8e38-40ae-80de-58a590512b6b}Gw64; C:\Windows\System32\drivers\{51b9c91c-8e38-40ae-80de-58a590512b6b}Gw64.sys [48832 2014-11-10] (StdLib)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [61072 2014-07-24] (StdLib)
R1 {67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64; C:\Windows\System32\drivers\{67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64.sys [48784 2014-10-20] (StdLib)
R1 {6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64; C:\Windows\System32\drivers\{6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64.sys [48784 2014-10-19] (StdLib)
R1 {733fb217-c049-41ba-9504-3f2045e61977}Gw64; C:\Windows\System32\drivers\{733fb217-c049-41ba-9504-3f2045e61977}Gw64.sys [48784 2014-10-21] (StdLib)
R1 {94d62e35-4b43-494c-bf52-ba5935df36ef}Gw64; C:\Windows\System32\drivers\{94d62e35-4b43-494c-bf52-ba5935df36ef}Gw64.sys [48784 2014-12-01] (StdLib)
R1 {94d62e35-4b43-494c-bf52-ba5935df36ef}w64; C:\Windows\System32\drivers\{94d62e35-4b43-494c-bf52-ba5935df36ef}w64.sys [48784 2015-01-13] (StdLib)
R1 {9d5747ee-0448-4681-8337-1555de75a3b6}w64; C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w64.sys [61120 2014-06-16] (StdLib)
R1 {b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64; C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys [48784 2014-10-25] (StdLib)
R1 {b59efc84-8479-4faa-b02a-e5c7e85c7926}Gw64; C:\Windows\System32\drivers\{b59efc84-8479-4faa-b02a-e5c7e85c7926}Gw64.sys [48784 2014-11-26] (StdLib)
R1 {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64; C:\Windows\System32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys [48784 2014-10-05] (StdLib)
R1 {d428f5a9-a362-4938-a8b7-f0abd920078b}Gw64; C:\Windows\System32\drivers\{d428f5a9-a362-4938-a8b7-f0abd920078b}Gw64.sys [48784 2014-12-01] (StdLib)
R1 {d997fcb4-42b4-4f84-a147-2e498567c954}Gw64; C:\Windows\System32\drivers\{d997fcb4-42b4-4f84-a147-2e498567c954}Gw64.sys [48784 2014-11-28] (StdLib)
R1 {dc592624-f532-4311-9fc7-6920126fc404}Gw64; C:\Windows\System32\drivers\{dc592624-f532-4311-9fc7-6920126fc404}Gw64.sys [48784 2014-10-22] (StdLib)
R1 {f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64; C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys [48784 2014-10-22] (StdLib)
R1 {f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64; C:\Windows\System32\drivers\{f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64.sys [48832 2014-11-03] (StdLib)
R1 {fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64; C:\Windows\System32\drivers\{fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64.sys [48832 2014-10-31] (StdLib)
S1 ajcqhycc; \??\C:\WINDOWS\system32\drivers\ajcqhycc.sys [X]
U3 idsvc; no ImagePath
U5 REALPLAYERUPDATESVC; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-12 13:38 - 2016-09-12 13:39 - 00029884 _____ C:\Users\Mom n Dad\Downloads\FRST.txt
2016-09-12 13:37 - 2016-09-12 13:37 - 02397696 _____ (Farbar) C:\Users\Mom n Dad\Downloads\FRST64 (1).exe
2016-09-12 13:27 - 2016-09-12 13:38 - 00000000 ____D C:\FRST
2016-09-12 13:25 - 2016-09-12 13:25 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gwrvpwes.sys
2016-09-12 13:09 - 2016-09-12 13:10 - 03826240 _____ C:\Users\Mom n Dad\Downloads\adwcleaner_6.010.exe
2016-09-07 20:42 - 2016-09-07 20:42 - 00001273 _____ C:\Users\Mom n Dad\Desktop\Continue Flash Player Pro Installation.lnk
2016-09-06 22:12 - 2016-09-06 22:37 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\PlutoTV
2016-09-06 22:07 - 2016-09-06 22:07 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\IsolatedStorage
2016-09-06 22:06 - 2016-09-06 22:06 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\CEF
2016-09-06 22:05 - 2016-09-06 22:38 - 00000000 ____D C:\Program Files\COMODO
2016-09-06 22:05 - 2016-09-06 22:10 - 00000000 ____D C:\ProgramData\COMODO
2016-09-06 22:03 - 2016-09-06 22:04 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\Setup548490453
2016-09-06 22:03 - 2016-09-06 22:04 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\sano
2016-09-06 14:56 - 2016-09-06 14:56 - 00001936 _____ C:\Users\Mom n Dad\Desktop\Dawn.lnk
2016-09-06 11:59 - 2016-09-06 12:09 - 00000000 ____D C:\Users\Mom n Dad\Mail_20160906
2016-09-05 17:37 - 2016-09-05 17:37 - 04016517 _____ C:\Users\Mom n Dad\Downloads\F9 FIS Packet.pdf
2016-09-03 11:23 - 2016-09-03 11:23 - 00000000 ____D C:\ProgramData\Roblox
2016-09-03 11:22 - 2016-09-03 11:22 - 00000000 ____D C:\Program Files (x86)\Roblox
2016-08-31 10:12 - 2016-08-31 10:12 - 00000000 _____ C:\Users\Mom n Dad\Desktop\refresh (1) - Shortcut.lnk
2016-08-23 14:07 - 2016-08-23 14:07 - 00003348 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-23 14:05 - 2016-08-23 14:05 - 00000000 ____D C:\Users\Mom n Dad\AppData\Roaming\Skype
2016-08-22 23:27 - 2016-08-22 23:27 - 00001940 _____ C:\Users\Mom n Dad\Desktop\rFactor.lnk
2016-08-22 23:24 - 2016-08-22 23:24 - 00000000 ____D C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor
2016-08-22 23:23 - 2016-08-22 23:26 - 00000000 ____D C:\Program Files (x86)\rFactor
2016-08-22 23:10 - 2016-08-22 23:10 - 00000000 ____D C:\Users\Mom n Dad\AppData\Roaming\YourUpdater
2016-08-22 23:08 - 2016-09-07 10:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-08-22 23:08 - 2016-08-23 12:20 - 00000000 ____D C:\Program Files (x86)\SoftwareUpd
2016-08-22 23:08 - 2016-08-22 23:08 - 00000000 ____D C:\Program Files (x86)\SafeSavings
2016-08-22 23:08 - 2016-08-22 23:08 - 00000000 ____D C:\Program Files (x86)\PC_Support
2016-08-22 23:07 - 2016-08-22 23:07 - 00000003 _____ C:\Users\Mom n Dad\Desktop\2.txt
2016-08-22 23:07 - 2016-08-22 23:07 - 00000003 _____ C:\Users\Mom n Dad\Desktop\1.txt
2016-08-20 10:52 - 2016-08-20 10:52 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\oneClickRoot
2016-08-20 10:52 - 2016-08-20 10:52 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\AWSToolkit
2016-08-20 10:52 - 2016-08-20 10:52 - 00000000 ____D C:\Users\Mom n Dad\.android
2016-08-20 10:52 - 2016-08-20 10:52 - 00000000 ____D C:\Program Files (x86)\One Click Root
2016-08-20 10:51 - 2016-08-20 10:51 - 00000000 ____D C:\Users\Mom n Dad\AppData\Roaming\One Click Root
2016-08-16 03:18 - 2016-08-16 03:18 - 00159936 _____ (MBB) C:\WINDOWS\system32\Drivers\usb2ser.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-12 13:39 - 2014-04-18 05:52 - 00000368 _____ C:\WINDOWS\Tasks\CIMT_S-1-5-21-1399685641-2452391960-3966799618-1001.job
2016-09-12 13:39 - 2012-04-29 00:54 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-12 13:38 - 2012-09-22 21:23 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\Nero
2016-09-12 13:37 - 2012-04-29 01:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-09-12 13:30 - 2016-07-26 10:17 - 00000000 ____D C:\Users\Mom n Dad\Desktop\Mail_20160726
2016-09-12 13:25 - 2016-01-22 05:01 - 01021998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-12 13:25 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-12 13:20 - 2013-11-29 19:38 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-12 13:18 - 2015-07-30 07:33 - 00000946 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1399685641-2452391960-3966799618-1001UA.job
2016-09-12 13:17 - 2016-01-22 05:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-12 13:17 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-09-12 13:16 - 2016-01-22 05:02 - 00000000 ____D C:\Users\Mom n Dad
2016-09-12 13:15 - 2014-06-22 11:58 - 00000000 ____D C:\AdwCleaner
2016-09-12 13:14 - 2012-10-16 13:43 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-09-12 13:13 - 2014-03-22 20:20 - 00000000 ____D C:\Users\Mom n Dad\AppData\LocalLow\Yahoo!
2016-09-12 13:13 - 2012-10-16 13:48 - 00000000 ____D C:\Users\Mom n Dad\AppData\Roaming\Yahoo!
2016-09-12 12:48 - 2013-11-29 19:38 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-12 09:09 - 2012-09-22 21:52 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7A768056-8E95-406D-9C2A-AB86A5C81525}
2016-09-12 08:27 - 2016-02-03 02:27 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\CrashDumps
2016-09-12 02:47 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-11 15:18 - 2015-09-18 17:52 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1399685641-2452391960-3966799618-1001Core.job
2016-09-10 07:12 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-07 21:09 - 2016-02-08 13:06 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\FlickrUploadrWindows
2016-09-07 19:28 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-07 12:04 - 2012-09-23 12:09 - 00000000 ____D C:\ProgramData\PCDr
2016-09-07 11:04 - 2014-06-22 13:32 - 00000233 _____ C:\Users\Mom n Dad\AppData\Roaming\WB.CFG
2016-09-06 22:03 - 2014-10-07 03:38 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-09-06 12:34 - 2016-05-11 21:46 - 00000000 ____D C:\Users\Mom n Dad\Documents\Outlook Files
2016-09-06 11:45 - 2016-01-22 05:01 - 01035958 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-09-03 17:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-03 17:33 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-03 11:41 - 2016-05-06 20:11 - 00000000 ____D C:\Users\Mom n Dad\AppData\LocalLow\RbxLogs
2016-09-03 11:23 - 2016-05-06 20:11 - 00000244 _____ C:\Users\Mom n Dad\AppData\LocalLow\rbxcsettings.rbx
2016-09-02 11:00 - 2012-11-04 19:46 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-08-31 13:40 - 2014-08-14 19:15 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\Packages
2016-08-31 13:23 - 2013-03-03 12:16 - 00000048 _____ C:\Users\Mom n Dad\jagex_cl_oldschool_LIVE.dat
2016-08-30 08:43 - 2012-10-07 14:56 - 00000000 _____ C:\Users\Mom n Dad\Desktop\Games - Shortcut.lnk
2016-08-29 09:29 - 2016-06-01 11:30 - 00000000 _____ C:\Users\Mom n Dad\Desktop\Person 1 - Chromium.lnk
2016-08-29 05:45 - 2016-07-13 12:43 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-27 00:27 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-24 21:08 - 2014-07-24 17:23 - 00000000 ____D C:\Users\Mom n Dad\Downloads\Driver Support
2016-08-23 14:07 - 2015-11-12 09:48 - 00002423 _____ C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-23 14:07 - 2015-11-12 09:48 - 00000000 ___RD C:\Users\Mom n Dad\OneDrive
2016-08-23 12:21 - 2016-01-22 04:54 - 00366152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-18 08:59 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-17 14:23 - 2015-09-10 00:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-17 14:13 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-17 14:13 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
==================== Files in the root of some directories =======
2003-03-18 22:20 - 2003-03-18 22:20 - 1060864 _____ (Microsoft Corporation) C:\Program Files (x86)\mfc71.dll
2003-03-18 21:44 - 2003-03-18 21:44 - 0040960 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71CHS.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0045056 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71CHT.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0065536 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71DEU.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0057344 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71ENU.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0061440 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71ESP.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0061440 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71FRA.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0061440 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71ITA.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0049152 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71JPN.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0049152 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71KOR.DLL
2003-03-18 22:12 - 2003-03-18 22:12 - 1047552 _____ (Microsoft Corporation) C:\Program Files (x86)\mfc71u.dll
2016-06-10 13:17 - 2016-06-10 13:17 - 2049556 _____ () C:\Users\Mom n Dad\AppData\Roaming\sb359.dat
2016-06-10 13:17 - 2016-06-10 13:17 - 0253952 _____ () C:\Users\Mom n Dad\AppData\Roaming\Setup47968.exe
2014-06-22 13:32 - 2016-09-07 11:04 - 0000233 _____ () C:\Users\Mom n Dad\AppData\Roaming\WB.CFG
2015-01-04 20:58 - 2015-01-04 20:58 - 0000010 _____ () C:\Users\Mom n Dad\AppData\Local\DSI.DAT
2015-01-04 20:58 - 2015-01-04 20:58 - 0022528 _____ () C:\Users\Mom n Dad\AppData\Local\dsisetup2094711532.exe
2014-07-19 12:16 - 2014-07-19 12:16 - 0000017 _____ () C:\Users\Mom n Dad\AppData\Local\resmon.resmoncfg
2015-12-19 17:32 - 2015-12-19 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{0698FE7B-E414-4BB9-8209-FEAB7FB84A34}
2015-12-26 17:32 - 2015-12-26 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{4F9E012A-B0F7-4988-8C86-80C15AFAC133}
2015-12-20 17:32 - 2015-12-20 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{5B0B5687-B085-47B9-9266-0AC8894FBC48}
2015-12-25 17:32 - 2015-12-25 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{6BCFBDB5-13CA-4BA0-9D52-F5DED8CDCCAB}
2015-12-24 17:32 - 2015-12-24 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{7C950353-CCB5-4619-BEC1-845D41D0A3EE}
2015-12-22 17:32 - 2015-12-22 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{99ADE811-4040-48CB-AB88-B99011B5366C}
2015-12-23 17:32 - 2015-12-23 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{9CD32FAC-56F8-47B0-8929-2100E8BE3501}
2015-12-21 17:32 - 2015-12-21 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{DB925C31-3D0E-4629-B67A-C92960EF44E9}
2013-01-11 22:55 - 2013-01-11 22:55 - 0000069 _____ () C:\ProgramData\dsgsdgdsgdsgw.bat
2013-01-11 22:55 - 2013-01-11 22:55 - 0000159 _____ () C:\ProgramData\dsgsdgdsgdsgw.reg
2015-09-19 13:39 - 2015-09-19 13:39 - 5133208 _____ (© PC Cleaners Inc) C:\ProgramData\pclunst.exe
Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.bat
C:\ProgramData\dsgsdgdsgdsgw.reg
C:\ProgramData\pclunst.exe
Some files in TEMP:
====================
C:\Users\Mom n Dad\AppData\Local\Temp\CorrLinks.exe
C:\Users\Mom n Dad\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Mom n Dad\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Mom n Dad\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Mom n Dad\AppData\Local\Temp\ICReinstall_FlashPlayerPro (2).exe
C:\Users\Mom n Dad\AppData\Local\Temp\ICReinstall_FlashPlayerPro.exe
C:\Users\Mom n Dad\AppData\Local\Temp\libeay32.dll
C:\Users\Mom n Dad\AppData\Local\Temp\lowproc.exe
C:\Users\Mom n Dad\AppData\Local\Temp\msvcr120.dll
C:\Users\Mom n Dad\AppData\Local\Temp\pspx8.0_cnet.exe
C:\Users\Mom n Dad\AppData\Local\Temp\sqlite3.dll
C:\Users\Mom n Dad\AppData\Local\Temp\stubhelper.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-09-05 20:03
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Mom n Dad (administrator) on MOMNDAD-PC (12-09-2016 13:38:39)
Running from C:\Users\Mom n Dad\Downloads
Loaded Profiles: Mom n Dad (Available Profiles: Mom n Dad & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Pantech) C:\Program Files (x86)\NCMC\EUDL\UTM\PantechUTM.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
(Google Inc.) C:\Users\Mom n Dad\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Mindspark) C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\AppIntegrator64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
(Farbar) C:\Users\Mom n Dad\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [Corel Update Helper] => c:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\pua.exe [2012104 2015-11-28] (Corel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-11-29] (RealNetworks, Inc.)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1885088 2012-02-23] (Affinegy, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [HomeworkSimplified AppIntegrator 32-bit] => C:\PROGRA~2\HOMEWO~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [HomeworkSimplified AppIntegrator 64-bit] => C:\PROGRA~2\HOMEWO~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [EasyMailLogin EPM Support] => C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\dimedint.exe [12824 2015-07-13] (Mindspark)
HKLM-x32\...\Run: [EasyMailLogin AppIntegrator 32-bit] => C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\APPINTEGRATOR.EXE [230424 2015-07-13] (Mindspark)
HKLM-x32\...\Run: [EasyMailLogin AppIntegrator 64-bit] => C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\AppIntegrator64.exe [265752 2015-07-13] (Mindspark)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [5673824 2014-10-01] (PC Drivers Headquarters)
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\Run: [Google Update] => C:\Users\Mom n Dad\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-07-15] (Google Inc.)
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\Run: [Chromium] => c:\users\mom n dad\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\Run: [GoogleChromeAutoLaunch_EDEAD0EEDAACD124313EA82B8625168E] => C:\Users\Mom n Dad\AppData\Local\Chromium\Application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\RunOnce: [Uninstall C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\RunOnce: [Uninstall C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\RunOnce: [Uninstall C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\MountPoints2: {5d3af21f-6686-11e6-8d98-ed656eb76b56} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\MountPoints2: {5d3af332-6686-11e6-8d98-ed656eb76b56} - "E:\HTC_Sync_Manager_PC.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:13101
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1185df9b-6f1d-4fef-88ab-b9873ef8a071}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{285d4a35-be8b-4254-975d-0a0a65203b73}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
URLSearchHook: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 - (No Name) - {f78d8db4-444a-4a47-bec1-32164fe6b224} - C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\diSrcAs.dll (Mindspark)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {0D9AF04D-D70D-4AF8-A51B-CADA5C050768} URL = hxxps://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {67A88121-0959-44EB-B659-E80911541B35} URL = hxxps://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-08-27] (Microsoft Corporation)
BHO-x32: Toolbar BHO -> {2be98f70-2202-4f66-886c-c56f85bc28ce} -> C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\dibar.dll [2015-07-13] (Mindspark)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Search Assistant BHO -> {38c497c4-02cd-47d8-b69a-0658bdcc505c} -> C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\diSrcAs.dll [2015-07-13] (Mindspark)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-04] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-04] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM-x32 - EasyMailLogin - {99d36030-fbbc-4f19-a436-3911134193db} - C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\dibar.dll [2015-07-13] (Mindspark)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-08-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-11-29] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1399685641-2452391960-3966799618-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Plugin HKU\S-1-5-21-1399685641-2452391960-3966799618-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Mom n Dad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1399685641-2452391960-3966799618-1001: @talk.google.com/O1DPlugin -> C:\Users\Mom n Dad\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1399685641-2452391960-3966799618-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1399685641-2452391960-3966799618-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mom n Dad\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Mom n Dad\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-24]
CHR Extension: (Google Docs) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-24]
CHR Extension: (Google Drive) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-22]
CHR Extension: (YouTube) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-22]
CHR Extension: (Google Sheets) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-24]
CHR Extension: (Google Docs Offline) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
CHR Extension: (RealDownloader) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-24]
CHR Extension: (Gmail) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-24]
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2981056 2016-08-11] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S2 Pantech UTM Service; C:\Program Files (x86)\NCMC\EUDL\UTM\PantechService.exe [65536 2011-05-20] (TODO: <Company name>) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2011-11-29] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4341424 2016-01-19] (Qualcomm Atheros Communications, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation)
S1 gwrvpwes; C:\WINDOWS\system32\drivers\gwrvpwes.sys [55168 2016-09-12] (Microsoft Corporation)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S2 sxuptp; C:\Windows\System32\drivers\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 {10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64; C:\Windows\System32\drivers\{10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64.sys [48832 2014-11-06] (StdLib)
R1 {255a824a-3cde-4dee-9785-284605606456}Gw64; C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}Gw64.sys [48832 2014-10-28] (StdLib)
R1 {3cac76e7-8310-45ea-8277-96d048a78c60}Gw64; C:\Windows\System32\drivers\{3cac76e7-8310-45ea-8277-96d048a78c60}Gw64.sys [48784 2014-11-27] (StdLib)
R1 {4530e639-76ab-4435-889d-a5e81ae090a4}Gw64; C:\Windows\System32\drivers\{4530e639-76ab-4435-889d-a5e81ae090a4}Gw64.sys [48784 2014-10-20] (StdLib)
R1 {46a147d8-5171-42d8-b8a8-6a187525781d}Gw64; C:\Windows\System32\drivers\{46a147d8-5171-42d8-b8a8-6a187525781d}Gw64.sys [48784 2014-10-15] (StdLib)
R1 {51b9c91c-8e38-40ae-80de-58a590512b6b}Gw64; C:\Windows\System32\drivers\{51b9c91c-8e38-40ae-80de-58a590512b6b}Gw64.sys [48832 2014-11-10] (StdLib)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [61072 2014-07-24] (StdLib)
R1 {67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64; C:\Windows\System32\drivers\{67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64.sys [48784 2014-10-20] (StdLib)
R1 {6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64; C:\Windows\System32\drivers\{6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64.sys [48784 2014-10-19] (StdLib)
R1 {733fb217-c049-41ba-9504-3f2045e61977}Gw64; C:\Windows\System32\drivers\{733fb217-c049-41ba-9504-3f2045e61977}Gw64.sys [48784 2014-10-21] (StdLib)
R1 {94d62e35-4b43-494c-bf52-ba5935df36ef}Gw64; C:\Windows\System32\drivers\{94d62e35-4b43-494c-bf52-ba5935df36ef}Gw64.sys [48784 2014-12-01] (StdLib)
R1 {94d62e35-4b43-494c-bf52-ba5935df36ef}w64; C:\Windows\System32\drivers\{94d62e35-4b43-494c-bf52-ba5935df36ef}w64.sys [48784 2015-01-13] (StdLib)
R1 {9d5747ee-0448-4681-8337-1555de75a3b6}w64; C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w64.sys [61120 2014-06-16] (StdLib)
R1 {b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64; C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys [48784 2014-10-25] (StdLib)
R1 {b59efc84-8479-4faa-b02a-e5c7e85c7926}Gw64; C:\Windows\System32\drivers\{b59efc84-8479-4faa-b02a-e5c7e85c7926}Gw64.sys [48784 2014-11-26] (StdLib)
R1 {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64; C:\Windows\System32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys [48784 2014-10-05] (StdLib)
R1 {d428f5a9-a362-4938-a8b7-f0abd920078b}Gw64; C:\Windows\System32\drivers\{d428f5a9-a362-4938-a8b7-f0abd920078b}Gw64.sys [48784 2014-12-01] (StdLib)
R1 {d997fcb4-42b4-4f84-a147-2e498567c954}Gw64; C:\Windows\System32\drivers\{d997fcb4-42b4-4f84-a147-2e498567c954}Gw64.sys [48784 2014-11-28] (StdLib)
R1 {dc592624-f532-4311-9fc7-6920126fc404}Gw64; C:\Windows\System32\drivers\{dc592624-f532-4311-9fc7-6920126fc404}Gw64.sys [48784 2014-10-22] (StdLib)
R1 {f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64; C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys [48784 2014-10-22] (StdLib)
R1 {f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64; C:\Windows\System32\drivers\{f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64.sys [48832 2014-11-03] (StdLib)
R1 {fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64; C:\Windows\System32\drivers\{fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64.sys [48832 2014-10-31] (StdLib)
S1 ajcqhycc; \??\C:\WINDOWS\system32\drivers\ajcqhycc.sys [X]
U3 idsvc; no ImagePath
U5 REALPLAYERUPDATESVC; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-12 13:38 - 2016-09-12 13:39 - 00029884 _____ C:\Users\Mom n Dad\Downloads\FRST.txt
2016-09-12 13:37 - 2016-09-12 13:37 - 02397696 _____ (Farbar) C:\Users\Mom n Dad\Downloads\FRST64 (1).exe
2016-09-12 13:27 - 2016-09-12 13:38 - 00000000 ____D C:\FRST
2016-09-12 13:25 - 2016-09-12 13:25 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gwrvpwes.sys
2016-09-12 13:09 - 2016-09-12 13:10 - 03826240 _____ C:\Users\Mom n Dad\Downloads\adwcleaner_6.010.exe
2016-09-07 20:42 - 2016-09-07 20:42 - 00001273 _____ C:\Users\Mom n Dad\Desktop\Continue Flash Player Pro Installation.lnk
2016-09-06 22:12 - 2016-09-06 22:37 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\PlutoTV
2016-09-06 22:07 - 2016-09-06 22:07 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\IsolatedStorage
2016-09-06 22:06 - 2016-09-06 22:06 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\CEF
2016-09-06 22:05 - 2016-09-06 22:38 - 00000000 ____D C:\Program Files\COMODO
2016-09-06 22:05 - 2016-09-06 22:10 - 00000000 ____D C:\ProgramData\COMODO
2016-09-06 22:03 - 2016-09-06 22:04 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\Setup548490453
2016-09-06 22:03 - 2016-09-06 22:04 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\sano
2016-09-06 14:56 - 2016-09-06 14:56 - 00001936 _____ C:\Users\Mom n Dad\Desktop\Dawn.lnk
2016-09-06 11:59 - 2016-09-06 12:09 - 00000000 ____D C:\Users\Mom n Dad\Mail_20160906
2016-09-05 17:37 - 2016-09-05 17:37 - 04016517 _____ C:\Users\Mom n Dad\Downloads\F9 FIS Packet.pdf
2016-09-03 11:23 - 2016-09-03 11:23 - 00000000 ____D C:\ProgramData\Roblox
2016-09-03 11:22 - 2016-09-03 11:22 - 00000000 ____D C:\Program Files (x86)\Roblox
2016-08-31 10:12 - 2016-08-31 10:12 - 00000000 _____ C:\Users\Mom n Dad\Desktop\refresh (1) - Shortcut.lnk
2016-08-23 14:07 - 2016-08-23 14:07 - 00003348 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-23 14:05 - 2016-08-23 14:05 - 00000000 ____D C:\Users\Mom n Dad\AppData\Roaming\Skype
2016-08-22 23:27 - 2016-08-22 23:27 - 00001940 _____ C:\Users\Mom n Dad\Desktop\rFactor.lnk
2016-08-22 23:24 - 2016-08-22 23:24 - 00000000 ____D C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor
2016-08-22 23:23 - 2016-08-22 23:26 - 00000000 ____D C:\Program Files (x86)\rFactor
2016-08-22 23:10 - 2016-08-22 23:10 - 00000000 ____D C:\Users\Mom n Dad\AppData\Roaming\YourUpdater
2016-08-22 23:08 - 2016-09-07 10:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-08-22 23:08 - 2016-08-23 12:20 - 00000000 ____D C:\Program Files (x86)\SoftwareUpd
2016-08-22 23:08 - 2016-08-22 23:08 - 00000000 ____D C:\Program Files (x86)\SafeSavings
2016-08-22 23:08 - 2016-08-22 23:08 - 00000000 ____D C:\Program Files (x86)\PC_Support
2016-08-22 23:07 - 2016-08-22 23:07 - 00000003 _____ C:\Users\Mom n Dad\Desktop\2.txt
2016-08-22 23:07 - 2016-08-22 23:07 - 00000003 _____ C:\Users\Mom n Dad\Desktop\1.txt
2016-08-20 10:52 - 2016-08-20 10:52 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\oneClickRoot
2016-08-20 10:52 - 2016-08-20 10:52 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\AWSToolkit
2016-08-20 10:52 - 2016-08-20 10:52 - 00000000 ____D C:\Users\Mom n Dad\.android
2016-08-20 10:52 - 2016-08-20 10:52 - 00000000 ____D C:\Program Files (x86)\One Click Root
2016-08-20 10:51 - 2016-08-20 10:51 - 00000000 ____D C:\Users\Mom n Dad\AppData\Roaming\One Click Root
2016-08-16 03:18 - 2016-08-16 03:18 - 00159936 _____ (MBB) C:\WINDOWS\system32\Drivers\usb2ser.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-12 13:39 - 2014-04-18 05:52 - 00000368 _____ C:\WINDOWS\Tasks\CIMT_S-1-5-21-1399685641-2452391960-3966799618-1001.job
2016-09-12 13:39 - 2012-04-29 00:54 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-12 13:38 - 2012-09-22 21:23 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\Nero
2016-09-12 13:37 - 2012-04-29 01:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-09-12 13:30 - 2016-07-26 10:17 - 00000000 ____D C:\Users\Mom n Dad\Desktop\Mail_20160726
2016-09-12 13:25 - 2016-01-22 05:01 - 01021998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-12 13:25 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-12 13:20 - 2013-11-29 19:38 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-12 13:18 - 2015-07-30 07:33 - 00000946 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1399685641-2452391960-3966799618-1001UA.job
2016-09-12 13:17 - 2016-01-22 05:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-12 13:17 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-09-12 13:16 - 2016-01-22 05:02 - 00000000 ____D C:\Users\Mom n Dad
2016-09-12 13:15 - 2014-06-22 11:58 - 00000000 ____D C:\AdwCleaner
2016-09-12 13:14 - 2012-10-16 13:43 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-09-12 13:13 - 2014-03-22 20:20 - 00000000 ____D C:\Users\Mom n Dad\AppData\LocalLow\Yahoo!
2016-09-12 13:13 - 2012-10-16 13:48 - 00000000 ____D C:\Users\Mom n Dad\AppData\Roaming\Yahoo!
2016-09-12 12:48 - 2013-11-29 19:38 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-12 09:09 - 2012-09-22 21:52 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7A768056-8E95-406D-9C2A-AB86A5C81525}
2016-09-12 08:27 - 2016-02-03 02:27 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\CrashDumps
2016-09-12 02:47 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-11 15:18 - 2015-09-18 17:52 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1399685641-2452391960-3966799618-1001Core.job
2016-09-10 07:12 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-07 21:09 - 2016-02-08 13:06 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\FlickrUploadrWindows
2016-09-07 19:28 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-07 12:04 - 2012-09-23 12:09 - 00000000 ____D C:\ProgramData\PCDr
2016-09-07 11:04 - 2014-06-22 13:32 - 00000233 _____ C:\Users\Mom n Dad\AppData\Roaming\WB.CFG
2016-09-06 22:03 - 2014-10-07 03:38 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-09-06 12:34 - 2016-05-11 21:46 - 00000000 ____D C:\Users\Mom n Dad\Documents\Outlook Files
2016-09-06 11:45 - 2016-01-22 05:01 - 01035958 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-09-03 17:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-03 17:33 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-03 11:41 - 2016-05-06 20:11 - 00000000 ____D C:\Users\Mom n Dad\AppData\LocalLow\RbxLogs
2016-09-03 11:23 - 2016-05-06 20:11 - 00000244 _____ C:\Users\Mom n Dad\AppData\LocalLow\rbxcsettings.rbx
2016-09-02 11:00 - 2012-11-04 19:46 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-08-31 13:40 - 2014-08-14 19:15 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\Packages
2016-08-31 13:23 - 2013-03-03 12:16 - 00000048 _____ C:\Users\Mom n Dad\jagex_cl_oldschool_LIVE.dat
2016-08-30 08:43 - 2012-10-07 14:56 - 00000000 _____ C:\Users\Mom n Dad\Desktop\Games - Shortcut.lnk
2016-08-29 09:29 - 2016-06-01 11:30 - 00000000 _____ C:\Users\Mom n Dad\Desktop\Person 1 - Chromium.lnk
2016-08-29 05:45 - 2016-07-13 12:43 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-27 00:27 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-24 21:08 - 2014-07-24 17:23 - 00000000 ____D C:\Users\Mom n Dad\Downloads\Driver Support
2016-08-23 14:07 - 2015-11-12 09:48 - 00002423 _____ C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-23 14:07 - 2015-11-12 09:48 - 00000000 ___RD C:\Users\Mom n Dad\OneDrive
2016-08-23 12:21 - 2016-01-22 04:54 - 00366152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-18 08:59 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-17 14:23 - 2015-09-10 00:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-17 14:13 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-17 14:13 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
==================== Files in the root of some directories =======
2003-03-18 22:20 - 2003-03-18 22:20 - 1060864 _____ (Microsoft Corporation) C:\Program Files (x86)\mfc71.dll
2003-03-18 21:44 - 2003-03-18 21:44 - 0040960 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71CHS.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0045056 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71CHT.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0065536 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71DEU.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0057344 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71ENU.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0061440 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71ESP.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0061440 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71FRA.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0061440 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71ITA.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0049152 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71JPN.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0049152 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71KOR.DLL
2003-03-18 22:12 - 2003-03-18 22:12 - 1047552 _____ (Microsoft Corporation) C:\Program Files (x86)\mfc71u.dll
2016-06-10 13:17 - 2016-06-10 13:17 - 2049556 _____ () C:\Users\Mom n Dad\AppData\Roaming\sb359.dat
2016-06-10 13:17 - 2016-06-10 13:17 - 0253952 _____ () C:\Users\Mom n Dad\AppData\Roaming\Setup47968.exe
2014-06-22 13:32 - 2016-09-07 11:04 - 0000233 _____ () C:\Users\Mom n Dad\AppData\Roaming\WB.CFG
2015-01-04 20:58 - 2015-01-04 20:58 - 0000010 _____ () C:\Users\Mom n Dad\AppData\Local\DSI.DAT
2015-01-04 20:58 - 2015-01-04 20:58 - 0022528 _____ () C:\Users\Mom n Dad\AppData\Local\dsisetup2094711532.exe
2014-07-19 12:16 - 2014-07-19 12:16 - 0000017 _____ () C:\Users\Mom n Dad\AppData\Local\resmon.resmoncfg
2015-12-19 17:32 - 2015-12-19 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{0698FE7B-E414-4BB9-8209-FEAB7FB84A34}
2015-12-26 17:32 - 2015-12-26 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{4F9E012A-B0F7-4988-8C86-80C15AFAC133}
2015-12-20 17:32 - 2015-12-20 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{5B0B5687-B085-47B9-9266-0AC8894FBC48}
2015-12-25 17:32 - 2015-12-25 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{6BCFBDB5-13CA-4BA0-9D52-F5DED8CDCCAB}
2015-12-24 17:32 - 2015-12-24 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{7C950353-CCB5-4619-BEC1-845D41D0A3EE}
2015-12-22 17:32 - 2015-12-22 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{99ADE811-4040-48CB-AB88-B99011B5366C}
2015-12-23 17:32 - 2015-12-23 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{9CD32FAC-56F8-47B0-8929-2100E8BE3501}
2015-12-21 17:32 - 2015-12-21 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{DB925C31-3D0E-4629-B67A-C92960EF44E9}
2013-01-11 22:55 - 2013-01-11 22:55 - 0000069 _____ () C:\ProgramData\dsgsdgdsgdsgw.bat
2013-01-11 22:55 - 2013-01-11 22:55 - 0000159 _____ () C:\ProgramData\dsgsdgdsgdsgw.reg
2015-09-19 13:39 - 2015-09-19 13:39 - 5133208 _____ (© PC Cleaners Inc) C:\ProgramData\pclunst.exe
Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.bat
C:\ProgramData\dsgsdgdsgdsgw.reg
C:\ProgramData\pclunst.exe
Some files in TEMP:
====================
C:\Users\Mom n Dad\AppData\Local\Temp\CorrLinks.exe
C:\Users\Mom n Dad\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Mom n Dad\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Mom n Dad\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Mom n Dad\AppData\Local\Temp\ICReinstall_FlashPlayerPro (2).exe
C:\Users\Mom n Dad\AppData\Local\Temp\ICReinstall_FlashPlayerPro.exe
C:\Users\Mom n Dad\AppData\Local\Temp\libeay32.dll
C:\Users\Mom n Dad\AppData\Local\Temp\lowproc.exe
C:\Users\Mom n Dad\AppData\Local\Temp\msvcr120.dll
C:\Users\Mom n Dad\AppData\Local\Temp\pspx8.0_cnet.exe
C:\Users\Mom n Dad\AppData\Local\Temp\sqlite3.dll
C:\Users\Mom n Dad\AppData\Local\Temp\stubhelper.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-09-05 20:03
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Mom n Dad (administrator) on MOMNDAD-PC (12-09-2016 13:38:39)
Running from C:\Users\Mom n Dad\Downloads
Loaded Profiles: Mom n Dad (Available Profiles: Mom n Dad & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
() C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Pantech) C:\Program Files (x86)\NCMC\EUDL\UTM\PantechUTM.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
(Google Inc.) C:\Users\Mom n Dad\AppData\Local\Google\Update\GoogleUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
(Mindspark) C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\AppIntegrator64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Nero AG) C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Integration\Integrator.exe
(Farbar) C:\Users\Mom n Dad\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM\...\Run: [Corel Update Helper] => c:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\pua.exe [2012104 2015-11-28] (Corel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-11-29] (RealNetworks, Inc.)
HKLM-x32\...\Run: [InstaLAN] => C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1885088 2012-02-23] (Affinegy, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [HomeworkSimplified AppIntegrator 32-bit] => C:\PROGRA~2\HOMEWO~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [HomeworkSimplified AppIntegrator 64-bit] => C:\PROGRA~2\HOMEWO~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [EasyMailLogin EPM Support] => C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\dimedint.exe [12824 2015-07-13] (Mindspark)
HKLM-x32\...\Run: [EasyMailLogin AppIntegrator 32-bit] => C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\APPINTEGRATOR.EXE [230424 2015-07-13] (Mindspark)
HKLM-x32\...\Run: [EasyMailLogin AppIntegrator 64-bit] => C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\AppIntegrator64.exe [265752 2015-07-13] (Mindspark)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [5673824 2014-10-01] (PC Drivers Headquarters)
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\Run: [Google Update] => C:\Users\Mom n Dad\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-07-15] (Google Inc.)
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\Run: [Chromium] => c:\users\mom n dad\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\Run: [GoogleChromeAutoLaunch_EDEAD0EEDAACD124313EA82B8625168E] => C:\Users\Mom n Dad\AppData\Local\Chromium\Application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\RunOnce: [Uninstall C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\RunOnce: [Uninstall C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\RunOnce: [Uninstall C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\MountPoints2: {5d3af21f-6686-11e6-8d98-ed656eb76b56} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\MountPoints2: {5d3af332-6686-11e6-8d98-ed656eb76b56} - "E:\HTC_Sync_Manager_PC.exe"
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:13101
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1185df9b-6f1d-4fef-88ab-b9873ef8a071}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{285d4a35-be8b-4254-975d-0a0a65203b73}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
URLSearchHook: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 - (No Name) - {f78d8db4-444a-4a47-bec1-32164fe6b224} - C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\diSrcAs.dll (Mindspark)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {0D9AF04D-D70D-4AF8-A51B-CADA5C050768} URL = hxxps://delicious.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL =
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {67A88121-0959-44EB-B659-E80911541B35} URL = hxxps://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-08-27] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-08-27] (Microsoft Corporation)
BHO-x32: Toolbar BHO -> {2be98f70-2202-4f66-886c-c56f85bc28ce} -> C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\dibar.dll [2015-07-13] (Mindspark)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Search Assistant BHO -> {38c497c4-02cd-47d8-b69a-0658bdcc505c} -> C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\diSrcAs.dll [2015-07-13] (Mindspark)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-04] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-04] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM-x32 - EasyMailLogin - {99d36030-fbbc-4f19-a436-3911134193db} - C:\Program Files (x86)\EasyMailLogin_di\bar\2.bin\dibar.dll [2015-07-13] (Mindspark)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-26] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-14] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-08-26] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-11-29] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1399685641-2452391960-3966799618-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Plugin HKU\S-1-5-21-1399685641-2452391960-3966799618-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Mom n Dad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1399685641-2452391960-3966799618-1001: @talk.google.com/O1DPlugin -> C:\Users\Mom n Dad\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1399685641-2452391960-3966799618-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1399685641-2452391960-3966799618-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mom n Dad\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Mom n Dad\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-11-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-24]
CHR Extension: (Google Docs) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-24]
CHR Extension: (Google Drive) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-22]
CHR Extension: (YouTube) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-22]
CHR Extension: (Google Sheets) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-24]
CHR Extension: (Google Docs Offline) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-22]
CHR Extension: (RealDownloader) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2015-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-24]
CHR Extension: (Gmail) - C:\Users\Mom n Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-24]
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563104 2012-02-23] (Affinegy, Inc.)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2011-04-19] () [File not signed]
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2981056 2016-08-11] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
S2 Pantech UTM Service; C:\Program Files (x86)\NCMC\EUDL\UTM\PantechService.exe [65536 2011-05-20] (TODO: <Company name>) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2011-11-29] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4341424 2016-01-19] (Qualcomm Atheros Communications, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation)
S1 gwrvpwes; C:\WINDOWS\system32\drivers\gwrvpwes.sys [55168 2016-09-12] (Microsoft Corporation)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S2 sxuptp; C:\Windows\System32\drivers\sxuptp.sys [291352 2009-06-22] (silex technology, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 {10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64; C:\Windows\System32\drivers\{10e3e2da-8f7b-42cc-9f00-90007ce494b8}Gw64.sys [48832 2014-11-06] (StdLib)
R1 {255a824a-3cde-4dee-9785-284605606456}Gw64; C:\Windows\System32\drivers\{255a824a-3cde-4dee-9785-284605606456}Gw64.sys [48832 2014-10-28] (StdLib)
R1 {3cac76e7-8310-45ea-8277-96d048a78c60}Gw64; C:\Windows\System32\drivers\{3cac76e7-8310-45ea-8277-96d048a78c60}Gw64.sys [48784 2014-11-27] (StdLib)
R1 {4530e639-76ab-4435-889d-a5e81ae090a4}Gw64; C:\Windows\System32\drivers\{4530e639-76ab-4435-889d-a5e81ae090a4}Gw64.sys [48784 2014-10-20] (StdLib)
R1 {46a147d8-5171-42d8-b8a8-6a187525781d}Gw64; C:\Windows\System32\drivers\{46a147d8-5171-42d8-b8a8-6a187525781d}Gw64.sys [48784 2014-10-15] (StdLib)
R1 {51b9c91c-8e38-40ae-80de-58a590512b6b}Gw64; C:\Windows\System32\drivers\{51b9c91c-8e38-40ae-80de-58a590512b6b}Gw64.sys [48832 2014-11-10] (StdLib)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [61072 2014-07-24] (StdLib)
R1 {67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64; C:\Windows\System32\drivers\{67f29abb-07b3-41f5-94cd-f819d7c1fc76}Gw64.sys [48784 2014-10-20] (StdLib)
R1 {6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64; C:\Windows\System32\drivers\{6c84eb28-66c4-4e3d-8a5a-46ab94f0575a}Gw64.sys [48784 2014-10-19] (StdLib)
R1 {733fb217-c049-41ba-9504-3f2045e61977}Gw64; C:\Windows\System32\drivers\{733fb217-c049-41ba-9504-3f2045e61977}Gw64.sys [48784 2014-10-21] (StdLib)
R1 {94d62e35-4b43-494c-bf52-ba5935df36ef}Gw64; C:\Windows\System32\drivers\{94d62e35-4b43-494c-bf52-ba5935df36ef}Gw64.sys [48784 2014-12-01] (StdLib)
R1 {94d62e35-4b43-494c-bf52-ba5935df36ef}w64; C:\Windows\System32\drivers\{94d62e35-4b43-494c-bf52-ba5935df36ef}w64.sys [48784 2015-01-13] (StdLib)
R1 {9d5747ee-0448-4681-8337-1555de75a3b6}w64; C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}w64.sys [61120 2014-06-16] (StdLib)
R1 {b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64; C:\Windows\System32\drivers\{b0c7827f-c845-429a-833b-c2a798fc4fc3}Gw64.sys [48784 2014-10-25] (StdLib)
R1 {b59efc84-8479-4faa-b02a-e5c7e85c7926}Gw64; C:\Windows\System32\drivers\{b59efc84-8479-4faa-b02a-e5c7e85c7926}Gw64.sys [48784 2014-11-26] (StdLib)
R1 {bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64; C:\Windows\System32\drivers\{bb7b7a60-f574-47c2-8a0b-4c56f2da9802}Gw64.sys [48784 2014-10-05] (StdLib)
R1 {d428f5a9-a362-4938-a8b7-f0abd920078b}Gw64; C:\Windows\System32\drivers\{d428f5a9-a362-4938-a8b7-f0abd920078b}Gw64.sys [48784 2014-12-01] (StdLib)
R1 {d997fcb4-42b4-4f84-a147-2e498567c954}Gw64; C:\Windows\System32\drivers\{d997fcb4-42b4-4f84-a147-2e498567c954}Gw64.sys [48784 2014-11-28] (StdLib)
R1 {dc592624-f532-4311-9fc7-6920126fc404}Gw64; C:\Windows\System32\drivers\{dc592624-f532-4311-9fc7-6920126fc404}Gw64.sys [48784 2014-10-22] (StdLib)
R1 {f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64; C:\Windows\System32\drivers\{f5d136d7-adc2-4c84-85b2-e564334ab0bc}Gw64.sys [48784 2014-10-22] (StdLib)
R1 {f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64; C:\Windows\System32\drivers\{f63e4e62-e47d-4415-9bb4-c9b1dfe161b9}Gw64.sys [48832 2014-11-03] (StdLib)
R1 {fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64; C:\Windows\System32\drivers\{fc7329ef-e953-454c-8e78-ed2cf0acb2ef}Gw64.sys [48832 2014-10-31] (StdLib)
S1 ajcqhycc; \??\C:\WINDOWS\system32\drivers\ajcqhycc.sys [X]
U3 idsvc; no ImagePath
U5 REALPLAYERUPDATESVC; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-12 13:38 - 2016-09-12 13:39 - 00029884 _____ C:\Users\Mom n Dad\Downloads\FRST.txt
2016-09-12 13:37 - 2016-09-12 13:37 - 02397696 _____ (Farbar) C:\Users\Mom n Dad\Downloads\FRST64 (1).exe
2016-09-12 13:27 - 2016-09-12 13:38 - 00000000 ____D C:\FRST
2016-09-12 13:25 - 2016-09-12 13:25 - 00055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gwrvpwes.sys
2016-09-12 13:09 - 2016-09-12 13:10 - 03826240 _____ C:\Users\Mom n Dad\Downloads\adwcleaner_6.010.exe
2016-09-07 20:42 - 2016-09-07 20:42 - 00001273 _____ C:\Users\Mom n Dad\Desktop\Continue Flash Player Pro Installation.lnk
2016-09-06 22:12 - 2016-09-06 22:37 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\PlutoTV
2016-09-06 22:07 - 2016-09-06 22:07 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\IsolatedStorage
2016-09-06 22:06 - 2016-09-06 22:06 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\CEF
2016-09-06 22:05 - 2016-09-06 22:38 - 00000000 ____D C:\Program Files\COMODO
2016-09-06 22:05 - 2016-09-06 22:10 - 00000000 ____D C:\ProgramData\COMODO
2016-09-06 22:03 - 2016-09-06 22:04 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\Setup548490453
2016-09-06 22:03 - 2016-09-06 22:04 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\sano
2016-09-06 14:56 - 2016-09-06 14:56 - 00001936 _____ C:\Users\Mom n Dad\Desktop\Dawn.lnk
2016-09-06 11:59 - 2016-09-06 12:09 - 00000000 ____D C:\Users\Mom n Dad\Mail_20160906
2016-09-05 17:37 - 2016-09-05 17:37 - 04016517 _____ C:\Users\Mom n Dad\Downloads\F9 FIS Packet.pdf
2016-09-03 11:23 - 2016-09-03 11:23 - 00000000 ____D C:\ProgramData\Roblox
2016-09-03 11:22 - 2016-09-03 11:22 - 00000000 ____D C:\Program Files (x86)\Roblox
2016-08-31 10:12 - 2016-08-31 10:12 - 00000000 _____ C:\Users\Mom n Dad\Desktop\refresh (1) - Shortcut.lnk
2016-08-23 14:07 - 2016-08-23 14:07 - 00003348 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-23 14:05 - 2016-08-23 14:05 - 00000000 ____D C:\Users\Mom n Dad\AppData\Roaming\Skype
2016-08-22 23:27 - 2016-08-22 23:27 - 00001940 _____ C:\Users\Mom n Dad\Desktop\rFactor.lnk
2016-08-22 23:24 - 2016-08-22 23:24 - 00000000 ____D C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor
2016-08-22 23:23 - 2016-08-22 23:26 - 00000000 ____D C:\Program Files (x86)\rFactor
2016-08-22 23:10 - 2016-08-22 23:10 - 00000000 ____D C:\Users\Mom n Dad\AppData\Roaming\YourUpdater
2016-08-22 23:08 - 2016-09-07 10:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-08-22 23:08 - 2016-08-23 12:20 - 00000000 ____D C:\Program Files (x86)\SoftwareUpd
2016-08-22 23:08 - 2016-08-22 23:08 - 00000000 ____D C:\Program Files (x86)\SafeSavings
2016-08-22 23:08 - 2016-08-22 23:08 - 00000000 ____D C:\Program Files (x86)\PC_Support
2016-08-22 23:07 - 2016-08-22 23:07 - 00000003 _____ C:\Users\Mom n Dad\Desktop\2.txt
2016-08-22 23:07 - 2016-08-22 23:07 - 00000003 _____ C:\Users\Mom n Dad\Desktop\1.txt
2016-08-20 10:52 - 2016-08-20 10:52 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\oneClickRoot
2016-08-20 10:52 - 2016-08-20 10:52 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\AWSToolkit
2016-08-20 10:52 - 2016-08-20 10:52 - 00000000 ____D C:\Users\Mom n Dad\.android
2016-08-20 10:52 - 2016-08-20 10:52 - 00000000 ____D C:\Program Files (x86)\One Click Root
2016-08-20 10:51 - 2016-08-20 10:51 - 00000000 ____D C:\Users\Mom n Dad\AppData\Roaming\One Click Root
2016-08-16 03:18 - 2016-08-16 03:18 - 00159936 _____ (MBB) C:\WINDOWS\system32\Drivers\usb2ser.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-09-12 13:39 - 2014-04-18 05:52 - 00000368 _____ C:\WINDOWS\Tasks\CIMT_S-1-5-21-1399685641-2452391960-3966799618-1001.job
2016-09-12 13:39 - 2012-04-29 00:54 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-12 13:38 - 2012-09-22 21:23 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\Nero
2016-09-12 13:37 - 2012-04-29 01:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-09-12 13:30 - 2016-07-26 10:17 - 00000000 ____D C:\Users\Mom n Dad\Desktop\Mail_20160726
2016-09-12 13:25 - 2016-01-22 05:01 - 01021998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-12 13:25 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-12 13:20 - 2013-11-29 19:38 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-12 13:18 - 2015-07-30 07:33 - 00000946 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1399685641-2452391960-3966799618-1001UA.job
2016-09-12 13:17 - 2016-01-22 05:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-12 13:17 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-09-12 13:16 - 2016-01-22 05:02 - 00000000 ____D C:\Users\Mom n Dad
2016-09-12 13:15 - 2014-06-22 11:58 - 00000000 ____D C:\AdwCleaner
2016-09-12 13:14 - 2012-10-16 13:43 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-09-12 13:13 - 2014-03-22 20:20 - 00000000 ____D C:\Users\Mom n Dad\AppData\LocalLow\Yahoo!
2016-09-12 13:13 - 2012-10-16 13:48 - 00000000 ____D C:\Users\Mom n Dad\AppData\Roaming\Yahoo!
2016-09-12 12:48 - 2013-11-29 19:38 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-12 09:09 - 2012-09-22 21:52 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7A768056-8E95-406D-9C2A-AB86A5C81525}
2016-09-12 08:27 - 2016-02-03 02:27 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\CrashDumps
2016-09-12 02:47 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-11 15:18 - 2015-09-18 17:52 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1399685641-2452391960-3966799618-1001Core.job
2016-09-10 07:12 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-07 21:09 - 2016-02-08 13:06 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\FlickrUploadrWindows
2016-09-07 19:28 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-07 12:04 - 2012-09-23 12:09 - 00000000 ____D C:\ProgramData\PCDr
2016-09-07 11:04 - 2014-06-22 13:32 - 00000233 _____ C:\Users\Mom n Dad\AppData\Roaming\WB.CFG
2016-09-06 22:03 - 2014-10-07 03:38 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-09-06 12:34 - 2016-05-11 21:46 - 00000000 ____D C:\Users\Mom n Dad\Documents\Outlook Files
2016-09-06 11:45 - 2016-01-22 05:01 - 01035958 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-09-03 17:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-03 17:33 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-03 11:41 - 2016-05-06 20:11 - 00000000 ____D C:\Users\Mom n Dad\AppData\LocalLow\RbxLogs
2016-09-03 11:23 - 2016-05-06 20:11 - 00000244 _____ C:\Users\Mom n Dad\AppData\LocalLow\rbxcsettings.rbx
2016-09-02 11:00 - 2012-11-04 19:46 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-08-31 13:40 - 2014-08-14 19:15 - 00000000 ____D C:\Users\Mom n Dad\AppData\Local\Packages
2016-08-31 13:23 - 2013-03-03 12:16 - 00000048 _____ C:\Users\Mom n Dad\jagex_cl_oldschool_LIVE.dat
2016-08-30 08:43 - 2012-10-07 14:56 - 00000000 _____ C:\Users\Mom n Dad\Desktop\Games - Shortcut.lnk
2016-08-29 09:29 - 2016-06-01 11:30 - 00000000 _____ C:\Users\Mom n Dad\Desktop\Person 1 - Chromium.lnk
2016-08-29 05:45 - 2016-07-13 12:43 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-27 00:27 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-24 21:08 - 2014-07-24 17:23 - 00000000 ____D C:\Users\Mom n Dad\Downloads\Driver Support
2016-08-23 14:07 - 2015-11-12 09:48 - 00002423 _____ C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-23 14:07 - 2015-11-12 09:48 - 00000000 ___RD C:\Users\Mom n Dad\OneDrive
2016-08-23 12:21 - 2016-01-22 04:54 - 00366152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-18 08:59 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-17 14:23 - 2015-09-10 00:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-17 14:13 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-17 14:13 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-08-17 14:12 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
==================== Files in the root of some directories =======
2003-03-18 22:20 - 2003-03-18 22:20 - 1060864 _____ (Microsoft Corporation) C:\Program Files (x86)\mfc71.dll
2003-03-18 21:44 - 2003-03-18 21:44 - 0040960 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71CHS.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0045056 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71CHT.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0065536 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71DEU.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0057344 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71ENU.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0061440 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71ESP.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0061440 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71FRA.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0061440 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71ITA.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0049152 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71JPN.DLL
2003-03-18 21:44 - 2003-03-18 21:44 - 0049152 _____ (Microsoft Corporation) C:\Program Files (x86)\MFC71KOR.DLL
2003-03-18 22:12 - 2003-03-18 22:12 - 1047552 _____ (Microsoft Corporation) C:\Program Files (x86)\mfc71u.dll
2016-06-10 13:17 - 2016-06-10 13:17 - 2049556 _____ () C:\Users\Mom n Dad\AppData\Roaming\sb359.dat
2016-06-10 13:17 - 2016-06-10 13:17 - 0253952 _____ () C:\Users\Mom n Dad\AppData\Roaming\Setup47968.exe
2014-06-22 13:32 - 2016-09-07 11:04 - 0000233 _____ () C:\Users\Mom n Dad\AppData\Roaming\WB.CFG
2015-01-04 20:58 - 2015-01-04 20:58 - 0000010 _____ () C:\Users\Mom n Dad\AppData\Local\DSI.DAT
2015-01-04 20:58 - 2015-01-04 20:58 - 0022528 _____ () C:\Users\Mom n Dad\AppData\Local\dsisetup2094711532.exe
2014-07-19 12:16 - 2014-07-19 12:16 - 0000017 _____ () C:\Users\Mom n Dad\AppData\Local\resmon.resmoncfg
2015-12-19 17:32 - 2015-12-19 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{0698FE7B-E414-4BB9-8209-FEAB7FB84A34}
2015-12-26 17:32 - 2015-12-26 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{4F9E012A-B0F7-4988-8C86-80C15AFAC133}
2015-12-20 17:32 - 2015-12-20 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{5B0B5687-B085-47B9-9266-0AC8894FBC48}
2015-12-25 17:32 - 2015-12-25 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{6BCFBDB5-13CA-4BA0-9D52-F5DED8CDCCAB}
2015-12-24 17:32 - 2015-12-24 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{7C950353-CCB5-4619-BEC1-845D41D0A3EE}
2015-12-22 17:32 - 2015-12-22 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{99ADE811-4040-48CB-AB88-B99011B5366C}
2015-12-23 17:32 - 2015-12-23 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{9CD32FAC-56F8-47B0-8929-2100E8BE3501}
2015-12-21 17:32 - 2015-12-21 17:32 - 0000000 _____ () C:\Users\Mom n Dad\AppData\Local\{DB925C31-3D0E-4629-B67A-C92960EF44E9}
2013-01-11 22:55 - 2013-01-11 22:55 - 0000069 _____ () C:\ProgramData\dsgsdgdsgdsgw.bat
2013-01-11 22:55 - 2013-01-11 22:55 - 0000159 _____ () C:\ProgramData\dsgsdgdsgdsgw.reg
2015-09-19 13:39 - 2015-09-19 13:39 - 5133208 _____ (© PC Cleaners Inc) C:\ProgramData\pclunst.exe
Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.bat
C:\ProgramData\dsgsdgdsgdsgw.reg
C:\ProgramData\pclunst.exe
Some files in TEMP:
====================
C:\Users\Mom n Dad\AppData\Local\Temp\CorrLinks.exe
C:\Users\Mom n Dad\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Mom n Dad\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Mom n Dad\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Mom n Dad\AppData\Local\Temp\ICReinstall_FlashPlayerPro (2).exe
C:\Users\Mom n Dad\AppData\Local\Temp\ICReinstall_FlashPlayerPro.exe
C:\Users\Mom n Dad\AppData\Local\Temp\libeay32.dll
C:\Users\Mom n Dad\AppData\Local\Temp\lowproc.exe
C:\Users\Mom n Dad\AppData\Local\Temp\msvcr120.dll
C:\Users\Mom n Dad\AppData\Local\Temp\pspx8.0_cnet.exe
C:\Users\Mom n Dad\AppData\Local\Temp\sqlite3.dll
C:\Users\Mom n Dad\AppData\Local\Temp\stubhelper.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-09-05 20:03
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Mom n Dad (12-09-2016 13:39:58)
Running from C:\Users\Mom n Dad\Downloads
Windows 10 Home Version 1511 (X64) (2016-01-22 10:19:53)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1399685641-2452391960-3966799618-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1399685641-2452391960-3966799618-503 - Limited - Disabled)
Guest (S-1-5-21-1399685641-2452391960-3966799618-501 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-1399685641-2452391960-3966799618-1002 - Administrator - Enabled)
Mom n Dad (S-1-5-21-1399685641-2452391960-3966799618-1001 - Administrator - Enabled) => C:\Users\Mom n Dad
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Belkin Setup and Router Monitor (HKLM-x32\...\Belkin Setup and Router Monitor_is1) (Version: - )
Belkin USB Print and Storage Center (HKLM\...\Belkin USB Print and Storage Center) (Version: 1.1.4 - Belkin International, Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - )
Canon MP495 series User Registration (HKLM-x32\...\Canon MP495 series User Registration) (Version: - )
CASIO C781 USB Driver V1.0.4.0 (HKLM-x32\...\{3FA1785D-EED5-4840-A78F-2FC8B663CA86}) (Version: 1.0.4.0 - CASIO)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Corel PaintShop Pro X8 (HKLM-x32\...\_{85C69B9B-F9BD-4A60-BD83-F2B7E081ED39}) (Version: 18.1.0.67 - Corel Corporation)
CorrLinks (HKLM-x32\...\{ea99e77a-7c27-4dc0-9039-c82be958c286}) (Version: 1.7.760.0 - CorrLinks)
Corrlinks Client Setup (x32 Version: 1.7.760.0 - CORRLINKS) Hidden
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3BD7DD08-991B-4A2F-A165-614ED14EAADD}) (Version: 1.6.225.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.130 - ArcSoft)
Dell Stage (HKLM-x32\...\{FE182796-F6BA-486A-8590-89B7E8D1D60F}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.133 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.3.0.2513 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.3.0.2513 - CyberLink Corp.) Hidden
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
EasyMailLogin Internet Explorer Toolbar (HKLM-x32\...\EasyMailLogin_dibar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version: - FlashPlayerPro.com)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
ICA (x32 Version: 18.1.0.67 - Corel Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2598 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
IPM_PSP_COM64 (Version: 18.1.0.67 - Corel Corporation) Hidden
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065F0}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7167.2040 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PSPPContent (x32 Version: 18.1.0.67 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 18.1.0.67 - Corel Corporation) Hidden
PSPPro64 (Version: 18.1.0.67 - Corel Corporation) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
rFactor (remove only) (HKLM-x32\...\rFactor) (Version: - )
Setup (x32 Version: 18.1.0.67 - Corel Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SyncUP (HKLM-x32\...\{D92C9CCE-E5F0-4125-977A-0590F3225B74}) (Version: 10.2.16100 - Nero AG)
SyncUP (x32 Version: 1.12.12400.17.102 - Nero AG) Hidden
Verizon_NCMC_UTM64 (HKLM-x32\...\{33393A55-CFC1-4B06-A981-C1ED0F5E58FE}) (Version: 3.00.0000 - NCMC)
Video Mover (HKLM-x32\...\Video Mover_is1) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mom n Dad\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01F30789-9F85-4891-B16B-01D48AC73BEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {026417C9-BBE1-4DE9-A5F0-DF06042C0A2A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {138CED5E-7A7B-42BA-931E-8F8F3D72882C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1399685641-2452391960-3966799618-1001Core => C:\Users\Mom n Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-15] (Google Inc.)
Task: {1687A1FD-AC55-4129-83CE-F2E81A87DDAC} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-10-01] (PC Drivers Headquarters)
Task: {18041079-3723-4E8B-B901-20B5CFFC92AF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1B737015-9391-4E55-B8FA-02BB3EEED767} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1399685641-2452391960-3966799618-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {23686742-13B4-4EFB-A9AF-597EE6A1E527} - \BrowserSafeguard Update Task -> No File <==== ATTENTION
Task: {239B5BCC-CADC-47A2-AD18-2BBF0D2F8B10} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {298ABF9B-5E86-44F1-8E9D-A7DBD87B6FFE} - System32\Tasks\Microsoft\a3d90235e1136671ab1195c6078184ff => C:\Users\Mom n Dad\AppData\Roaming\DownloadManager\Updater.exe <==== ATTENTION
Task: {2C6B152D-396D-4DEB-8645-1655FDC91E82} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1399685641-2452391960-3966799618-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2D4C3CF2-D00C-4C24-B1B8-0329A38ABEFA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)
Task: {32953015-E7B7-4C79-98EC-B3F6F0892E6D} - System32\Tasks\CIMT_S-1-5-21-1399685641-2452391960-3966799618-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: {3614A2F9-363E-4498-B770-567EC0915647} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-09] (Microsoft Corporation)
Task: {3A9AD1CB-EF11-410F-A830-8131A508B9B7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-11] (Microsoft Corporation)
Task: {3F721923-E6BA-49CD-B1A0-79954BC009CE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4B0A68FD-7C92-4874-9013-DABFDBC5A052} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4C262A4F-159B-42EE-8FDB-C415C5D2B7B3} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1399685641-2452391960-3966799618-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5386E8F8-AA49-4ED2-A36A-5D1144B376F0} - System32\Tasks\Microsoft\6c033f6638c78c9e7ab6997c2f8fad17 => C:\Users\Mom n Dad\AppData\Roaming\DownloadManager\Loader.exe <==== ATTENTION
Task: {5D49F3FE-4623-44E5-B06F-8EAB6A55AE4F} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-10-01] (PC Drivers Headquarters)
Task: {6A52BC75-13D2-4AB0-BB53-FE5F428A3973} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1399685641-2452391960-3966799618-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {7CFB9241-E7E4-4563-8CF0-ED15692CBAAC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-08-02] (PC-Doctor, Inc.)
Task: {94EB26CB-B28D-449A-BCD5-CB06C146B834} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-11] (Microsoft Corporation)
Task: {982CCEB0-D695-4217-AAE2-80DCD62F1002} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {995DADB7-1E6F-4373-AD63-E7697ECA2C06} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {9BB46371-893F-490C-B5E1-069D99B094B8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-08-26] (Microsoft Corporation)
Task: {A81C212C-7412-4928-AFF5-1DC6EBFCDE23} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AADA6ACF-B56E-4BD0-A10F-AB82BAE607B4} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {AB0DC1F9-D92E-423F-840F-95C77828DC64} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-10-01] (PC Drivers Headquarters)
Task: {ABBF4E83-72E5-4D60-A0C4-D57083937DA3} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1399685641-2452391960-3966799618-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AD274FFE-1D79-48AC-B0D3-B217B3FDD829} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B043D61A-46F6-4ABE-8E46-B932FCE8EFE2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BC4127A5-4ADB-4433-A295-6CFC779FA8B2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1399685641-2452391960-3966799618-1001UA => C:\Users\Mom n Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-15] (Google Inc.)
Task: {BC8762CF-E3B3-4EF4-A5F6-6BB003BA24C3} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {BF2EDD38-FB41-4CFF-8814-EEFD0DD6A4BB} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation)
Task: {C8C10F94-43A4-4DCF-8910-4C3299713D23} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D5AFEC8E-AAE2-40B7-85E8-25ABD11DC563} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D759DB90-3B01-474A-A796-5B1BDFB1540F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {DD7D0C1E-34C1-4E06-A0A6-FF1AEAB62DFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {DDD6C151-8FB1-4FDC-B222-96AADE9D7F4F} - \MySearchDial -> No File <==== ATTENTION
Task: {EDDD4B0F-1E40-4EB8-AA41-D03DD3BA531A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F7DA9F55-CA1C-46BF-873E-3D111131E236} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-08-02] (PC-Doctor, Inc.)
Task: {FAEFDA68-32CD-42AD-BADE-DD8AEDD989A2} - \PC Speed Maximizer Schedule -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-1399685641-2452391960-3966799618-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1399685641-2452391960-3966799618-1001Core.job => C:\Users\Mom n Dad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1399685641-2452391960-3966799618-1001UA.job => C:\Users\Mom n Dad\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium Apps\Google Hangouts.lnk -> C:\Users\Mom n Dad\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\Mom n Dad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.yahoo.com
ShortcutWithArgument: C:\Users\Public\Desktop\Canon MP495 series On-screen Manual.lnk -> C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe (CANON INC.) -> hxxps://www.yahoo.com
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2014-03-22 17:16 - 2010-02-09 15:55 - 00055296 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
2014-03-22 17:16 - 2011-04-19 16:31 - 00181760 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
2012-11-04 19:47 - 2010-04-05 14:55 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2016-07-12 21:12 - 2016-06-30 23:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 21:12 - 2016-06-30 23:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-03-22 17:16 - 2011-04-19 16:31 - 00150016 ____N () C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
2016-08-23 14:06 - 2016-08-23 14:06 - 01864384 _____ () C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-05-11 16:44 - 2016-08-27 00:01 - 08921800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-04-19 06:05 - 2016-04-19 06:05 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-22 06:49 - 2016-01-22 06:49 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 21:14 - 2016-06-30 22:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 21:12 - 2016-06-30 22:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 21:12 - 2016-06-30 22:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 21:12 - 2016-06-30 22:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 21:12 - 2016-06-30 22:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-16 09:10 - 2014-10-01 03:53 - 00440712 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
2012-02-01 11:50 - 2012-02-01 11:50 - 00968048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2014-03-22 17:15 - 2012-02-23 15:57 - 00022944 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
2016-04-19 06:05 - 2016-04-19 06:05 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 06:05 - 2016-04-19 06:05 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-08-23 14:05 - 2016-08-23 14:05 - 01383616 _____ () C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-23 14:05 - 2016-08-23 14:05 - 00118976 _____ () C:\Users\Mom n Dad\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 08151040 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2012-02-01 11:44 - 2012-02-01 11:44 - 02278400 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2014-03-22 17:15 - 2010-08-22 20:01 - 00325632 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
2014-03-22 17:15 - 2010-08-22 20:01 - 07187456 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
2014-03-22 17:15 - 2010-08-22 20:01 - 00847360 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
2014-03-22 17:15 - 2010-08-22 20:01 - 01954304 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
2014-03-22 17:53 - 2010-08-22 19:32 - 00119808 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
2014-03-22 17:53 - 2012-02-23 15:19 - 00669696 _____ () C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
2012-04-29 01:07 - 2011-12-16 13:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2011-12-31 17:04 - 2011-12-31 17:04 - 00251688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll
2011-12-31 17:04 - 2011-12-31 17:04 - 00891688 _____ () C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll
2011-12-31 17:04 - 2011-12-31 17:04 - 00026408 _____ () C:\Program Files (x86)\Nero\SyncUP\AdbDetect.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gwrvpwes.sys:changelist [398]
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [264]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\genieo.com -> hxxp://search.genieo.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2016-09-06 22:24 - 00000100 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mom n Dad\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img7.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_EDEAD0EEDAACD124313EA82B8625168E"
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-1399685641-2452391960-3966799618-1001\...\StartupApproved\Run: => "FlickrUploadr"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{11270C2B-8417-439F-8392-9C4D75DF43DA}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Block) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe
FirewallRules: [TCP Query User{5D246E36-0D9D-4CC4-AE55-C3FF63B7F1F7}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Block) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe
FirewallRules: [UDP Query User{0DED09E9-2607-433F-BF96-28DF54A9BF1D}C:\program files\belkin\belkin usb print and storage center\connect.exe] => (Block) C:\program files\belkin\belkin usb print and storage center\connect.exe
FirewallRules: [TCP Query User{79F10B5A-D952-441F-8D12-D2821E8CA787}C:\program files\belkin\belkin usb print and storage center\connect.exe] => (Block) C:\program files\belkin\belkin usb print and storage center\connect.exe
FirewallRules: [{300A99D5-D930-48B8-A8C4-3E1E3CEF006C}] => (Allow) C:\Program Files (x86)\CorrLinks\corrlinks_client.exe
FirewallRules: [{2056A929-AE1F-41F2-A12F-009E577B5AEC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{CA8C9BFE-048C-41A0-8AE4-5E680E597EC4}] => (Allow) C:\Users\Mom n Dad\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [TCP Query User{D5169DA3-325B-47ED-916B-DF22177AC12B}C:\program files\belkin\belkin usb print and storage center\connect.exe] => (Allow) C:\program files\belkin\belkin usb print and storage center\connect.exe
FirewallRules: [UDP Query User{904CB172-60B5-4439-A2E1-D617B62CAE54}C:\program files\belkin\belkin usb print and storage center\connect.exe] => (Allow) C:\program files\belkin\belkin usb print and storage center\connect.exe
FirewallRules: [TCP Query User{C48E1131-74C8-4A0D-B15C-A91DF724540A}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Allow) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe
FirewallRules: [UDP Query User{B02B8E65-680E-4F9B-A03D-6D9D037AED07}C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe] => (Allow) C:\program files (x86)\belkin\router setup and monitor\belkinsetup.exe
==================== Restore Points =========================
08-09-2016 15:05:22 Scheduled Checkpoint
11-09-2016 19:33:06 Windows Backup
==================== Faulty Device Manager Devices =============
Name: SXUPTP Driver
Description: SXUPTP Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Belkin International, Inc.
Service: sxuptp
Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/12/2016 01:18:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x81c
Faulting application start time: 0x01d20d2201eed0be
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: unknown
Report Id: 5e8e1e18-59f1-45c5-ba6d-60c6480dd028
Faulting package full name:
Faulting package-relative application ID:
Error: (09/12/2016 01:06:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x880
Faulting application start time: 0x01d20d2056c5775b
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: unknown
Report Id: a5923815-da8e-40d5-9476-01dc35246746
Faulting package full name:
Faulting package-relative application ID:
Error: (09/12/2016 08:27:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Loader.exe, version: 1.0.0.134, time stamp: 0x542958a0
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571afb7f
Exception code: 0xc0000374
Fault offset: 0x000dc7c9
Faulting process id: 0x1f54
Faulting application start time: 0x01d20cf968099c3a
Faulting application path: C:\Users\Mom n Dad\AppData\Roaming\DownloadManager\Loader.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: f8d10e67-c76f-4b5f-ac38-edad3dd78876
Faulting package full name:
Faulting package-relative application ID:
Error: (09/12/2016 06:27:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Loader.exe, version: 1.0.0.134, time stamp: 0x542958a0
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571afb7f
Exception code: 0xc0000374
Fault offset: 0x000dc7c9
Faulting process id: 0x11a8
Faulting application start time: 0x01d20ce8a47fcb77
Faulting application path: C:\Users\Mom n Dad\AppData\Roaming\DownloadManager\Loader.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 93d2c7c4-3365-4e01-99d0-6e7520383525
Faulting package full name:
Faulting package-relative application ID:
Error: (09/12/2016 04:27:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Loader.exe, version: 1.0.0.134, time stamp: 0x542958a0
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571afb7f
Exception code: 0xc0000374
Fault offset: 0x000dc7c9
Faulting process id: 0x22c8
Faulting application start time: 0x01d20cd7e0f622d6
Faulting application path: C:\Users\Mom n Dad\AppData\Roaming\DownloadManager\Loader.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 85f06646-11e0-4dc4-b82a-1207ecd37d31
Faulting package full name:
Faulting package-relative application ID:
Error: (09/11/2016 07:33:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (09/11/2016 07:32:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (09/11/2016 09:39:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrcui.exe, version: 6.0.6817.133, time stamp: 0x579fa248
Faulting module name: KERNELBASE.dll, version: 10.0.10586.494, time stamp: 0x5775e4c5
Exception code: 0xc000041d
Fault offset: 0x0000000000071f28
Faulting process id: 0x1d60
Faulting application start time: 0x01d20b6cd19a7b44
Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: fcbb4948-3993-400e-b62b-788d717e2685
Faulting package full name:
Faulting package-relative application ID:
Error: (09/11/2016 09:39:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrcui.exe, version: 6.0.6817.133, time stamp: 0x579fa248
Faulting module name: KERNELBASE.dll, version: 10.0.10586.494, time stamp: 0x5775e4c5
Exception code: 0xe0434352
Fault offset: 0x0000000000071f28
Faulting process id: 0x1d60
Faulting application start time: 0x01d20b6cd19a7b44
Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: c0a7425f-bd08-4ccd-8413-661153fc3f05
Faulting package full name:
Faulting package-relative application ID:
Error: (09/11/2016 09:39:23 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: pcdrcui.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
at MS.Win32.UnsafeNativeMethods.PostMessage(System.Runtime.InteropServices.HandleRef, MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
at System.Windows.Interop.HwndTarget.UpdateWindowSettings(Boolean, System.Nullable`1<ChannelSet>)
at System.Windows.Interop.HwndTarget.UpdateWindowPos(IntPtr)
at System.Windows.Interop.HwndTarget.HandleMessage(MS.Internal.Interop.WindowMessage, IntPtr, IntPtr)
at System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
System errors:
=============
Error: (09/12/2016 01:19:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
Error: (09/12/2016 01:19:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
After starting, the service hung in a start-pending state.
Error: (09/12/2016 01:19:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Application Virtualization Client service hung on starting.
Error: (09/12/2016 01:18:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (09/12/2016 01:18:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The sxuptp service failed to start due to the following error:
This driver has been blocked from loading
Error: (09/12/2016 01:17:47 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: sxuptp.sys
Error: (09/12/2016 01:16:39 PM) (Source: DCOM) (EventID: 10010) (User: MomnDad-PC)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (09/12/2016 01:16:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_377da service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/12/2016 01:16:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_377da service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (09/12/2016 01:16:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_377da service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2016-09-12 13:38:10.036
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-09-12 10:28:12.037
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-12 10:28:12.023
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-12 10:28:12.008
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-12 10:28:11.990
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-12 10:28:11.976
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-12 10:28:11.961
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-12 10:28:11.944
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-12 10:28:11.930
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-09-12 10:28:11.916
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Pentium® CPU G630 @ 2.70GHz
Percentage of memory in use: 54%
Total physical RAM: 3974.16 MB
Available physical RAM: 1814.47 MB
Total Virtual: 8070.16 MB
Available Virtual: 5554 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:442.18 GB) (Free:384.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 834115F8)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=23.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=442.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================