Please see attached FRST reports. Computer is barely working. Took me 2 days to post this topic and try to run programs to clean computer. Please help. Also receiving an error log from TFC Cleaner, which I saved to my desktop.
Thank you in advance for your help!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Owner (administrator) on SMITH-PC (09-12-2016 09:08:53)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\dataup\dataup.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\ProgramData\NetworkPacketManitor\Nettrans.exe
() C:\Windows\SysWOW64\NetUtils2016.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.9.829.0\McCSPServiceHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Global surveys) C:\Users\Owner\AppData\Roaming\Interstatnogui\interstatnogui.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\ProgramData\AppxeetouQ\AppxeetouQ.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7539928 2014-02-09] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2807536 2014-01-07] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [flexi] => C:\Program Files (x86)\Undoes\low.exe [482304 2016-12-08] ()
HKLM\...\Run: [flexiflexi] => "C:\Program Files (x86)\Hamon\low.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-13] (Flexera Software LLC.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [14688 2015-11-11] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25838592 2016-11-28] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe [1866936 2016-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [multipolar] => C:\Program Files (x86)\Undoes\low.exe [482304 2016-12-08] ()
HKLM-x32\...\Run: [multipolarmultipolar] => "C:\Program Files (x86)\Hamon\low.exe"
HKLM-x32\...\Run: [mapsgalaxy] => C:\Users\Owner\AppData\Local\Temp\7253453\ic-0.31ccf056389018.exe -start <===== ATTENTION
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [Chromium] => c:\users\owner\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9355480 2016-11-21] (Piriform Ltd)
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\AdobeCollabSync.exe [882872 2016-10-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [oniklo] => rundll32.exe "C:\Users\Owner\AppData\Local\oniklo.dll",oniklo <===== ATTENTION
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [stegmann] => C:\Program Files (x86)\Undoes\low.exe [482304 2016-12-08] ()
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [stegmannstegmann] => "C:\Program Files (x86)\Hamon\low.exe"
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [skoal] => C:\Program Files (x86)\Undoes\low.exe [482304 2016-12-08] ()
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [skoalskoal] => "C:\Program Files (x86)\Hamon\low.exe"
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [budged] => C:\Program Files (x86)\Undoes\low.exe [482304 2016-12-08] ()
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [ProxyGate] => C:\Users\Owner\AppData\Roaming\ProxyGate\MainService.exe <===== ATTENTION
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [Interstatnogui] => C:\Users\Owner\AppData\Roaming\Interstatnogui\interstatnogui.exe [2757560 2016-12-08] (Global surveys) <===== ATTENTION
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-12-06] (SUPERAntiSpyware)
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\Run: [stoning] => "C:\Program Files (x86)\miya\stoning.exe"
HKU\S-1-5-18\...\Run: [] => 0
AppInit_DLLs: C:\ProgramData\AppxeetouQ\Zumlab.dll => C:\ProgramData\AppxeetouQ\Zumlab.dll [358912 2016-12-09] ()
AppInit_DLLs-x32: C:\ProgramData\AppxeetouQ\Warmstring.dll => C:\ProgramData\AppxeetouQ\Warmstring.dll [248320 2016-12-09] ()
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2016-12-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2016-12-08] ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lawson.lnk [2016-12-08]
ShortcutTarget: lawson.lnk -> C:\Program Files (x86)\Undoes\low.exe ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-09-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{11DB65DE-AFBA-496E-A7CE-E847599D81E4}: [DhcpNameServer] 168.94.0.14 168.94.0.15
Tcpip\..\Interfaces\{C98674E6-3F29-41E4-A7AD-DE21905D9A03}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_32¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEtAyEyC0BtDtD0FtA0FyDzzzztAzytN0D0Tzu0StCyCzzyDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtAyBtD0CtC0DtBtGtCtDyCyCtGyByCtD0FtGyEtAtBtBtGyEtA0B0ByB0CyB0CzzyE0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBzyyBtDtBzytGtBtAzz0EtGyE0D0FyBtGzz0DzytCtGtBtCyEyC0A0A0D0BtD0FtByE2QtN0A0LzuyE%26cr%3D1066021647%26a%3Dwbf_ir_16_32%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_32¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEtAyEyC0BtDtD0FtA0FyDzzzztAzytN0D0Tzu0StCyCzzyDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtAyBtD0CtC0DtBtGtCtDyCyCtGyByCtD0FtGyEtAtBtBtGyEtA0B0ByB0CyB0CzzyE0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBzyyBtDtBzytGtBtAzz0EtGyE0D0FyBtGzz0DzytCtGtBtCyEyC0A0A0D0BtD0FtByE2QtN0A0LzuyE%26cr%3D1066021647%26a%3Dwbf_ir_16_32%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEHXdzv7XidwSoQfyAVi7tH6kGaEashkPich_EHRfH75ICwq6cE5wZB_a1-cDPsdHBk8SCf6G4UjgFs1jM0oLSk2Dtax0Mn74SCbqaXRo6lJt_0_OW8xBSuhto7fp7fO6Dgm-hRGCmImqufV6p6jf8,
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEHXdzv7XidwSoQfyAVi7tH6kGaEashkPich_EHRfH75ICwq6cE5wZB_a1-cDPsdHBop7EPq2dU2Emm6amYESeVkBWjUeb_5UL7au9QLuQgSHD_EsTumf4sSiraAO6miVHe9CJbtaNfG18ADy4tgVY,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_32¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEtAyEyC0BtDtD0FtA0FyDzzzztAzytN0D0Tzu0StCyCzzyDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtAyBtD0CtC0DtBtGtCtDyCyCtGyByCtD0FtGyEtAtBtBtGyEtA0B0ByB0CyB0CzzyE0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBzyyBtDtBzytGtBtAzz0EtGyE0D0FyBtGzz0DzytCtGtBtCyEyC0A0A0D0BtD0FtByE2QtN0A0LzuyE%26cr%3D1066021647%26a%3Dwbf_ir_16_32%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_32¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEtAyEyC0BtDtD0FtA0FyDzzzztAzytN0D0Tzu0StCyCzzyDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtAyBtD0CtC0DtBtGtCtDyCyCtGyByCtD0FtGyEtAtBtBtGyEtA0B0ByB0CyB0CzzyE0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBzyyBtDtBzytGtBtAzz0EtGyE0D0FyBtGzz0DzytCtGtBtCyEyC0A0A0D0BtD0FtByE2QtN0A0LzuyE%26cr%3D1066021647%26a%3Dwbf_ir_16_32%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {57FB77C4-A0F7-457B-9310-661C01DC5DA7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEHXdzv7XidwSoQfyAVi7tH6kGaEashkPich_EHRfH75ICwq6cE5wZB_a1-cDPsdHBop7EPq2dU2Emm6amYESeVkBWjUeb_5UL7au9QLuQgSHD_EsTumf4sSiraAO6miVHe9CJbtaNfG18ADy4tgVY,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_ir_16_32¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0CyEtAyEyC0BtDtD0FtA0FyDzzzztAzytN0D0Tzu0StCyCzzyDtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StBtAyBtD0CtC0DtBtGtCtDyCyCtGyByCtD0FtGyEtAtBtBtGyEtA0B0ByB0CyB0CzzyE0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtBzyyBtDtBzytGtBtAzz0EtGyE0D0FyBtGzz0DzytCtGtBtCyEyC0A0A0D0BtD0FtByE2QtN0A0LzuyE%26cr%3D1066021647%26a%3Dwbf_ir_16_32%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> {57FB77C4-A0F7-457B-9310-661C01DC5DA7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEHXdzv7XidwSoQfyAVi7tH6kGaEashkPich_EHRfH75ICwq6cE5wZB_a1-cDPsdHBop7EPq2dU2Emm6amYESeVkBWjUeb_5UL7au9QLuQgSHD_EsTumf4sSiraAO6miVHe9CJbtaNfG18ADy4tgVY,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002 -> {4A4AC7EA-3F17-4748-AFCF-E8F9F2B747B4} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002 -> {57FB77C4-A0F7-457B-9310-661C01DC5DA7} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002 -> {ielnksrch} URL = hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEHXdzv7XidwSoQfyAVi7tH6kGaEashkPich_EHRfH75ICwq6cE5wZB_a1-cDPsdHBop7EPq2dU2Emm6amYESeVkBWjUeb_5UL7au9QLuQgSHD_EsTumf4sSiraAO6miVHe9CJbtaNfG18ADy4tgVY,&q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-15] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-15] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-15] (Google Inc.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-15] (Google Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-05-24] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-05-24] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn [2016-08-16]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-07-21] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-05-24] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll [2012-07-18] (Nuance Communications Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK6GX7xbIX0PZXZRWDoQSnAfe5vnZEiJbUwXH8iPFtDxlNg7052aYBp_GHtWsm3lM5aVk-yCpT1sgE4Rx4-UUEKGmMgCHap4OPTsSD68CGHe1Yw5mkta-U5RRakxS2H9zDZ7fUgSoQndSCdltBdi8,
CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuK6GX7xbIX0PZXZRWDoQSnAfe5vnZEiJbUwXH8iPFtDxlNg7052aYBp_GHtWsm3lM5aVk-yCpT1sgE4RANvL3gzCj80X1qLTx5Bgv573HrvYKkR9ER8uzm6a7iAzCjRHp7dsOZmqnYP7zaThNdGtQ,&q={searchTerms}
CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2016-12-09]
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-29]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-29]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-29]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-29]
CHR Extension: (Adobe Acrobat) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-08]
CHR Extension: (Browser Hunt) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki [2016-12-08]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-29]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-29]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-29]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-24]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 AppxeetouQ; C:\ProgramData\\AppxeetouQ\\AppxeetouQ.exe [400896 2016-12-08] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows ® Win 7 DDK provider) [File not signed]
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2016-10-30] (Microsoft Corporation)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [76944 2016-08-05] (Comodo Security Solutions, Inc.)
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2016-09-22] () [File not signed] <==== ATTENTION
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-16] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-11-28] (Dropbox, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-12-16] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-05-24] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-18] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 Nettrans; C:\ProgramData\NetworkPacketManitor\Nettrans.exe [57856 2016-09-28] () [File not signed]
R2 NetUtils2016srv; C:\Windows\SysWOW64\NetUtils2016.exe [470592 2016-12-08] ()
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [990656 2016-10-28] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-10-28] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-10-28] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-25] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-03-11] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-03-11] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
R1 NetUtils2016; C:\Windows\system32\drivers\NetUtils2016.sys [909944 2016-12-08] () <==== ATTENTION
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-12-16] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [29936 2014-01-07] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-01-07] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [13920 2016-08-12] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-09 09:09 - 2016-12-09 09:09 - 00000000 ____D C:\Users\Owner\Desktop\New folder
2016-12-09 08:59 - 2016-12-09 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-12-08 21:52 - 2016-12-09 01:42 - 00000000 ____D C:\SUPERDelete
2016-12-08 21:51 - 2016-12-08 22:44 - 00000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9e88b202-93b7-4d8f-baa9-5d103a1f07d5.job
2016-12-08 21:51 - 2016-12-08 22:44 - 00000528 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7cc9fbc5-e185-437c-8b69-3724f3b45856.job
2016-12-08 21:51 - 2016-12-08 21:51 - 00003582 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 9e88b202-93b7-4d8f-baa9-5d103a1f07d5
2016-12-08 21:51 - 2016-12-08 21:51 - 00003500 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 7cc9fbc5-e185-437c-8b69-3724f3b45856
2016-12-08 21:50 - 2016-12-08 21:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2016-12-08 21:49 - 2016-12-08 21:50 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-12-08 21:49 - 2016-12-08 21:49 - 28595680 _____ (SUPERAntiSpyware) C:\Users\Owner\Desktop\SUPERAntiSpyware.exe
2016-12-08 21:49 - 2016-12-08 21:49 - 00001827 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-12-08 21:49 - 2016-12-08 21:49 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-12-08 21:49 - 2016-12-08 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-12-08 21:33 - 2016-12-08 21:33 - 00000000 ____D C:\Rem-VBSqt
2016-12-08 21:18 - 2016-12-08 21:18 - 00448512 _____ (OldTimer Tools) C:\Users\Owner\Desktop\TFC.exe
2016-12-08 21:13 - 2016-12-08 21:13 - 00050688 _____ (Atribune.org) C:\Users\Owner\Downloads\ATF-Cleaner.exe
2016-12-08 20:38 - 2016-12-08 20:38 - 05658636 _____ (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2016-12-08 19:12 - 2016-12-08 19:12 - 00000000 ____D C:\Users\Owner\Downloads\FRST-OlderVersion
2016-12-08 18:47 - 2016-12-08 18:47 - 00003082 _____ C:\Windows\System32\Tasks\{3642E9CF-9229-4600-8FDA-2EFF27B0942C}
2016-12-08 10:07 - 2016-12-08 10:07 - 00000000 ____D C:\ProgramData\AppxeetouQs
2016-12-08 10:06 - 2016-12-09 09:03 - 00000000 ____D C:\ProgramData\AppxeetouQ
2016-12-08 09:29 - 2016-12-08 09:29 - 00000000 ____D C:\ProgramData\Lavasoft
2016-12-08 09:26 - 2016-12-08 09:27 - 00000000 ____D C:\ProgramData\MAGIX
2016-12-08 09:21 - 2016-12-08 09:21 - 00000000 ____D C:\Users\Owner\AppData\Local\pinger.com
2016-12-08 09:13 - 2016-12-08 23:04 - 00000000 ____D C:\Users\Owner\AppData\Local\mstrn32
2016-12-08 09:13 - 2016-12-08 09:13 - 00000000 ____D C:\Users\Owner\AppData\Local\cpx
2016-12-08 09:12 - 2016-12-08 23:27 - 00000000 ____D C:\Program Files (x86)\cpx
2016-12-08 09:12 - 2016-12-08 23:25 - 00000000 ____D C:\Program Files (x86)\msrtn32
2016-12-08 09:09 - 2016-12-08 09:09 - 00000000 ____D C:\Users\Owner\AppData\Local\AnonymizerLauncher
2016-12-08 03:02 - 2016-12-08 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-12-08 03:02 - 2016-12-08 03:02 - 00000000 ____D C:\ProgramData\BSD
2016-12-08 03:01 - 2016-12-08 03:01 - 00000000 ____D C:\ProgramData\PCVARK
2016-12-08 03:01 - 2016-12-08 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-12-08 03:00 - 2016-12-09 09:03 - 00002386 _____ C:\Windows\SysWOW64\findit.xml
2016-12-08 03:00 - 2016-12-09 01:46 - 00625272 _____ C:\Windows\system32\NetUtils2016.dll
2016-12-08 03:00 - 2016-12-08 23:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ProxyGate
2016-12-08 03:00 - 2016-12-08 03:00 - 00909944 _____ C:\Windows\system32\Drivers\NetUtils2016.sys
2016-12-08 03:00 - 2016-12-08 03:00 - 00470592 _____ C:\Windows\SysWOW64\NetUtils2016.exe
2016-12-08 03:00 - 2016-12-08 03:00 - 00003264 _____ C:\Windows\System32\Tasks\psv_Tresfax
2016-12-08 03:00 - 2016-12-08 03:00 - 00003264 _____ C:\Windows\System32\Tasks\psv_Lamis
2016-12-08 03:00 - 2016-12-08 03:00 - 00003258 _____ C:\Windows\System32\Tasks\psv_Hotlight
2016-12-08 03:00 - 2016-12-08 03:00 - 00000000 ____D C:\Windows\SysWOW64\sstmp
2016-12-08 03:00 - 2016-12-08 03:00 - 00000000 ____D C:\Windows\system32\sstmp
2016-12-08 03:00 - 2016-12-08 03:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2016-12-08 03:00 - 2016-12-08 03:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Interstatnogui
2016-12-08 03:00 - 2016-12-08 03:00 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashRpt
2016-12-08 03:00 - 2016-12-08 03:00 - 00000000 ____D C:\ProgramData\Quoteexs
2016-12-08 02:59 - 2016-12-08 23:42 - 00000000 ____D C:\ProgramData\Logic Handler
2016-12-08 02:59 - 2016-12-08 10:06 - 00000000 ____D C:\ProgramData\NetworkPacketManitor
2016-12-08 02:59 - 2016-12-08 02:59 - 07310848 _____ C:\Users\Owner\AppData\Roaming\agent.dat
2016-12-08 02:59 - 2016-12-08 02:59 - 01907835 _____ C:\Users\Owner\AppData\Roaming\Transfax.tst
2016-12-08 02:59 - 2016-12-08 02:59 - 00126464 _____ C:\Users\Owner\AppData\Roaming\noah.dat
2016-12-08 02:59 - 2016-12-08 02:59 - 00070704 _____ C:\Users\Owner\AppData\Roaming\Config.xml
2016-12-08 02:59 - 2016-12-08 02:59 - 00018432 _____ C:\Users\Owner\AppData\Roaming\Main.dat
2016-12-08 02:59 - 2016-12-08 02:59 - 00005568 _____ C:\Users\Owner\AppData\Roaming\md.xml
2016-12-08 02:58 - 2016-12-08 02:59 - 00016224 _____ C:\Users\Owner\AppData\Roaming\InstallationConfiguration.xml
2016-12-08 02:58 - 2016-12-08 02:58 - 00140288 _____ C:\Users\Owner\AppData\Roaming\Installer.dat
2016-12-08 02:58 - 2016-12-08 02:58 - 00000000 ____D C:\Users\Owner\AppData\Local\Shortcut Installer
2016-12-08 02:52 - 2016-12-08 09:22 - 00000000 ____D C:\Windows\system32\SSL
2016-12-08 02:52 - 2016-12-08 02:52 - 00000000 ____D C:\ProgramData\Microleaves
2016-12-08 02:52 - 2016-12-08 02:52 - 00000000 _____ C:\Users\Owner\AppData\Local\tr5b.txt
2016-12-08 02:51 - 2016-12-09 01:42 - 00000000 ___HD C:\Program Files (x86)\miya
2016-12-08 02:51 - 2016-12-08 15:42 - 00000000 ___HD C:\Program Files (x86)\Hamon
2016-12-08 02:51 - 2016-12-08 02:51 - 00003790 _____ C:\Windows\System32\Tasks\69914424
2016-12-08 02:51 - 2016-12-08 02:51 - 00003788 _____ C:\Windows\System32\Tasks\41777599
2016-12-08 02:51 - 2016-12-08 02:51 - 00003788 _____ C:\Windows\System32\Tasks\21681042
2016-12-08 02:51 - 2016-12-08 02:51 - 00003628 _____ C:\Windows\System32\Tasks\Da6991442469914424
2016-12-08 02:51 - 2016-12-08 02:51 - 00003626 _____ C:\Windows\System32\Tasks\Da4177759941777599
2016-12-08 02:51 - 2016-12-08 02:51 - 00003626 _____ C:\Windows\System32\Tasks\Da2168104221681042
2016-12-08 02:51 - 2016-12-08 02:51 - 00000003 _____ C:\Users\Owner\AppData\Local\run1.txt
2016-12-08 02:51 - 2016-12-08 02:51 - 00000000 ___HD C:\Program Files (x86)\Undoes
2016-12-08 02:49 - 2016-12-08 09:27 - 00000000 ____D C:\Program Files (x86)\Microleaves
2016-12-08 02:49 - 2016-12-08 02:51 - 00000000 ____D C:\Users\Owner\AppData\Roaming\iZotope
2016-12-08 02:49 - 2016-12-08 02:50 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microleaves
2016-12-08 02:49 - 2016-12-08 02:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\c
2016-12-08 02:49 - 2016-12-08 02:49 - 00000000 ____D C:\Users\Owner\.proxycheck
2016-12-08 02:49 - 2016-12-08 02:49 - 00000000 ____D C:\Users\Owner\.AnonymizerLauncher
2016-12-08 02:49 - 2016-12-08 02:49 - 00000000 ____D C:\ProgramData\1481183384
2016-12-08 02:49 - 2016-12-08 02:49 - 00000000 ____D C:\Program Files (x86)\regtool
2016-12-08 02:49 - 2016-12-08 02:49 - 00000000 ____D C:\Program Files (x86)\dataup
2016-12-08 02:48 - 2016-12-08 09:22 - 00000000 ____D C:\Program Files (x86)\AnonymizerGadget
2016-12-08 02:48 - 2016-12-08 02:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AGData
2016-12-08 02:48 - 2016-12-08 02:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2016-12-08 02:43 - 2016-12-08 09:27 - 00000000 ____D C:\ProgramData\VEGAS
2016-12-08 02:41 - 2016-12-08 02:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Sony
2016-12-08 02:38 - 2016-12-08 09:26 - 00000000 ____D C:\Users\Owner\AppData\Roaming\MAGIX
2016-12-08 02:38 - 2016-12-08 02:38 - 00000000 ____D C:\Users\Owner\Documents\MAGIX Downloads
2016-12-08 01:40 - 2016-12-08 09:26 - 00000000 ____D C:\Users\Owner\Documents\iZotope
2016-12-08 01:40 - 2016-12-08 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2016-12-08 01:40 - 2016-12-08 09:26 - 00000000 ____D C:\Program Files\Common Files\VST3
2016-12-08 01:40 - 2016-12-08 01:40 - 00000000 ____D C:\Program Files\Common Files\Avid
2016-12-08 01:18 - 2016-12-08 01:18 - 00528896 _____ (minis) C:\Users\Owner\AppData\Local\predicates.exe
2016-12-08 01:18 - 2016-12-08 01:18 - 00482304 _____ C:\Windows\vadim.exe
2016-12-08 01:10 - 2016-05-31 12:52 - 01431552 _____ (Propellerhead Software AB) C:\Windows\SysWOW64\ReWire.dll
2016-12-07 09:27 - 2016-12-07 09:27 - 00005120 _____ C:\Users\Owner\AppData\Local\ddnow.exe
2016-12-06 17:59 - 2016-12-06 17:59 - 02001079 _____ C:\Windows\97b4226e82053e864b386d56e6ff8b45.exe
2016-12-01 18:53 - 2016-12-01 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-29 13:06 - 2016-11-29 13:06 - 08995888 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup524_protrial.exe
2016-11-28 09:05 - 2016-11-28 09:05 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-11-28 09:05 - 2016-11-28 09:05 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-11-28 09:05 - 2016-11-28 09:05 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-11-28 09:05 - 2016-11-28 09:05 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-11-17 11:41 - 2016-11-17 11:42 - 128534041 _____ C:\Users\Owner\Downloads\HHID1992 (Bonus Track Edition) [320 kbps].zip
2016-11-17 11:33 - 2016-11-17 11:34 - 70451032 _____ C:\Users\Owner\Downloads\Travis Scott - Days Before Birds.zip
2016-11-17 11:24 - 2016-11-17 11:27 - 117515512 _____ C:\Users\Owner\Downloads\Jeezy_-_Trap_Or_Die_3_[iTunes][GangstaRapTalk.com] (1).zip
2016-11-17 11:16 - 2016-11-23 14:09 - 00000000 ____D C:\Users\Owner\Desktop\GoPro Stuff
2016-11-17 11:05 - 2016-11-17 11:06 - 137057942 _____ C:\Users\Owner\Downloads\Attack_The_Block-(DatPiff.com).zip
2016-11-17 11:05 - 2016-11-17 11:05 - 19516601 _____ C:\Users\Owner\Downloads\Free_Bricks_2_Zone_6_Edition-(DatPiff.com).zip
2016-11-17 11:04 - 2016-11-17 11:04 - 74215411 _____ C:\Users\Owner\Downloads\RARE-(DatPiff.com).zip
2016-11-17 10:59 - 2016-11-17 10:59 - 00001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2017.lnk
2016-11-17 10:54 - 2016-11-17 10:54 - 00001129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2017.lnk
2016-11-17 10:54 - 2016-11-17 10:54 - 00000000 ____D C:\Users\Public\Documents\Adobe
2016-11-17 10:52 - 2016-11-17 10:52 - 00000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs
2016-11-17 10:47 - 2016-11-17 10:47 - 00001176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-11-17 10:47 - 2016-11-17 10:47 - 00001164 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-09 09:08 - 2016-08-14 15:46 - 00000000 ____D C:\FRST
2016-12-09 09:08 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp
2016-12-09 09:06 - 2016-10-10 14:46 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-09 09:05 - 2016-05-07 15:09 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1984768383-2945694233-2252105598-1002
2016-12-09 09:03 - 2016-05-29 11:01 - 00002228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-09 09:03 - 2016-05-29 11:01 - 00002222 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-09 09:03 - 2016-05-07 15:04 - 00001441 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-09 08:59 - 2016-05-07 15:06 - 00000000 ____D C:\Users\Owner\Documents\Youcam
2016-12-09 08:58 - 2016-09-20 16:10 - 00000000 ____D C:\Users\Owner\OneDrive
2016-12-09 08:58 - 2016-05-29 11:00 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-09 08:58 - 2013-08-26 01:09 - 00956540 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-09 08:58 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2016-12-09 08:57 - 2016-06-16 09:31 - 00000920 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-09 01:42 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-09 01:41 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-12-09 01:19 - 2016-05-29 11:00 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-09 01:08 - 2016-05-07 16:13 - 00000000 ____D C:\ProgramData\TEMP
2016-12-09 00:51 - 2016-06-16 09:31 - 00000924 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-08 23:44 - 2016-08-12 12:45 - 00000000 __HDC C:\ProgramData\{3A83B8C4-5F70-453E-A723-B5672F107885}
2016-12-08 23:34 - 2014-02-21 18:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-12-08 23:34 - 2014-02-21 18:48 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-12-08 23:03 - 2016-07-12 23:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2016-12-08 22:12 - 2016-05-09 13:22 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D7E6FA46-9960-47BE-8AE6-600DC20F6780}
2016-12-08 21:53 - 2016-08-12 12:50 - 00000000 ____D C:\Users\Owner\AppData\Local\SlimWare Utilities Inc
2016-12-08 19:18 - 2016-08-14 15:51 - 00043851 _____ C:\Users\Owner\Downloads\Addition.txt
2016-12-08 19:18 - 2016-08-14 15:47 - 00062824 _____ C:\Users\Owner\Downloads\FRST.txt
2016-12-08 19:12 - 2016-08-14 15:45 - 02420224 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-12-08 17:02 - 2016-08-12 16:02 - 00000366 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Owner).job
2016-12-08 15:19 - 2013-08-22 08:25 - 00000187 _____ C:\Windows\win.ini
2016-12-08 15:15 - 2016-07-19 23:45 - 00000000 ___RD C:\Users\Owner\Creative Cloud Files
2016-12-08 15:15 - 2016-07-13 00:11 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-12-08 12:24 - 2016-05-07 15:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2016-12-08 11:27 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2016-12-08 10:13 - 2016-08-15 15:19 - 00000000 ____D C:\Program Files\CCleaner
2016-12-08 09:21 - 2014-02-21 18:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-12-08 09:18 - 2014-02-21 18:48 - 00000000 ____D C:\ProgramData\WildTangent
2016-12-08 02:52 - 2016-08-12 12:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\efo
2016-12-08 02:49 - 2016-05-07 15:03 - 00000000 ____D C:\Users\Owner
2016-12-08 02:40 - 2016-05-07 16:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-07 13:25 - 2016-08-15 16:51 - 00000000 ____D C:\Program Files\TrueKey
2016-12-06 13:06 - 2016-08-15 17:01 - 00001217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-12-06 13:05 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-12-01 18:53 - 2016-06-16 09:31 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-11-29 13:46 - 2016-06-16 09:31 - 00003896 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-29 13:46 - 2016-06-16 09:31 - 00003660 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-29 13:06 - 2016-08-15 15:19 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-11-27 19:00 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-18 22:27 - 2016-06-16 09:35 - 00000000 ___RD C:\Users\Owner\Dropbox
2016-11-18 22:26 - 2016-06-16 09:31 - 00000000 ____D C:\Users\Owner\AppData\Local\Dropbox
2016-11-17 14:13 - 2013-08-22 09:44 - 05154656 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-17 11:40 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-17 11:36 - 2014-02-21 18:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-17 11:09 - 2016-07-13 01:21 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-11-17 11:01 - 2016-07-13 01:21 - 00000000 ____D C:\Users\Owner\Documents\Adobe
2016-11-17 10:59 - 2016-09-14 02:17 - 00000000 ____D C:\Program Files\Adobe
2016-11-17 10:54 - 2016-09-14 02:19 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-11-17 10:47 - 2016-07-13 00:04 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-11-16 17:10 - 2016-05-29 11:29 - 00000000 ____D C:\Windows\system32\MRT
2016-11-16 17:04 - 2016-05-29 11:29 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-09 09:17 - 2016-08-15 16:51 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
==================== Files in the root of some directories =======
2016-12-08 02:59 - 2016-12-08 02:59 - 7310848 _____ () C:\Users\Owner\AppData\Roaming\agent.dat
2016-12-08 02:59 - 2016-12-08 02:59 - 0070704 _____ () C:\Users\Owner\AppData\Roaming\Config.xml
2016-12-08 02:58 - 2016-12-08 02:59 - 0016224 _____ () C:\Users\Owner\AppData\Roaming\InstallationConfiguration.xml
2016-12-08 02:58 - 2016-12-08 02:58 - 0140288 _____ () C:\Users\Owner\AppData\Roaming\Installer.dat
2016-12-08 02:59 - 2016-12-08 02:59 - 0018432 _____ () C:\Users\Owner\AppData\Roaming\Main.dat
2016-12-08 02:59 - 2016-12-08 02:59 - 0005568 _____ () C:\Users\Owner\AppData\Roaming\md.xml
2016-12-08 02:59 - 2016-12-08 02:59 - 0126464 _____ () C:\Users\Owner\AppData\Roaming\noah.dat
2016-12-08 02:59 - 2016-12-08 02:59 - 1907835 _____ () C:\Users\Owner\AppData\Roaming\Transfax.tst
2016-12-08 03:00 - 2016-12-08 03:00 - 0032038 _____ () C:\Users\Owner\AppData\Roaming\uninstall_temp.ico
2016-12-07 09:27 - 2016-12-07 09:27 - 0005120 _____ () C:\Users\Owner\AppData\Local\ddnow.exe
2016-03-18 00:00 - 2016-03-18 00:00 - 0000000 _____ () C:\Users\Owner\AppData\Local\ok223.txt
2016-12-08 01:18 - 2016-12-08 01:18 - 0528896 _____ (minis) C:\Users\Owner\AppData\Local\predicates.exe
2016-12-08 02:51 - 2016-12-08 02:51 - 0000003 _____ () C:\Users\Owner\AppData\Local\run1.txt
2016-12-08 02:52 - 2016-12-08 02:52 - 0000000 _____ () C:\Users\Owner\AppData\Local\tr5b.txt
Files to move or delete:
====================
C:\Users\Owner\AppData\Roaming\Interstatnogui\interstatnogui.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Owner (09-12-2016 09:11:00)
Running from C:\Users\Owner\Desktop
Windows 8.1 (Update) (X64) (2016-05-07 20:02:51)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1984768383-2945694233-2252105598-500 - Administrator - Disabled)
Guest (S-1-5-21-1984768383-2945694233-2252105598-501 - Limited - Disabled)
Owner (S-1-5-21-1984768383-2945694233-2252105598-1002 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E0F06755100}) (Version: 15.006.30244 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{A3B31167-C1B8-416E-35E6-8966F355418C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4503 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3304 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3618 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.00.100 - Nuance Communications Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{0F475378-05E5-453D-99B3-CFB58218D5E9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{2C395A31-8A70-4C2E-893F-25CBF37394CC}) (Version: 7.4.50.10 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.9042 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\OneDriveSetup.exe) (Version: 17.3.6517.0809 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7426.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
ProxyGate version 3.0.0.1176 (HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1176 - Gold Click Ltd) <==== ATTENTION
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29074 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7171 - Realtek Semiconductor Corp.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.6.2 - Synaptics Incorporated)
SyncFileSetup (x86) (x32 Version: 1.2.5793.19891 - Western Digital Technologies, Inc) Hidden
vShare Helper (HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\vShare Helper) (Version: 1.1.5.3 - vShare.com Co.,LTD)
WD Access (HKLM-x32\...\{79f4d6a1-f721-43f9-8e15-19129edd8f19}) (Version: 1.1.5767.15076 - Western Digital Technologies, Inc.)
WD Access (x32 Version: 1.1.5767.15076 - Western Digital Technologies, Inc) Hidden
WD Sync (HKLM-x32\...\{f9386239-2d5b-4e8a-aec6-156c568155ec}) (Version: 1.2.5793.19891 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0C0AFE69-CBEC-4B1B-BB10-1B52601155C5} - System32\Tasks\{3642E9CF-9229-4600-8FDA-2EFF27B0942C} => pcalua.exe -a C:\Users\Owner\AppData\Local\uninstallro.exe
Task: {107AD98D-398D-4B3F-B8A9-9012832AF621} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-07] (Synaptics Incorporated)
Task: {1AF79A0E-82C3-43B0-B7D7-4DBCEE8D271F} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-12-17] (CyberLink Corp.)
Task: {1CCF0303-2440-4B51-A8B2-436E7401FEAE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-12-16] (Hewlett-Packard Company)
Task: {1FB480B9-CD02-465F-A9D5-0F7B39026202} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {22443467-488E-4D81-BFB7-4FB11557BBD0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation)
Task: {27C0A64C-5098-4265-B2B5-5EF06A1C0B16} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {2DD80982-9C9F-4E22-84B1-CF3E1F535726} - System32\Tasks\psv_Tresfax => /c regedit.exe /s "C:\ProgramData\Quoteex\Yearcore.reg" & del "C:\ProgramData\Quoteex\Yearcore.reg" & SCHTASKS /Delete /TN "psv_Tresfax" /F <==== ATTENTION
Task: {32561B9C-20BA-44D7-A678-502563E8BD10} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {36291BBD-0446-4D38-9DE0-2CF2B0A1C5BA} - System32\Tasks\Da2168104221681042 => C:\Users\Owner\AppData\Local\low.exe
Task: {3AF11470-D4A0-49CB-9FB5-0ADD62AF8642} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {3C21C76A-7FBB-42E1-A570-BF480CA7D242} - System32\Tasks\41777599 => C:\Program Files (x86)\Hamon\low.exe <==== ATTENTION
Task: {46ABCC5A-349A-4121-A8D2-89BFD225AA61} - System32\Tasks\psv_Hotlight => /c regedit.exe /s "C:\ProgramData\Quoteex\Lamlab.reg" & del "C:\ProgramData\Quoteex\Lamlab.reg" & SCHTASKS /Delete /TN "psv_Hotlight" /F <==== ATTENTION
Task: {4BB866E7-EF6F-43BB-87F2-F77CBA6FB163} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-12-16] (Hewlett-Packard Company)
Task: {4CA71005-924A-4B1C-B4FF-44B92D38E225} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {5020EDD4-5533-463A-B48E-2942D1D9497E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {52BBFD60-FF72-4B3F-A4E0-A17202E5DAAF} - System32\Tasks\21681042 => C:\Users\Owner\AppData\Local\low.exe <==== ATTENTION
Task: {5770EB8F-26F2-405D-856A-705000B2253A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-16] (Dropbox, Inc.)
Task: {596BD565-EB0A-4160-887C-DFA4F858D072} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-16] (Dropbox, Inc.)
Task: {75ABC42D-8B96-46AC-8EF1-AD17F9401172} - System32\Tasks\SUPERAntiSpyware Scheduled Task 9e88b202-93b7-4d8f-baa9-5d103a1f07d5 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {871C2029-FD6F-4A1A-9189-B7B67F313D19} - System32\Tasks\69914424 => C:\Program Files (x86)\Undoes\low.exe [2016-12-08] () <==== ATTENTION
Task: {8BDDED05-97C9-4D9B-B9CA-2004B542EF25} - System32\Tasks\Da6991442469914424 => C:\Program Files (x86)\Undoes\low.exe [2016-12-08] ()
Task: {903CCA55-9CB5-45AC-9F84-E672DE5C88D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {9D8D6F72-3A76-4780-A6FD-1BB41A425876} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
Task: {AA521709-0CAD-4B4B-A4E0-9D8081FE05CF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {BA9D046C-B740-423C-817C-CBB0989E5D67} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {BCDFEAAF-48F5-4670-9AA1-55159AFE8120} - System32\Tasks\AdobeAAMUpdater-1.0-Smith-PC-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {BD5C7C7C-6EDA-445D-A012-266A5611A3D8} - System32\Tasks\Da4177759941777599 => C:\Program Files (x86)\Hamon\low.exe
Task: {C3A00456-0AC6-4039-A83D-CEC3B23E059E} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Owner) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {C86EE836-0CC5-4F7E-9432-2B6091D9B461} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2016-04-23] (McAfee, Inc.)
Task: {CD793485-2329-44B8-A2C0-63EAE70D2BAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {D13C9BBA-8A25-4A7B-96A7-21ACBDA80770} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {DE87D587-BE9D-43C4-B5FF-13876A6EE1D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-29] (Google Inc.)
Task: {DFB47F9D-6162-46A3-A38C-E0EB7F2FE586} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-29] (Google Inc.)
Task: {E29A640A-DD57-45D4-A39D-1B568D7D8CE5} - System32\Tasks\SUPERAntiSpyware Scheduled Task 7cc9fbc5-e185-437c-8b69-3724f3b45856 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {EDC5844A-1CA8-4F80-8A20-C1DE11C6A4FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {EEE89191-0B57-4BAA-B6EF-BC08D9838279} - System32\Tasks\psv_Lamis => /c regedit.exe /s "C:\ProgramData\Quoteex\Domsilzap.reg" & del "C:\ProgramData\Quoteex\Domsilzap.reg" & SCHTASKS /Delete /TN "psv_Lamis" /F <==== ATTENTION
Task: {F18A7749-9AA2-4E4A-84D7-98EDDC6ED8E7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-21] (Piriform Ltd)
Task: {F9992C12-3ADF-4C3F-BC24-5AB1A54BAE02} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Owner).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 7cc9fbc5-e185-437c-8b69-3724f3b45856.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 9e88b202-93b7-4d8f-baa9-5d103a1f07d5.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Owner\Desktop\WDMyCloud - Shortcut.lnk -> hxxp://10.0.0.10
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
==================== Loaded Modules (Whitelisted) ==============
2013-10-14 14:23 - 2013-10-14 14:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 14:24 - 2013-10-14 14:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 14:25 - 2013-10-14 14:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 14:35 - 2013-10-14 14:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 14:35 - 2013-10-14 14:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-12-11 17:11 - 2013-12-11 17:11 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-22 09:23 - 2016-09-22 09:23 - 00077824 _____ () C:\Program Files (x86)\dataup\dataup.exe
2016-09-26 02:00 - 2016-09-28 03:08 - 00057856 _____ () C:\ProgramData\NetworkPacketManitor\Nettrans.exe
2016-12-08 03:00 - 2016-12-08 03:00 - 00470592 _____ () C:\Windows\SysWOW64\NetUtils2016.exe
2016-12-08 03:00 - 2016-12-09 01:46 - 00625272 _____ () C:\Windows\System32\NetUtils2016.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-15 15:19 - 2016-10-30 11:12 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-10-14 14:30 - 2013-10-14 14:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2016-01-06 11:41 - 2016-01-06 11:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-12-09 09:03 - 2016-12-09 09:03 - 00358912 _____ () C:\ProgramData\AppxeetouQ\Zumlab.dll
2016-12-09 09:02 - 2016-12-08 02:05 - 00400896 _____ () C:\ProgramData\AppxeetouQ\AppxeetouQ.exe
2016-05-29 11:19 - 2016-05-29 11:19 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2016-09-21 23:32 - 2016-09-21 23:32 - 00224768 _____ () C:\Program Files (x86)\dataup\help_dll.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [132]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\...\sharepoint.com -> hxxps://mailirsc-files.sharepoint.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 08:25 - 2016-12-08 02:51 - 00001046 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
162.222.193.86 aoaomo.tremorhub.com
162.222.193.86 www.howcast.com
162.222.193.86 howcast.com
192.192.3.8 www.virustotal.com
192.192.3.8 virustotal.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1984768383-2945694233-2252105598-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "WDAppManager"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{107B422A-D0AB-449F-A1AA-C817425F30A4}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ED88D1C7-C270-4D46-A4EF-5097B952B6ED}] => LPort=2869
FirewallRules: [{BFE52D7C-AE3A-4CFA-ABF5-CC7C43499C2F}] => LPort=1900
FirewallRules: [{663CF732-DD41-47C7-99BA-F0DA231DC35A}] => C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{D0965732-E040-4205-96DF-71DE67C04772}] => C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{2AFC2523-92B4-4881-A64B-37B3DF250EE3}] => %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{51C2F6A7-7307-4A96-A673-321E57FD7959}] => %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{BDEF92DD-2FEF-4BE2-8DBB-7082997619B0}] => %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{B15A4410-322D-44D8-BFE1-7F9FD7F0CC32}] => %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{D962882F-3580-435D-AF20-28684EE66874}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{984A98BE-2F37-40AC-AA85-A1EAAACBD480}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5B7927E7-8C97-4A5F-9FBF-2364891B75A7}] => C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0BE510EE-C771-4B21-9EED-50215D0A5401}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F4578446-9999-4156-9C05-BB05CC6611CF}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BDE5C514-3F67-4F99-A26D-6F74ADA16B60}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4A023536-259E-4535-A346-29A1351C2882}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{49F45BF9-629E-4634-87FF-0206D8FD9562}] => C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{077D3B58-EBA6-4F9A-924B-38C6C73B77DC}] => C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{98CF36DD-002C-47D7-A6F3-8C22FA4848CF}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{A102E186-3B3F-4C3E-87B0-B8C629C17894}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E290C894-FE29-48CD-85A6-051DB04E3913}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{ACB75E4F-A7CA-4AD4-A674-EC4D48074A29}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7A628478-0B7F-45F1-9DAF-B151105148E2}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{30F1077D-3FB0-42AF-B78E-6239A4FD0032}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6DB66054-D168-449B-8350-0C4A32EC1839}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E24190F6-F5ED-4A01-B9FD-05363F2FF108}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{9DC07A29-9B73-4858-80CC-9195BD9A9A57}] => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{BB396CE8-D628-4D41-88F0-AFEFA86700BB}] => C:\Windows\system32\rundll32.exe
FirewallRules: [{15917833-B7A8-4389-927C-B8A58886AFC7}] => C:\Users\Owner\AppData\Local\ddnow.exe
FirewallRules: [{F690E5B5-DE78-4E87-9380-E84090FCDB0A}] => C:\Users\Owner\AppData\Local\Temp\installer1.exe
FirewallRules: [{97F46F78-E874-42D0-A9C7-09F0C475D080}] => C:\Users\Owner\AppData\Local\29924446.exe
FirewallRules: [{F523302B-DA30-4609-8E55-12024C57BEAD}] => C:\Program Files (x86)\Undoes\low.exe
FirewallRules: [{4DFCDF10-4134-4F5C-9880-68BA6AF281DA}] => C:\Program Files (x86)\Hamon\low.exe
==================== Restore Points =========================
29-11-2016 14:29:18 Scheduled Checkpoint
07-12-2016 02:47:38 Scheduled Checkpoint
08-12-2016 09:15:45 Removed Traffic Exchange
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/09/2016 08:58:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Owner\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="*",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (12/09/2016 01:46:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 54.0.2840.99 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: f24
Start Time: 01d251e7a9b2db3b
Termination Time: 34738
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Report Id: 109a8b52-bddb-11e6-82e9-b8ee65099743
Faulting package full name:
Faulting package-relative application ID:
Error: (12/09/2016 01:43:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Owner\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="*",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (12/09/2016 01:42:23 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
Error: (12/08/2016 11:34:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Au_.exe, version: 37.1.1.4, time stamp: 0x49ee67aa
Faulting module name: Wpc.dll_unloaded, version: 6.3.9600.17415, time stamp: 0x54503e7c
Exception code: 0xc0000005
Fault offset: 0x000775a0
Faulting process id: 0x379c
Faulting application start time: 0x01d251d57546361e
Faulting application path: C:\Users\Owner\AppData\Local\Temp\~nsu.tmp\Au_.exe
Faulting module path: Wpc.dll
Report Id: b797a8cb-bdc8-11e6-82e8-b8ee65099743
Faulting package full name:
Faulting package-relative application ID:
Error: (12/08/2016 11:04:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Owner\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="*",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (12/08/2016 10:44:59 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
Error: (12/08/2016 10:42:36 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (12/08/2016 10:42:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\dragon_support_packager.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Error: (12/08/2016 10:01:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
System errors:
=============
Error: (12/09/2016 01:42:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.
Error: (12/09/2016 01:42:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.
Error: (12/09/2016 01:41:31 AM) (Source: DCOM) (EventID: 10010) (User: SMITH-PC)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (12/08/2016 10:45:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.
Error: (12/08/2016 10:44:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
The system cannot find the file specified.
Error: (12/08/2016 10:43:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the mfefire service.
Error: (12/08/2016 10:43:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the ModuleCoreService service.
Error: (12/08/2016 10:43:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the mccspsvc service.
Error: (12/08/2016 10:43:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the mfemms service.
Error: (12/08/2016 10:43:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (60000 milliseconds) was reached while waiting for a transaction response from the ClickToRunSvc service.
==================== Memory info ===========================
Processor: AMD A10-5750M APU with Radeon HD Graphics
Percentage of memory in use: 49%
Total physical RAM: 5338.26 MB
Available physical RAM: 2714.3 MB
Total Virtual: 6234.26 MB
Available Virtual: 3304.79 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:902.06 GB) (Free:752.46 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:28.68 GB) (Free:3.04 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 99C3433D)
Partition: GPT.
==================== End of Addition.txt ============================
Edited by christiety03, 09 December 2016 - 09:31 AM.