Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

infected pc


  • Please log in to reply

#1
sue reeve

sue reeve

    New Member

  • Member
  • Pip
  • 1 posts

hi i have been getting lagging and pc crashing warning messages to ring this number immediatley or we will stop your pc??i have scanned with macafee nothing found today had 2 phone calls saying they need to chaNGE MY IP NUMBER WOULD I PLEASE TURN PC ON I HUNG UP THE SECOND SAID FROM WINDOWS AGAIN I HUNG UP NO IDEA WHATS GOING ON WHEN I DID TURN PC ON I COULDNT OPEN GOOGLE CHROME HAD TO UNINSTALL THEN REINSTALL PLEASE HELP

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by gentlerain (administrator) on SUESP (16-01-2017 15:17:18)
Running from C:\Users\gentlerain\Downloads
Loaded Profiles: gentlerain (Available Profiles: gentlerain)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\McCSPServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AMD) C:\Windows\System32\atieclxx.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\Magnify.exe
() C:\Users\gentlerain\AppData\Roaming\SysMon\sysmon.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(© 2015 Microsoft Corporation) C:\Users\gentlerain\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Windows\HelpPane.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1612.3341.0_x64__8wekyb3d8bbwe\Calculator.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-24] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [fst_uk_1] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26287016 2017-01-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-562656355-2901532616-2536167456-1002\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-08-09] (InstallShield Software Corporation)
HKU\S-1-5-21-562656355-2901532616-2536167456-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-562656355-2901532616-2536167456-1002\...\Run: [BingSvc] => C:\Users\gentlerain\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-562656355-2901532616-2536167456-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-562656355-2901532616-2536167456-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\TIGERA~1.SCR [3750446 2015-09-16] ()
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-562656355-2901532616-2536167456-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-562656355-2901532616-2536167456-1002] => file://C:/Program%20Files%20(x86)/LPT/Proxy.pac
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2dbc01a8-4e66-4987-985b-1a54bd3d2199}: [DhcpNameServer] 192.168.1.254
ManualProxies: 0file://C:/Program%20Files%20(x86)/LPT/Proxy.pac
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_38_wbf_tpvidsft_16_26&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyBtBtAtN1L2XzutAtFtByEtFtCtDtFtCtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StByE0B0C0F0E0D0FtGtA0DyC0CtG0AyDtD0FtGyDtA0C0DtG0A0F0AyDyCtB0C0AyEzzyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D382694861%26a%3Dhdr_s_16_38_wbf_tpvidsft_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131183480067592391&GUID=2E22A02E-8B75-48A0-8529-3A7927E7410A
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZOkiLMwdFQEJrVxK-JPlQEJf7UcoDCQam5kcL5htPuwsC4SXptkavg3YtL7YuKr5Eae0fMxV8bhc-YXZd7FzhuoJUvSwRNRMgHQoqiOoe32y8RKYSb4VEl_xShbXCOyA2qujHS8si2ijw,,&q={searchTerms}
HKU\S-1-5-21-562656355-2901532616-2536167456-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-562656355-2901532616-2536167456-1002\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=39033&home=true&tid=114
HKU\S-1-5-21-562656355-2901532616-2536167456-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_38_wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyBtBtAtN1L2XzutAtFtByEtFtCtDtFtCtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StByE0B0C0F0E0D0FtGtA0DyC0CtG0AyDtD0FtGyDtA0C0DtG0A0F0AyDyCtB0C0AyEzzyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D382694861%26a%3Dhdr_s_16_38_wbf_tpvidsft_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_38_wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyBtBtAtN1L2XzutAtFtByEtFtCtDtFtCtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StByE0B0C0F0E0D0FtGtA0DyC0CtG0AyDtD0FtGyDtA0C0DtG0A0F0AyDyCtB0C0AyEzzyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D382694861%26a%3Dhdr_s_16_38_wbf_tpvidsft_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyCyEtCtN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2StDtAtAyB0F0D0A0BtGtAyByE0FtGyDtByB0BtGtAzyyBtBtG0Dzz0D0AyByD0EyBtBzzyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D495210464%26a%3Dwbf_tpvidsft_16_26%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_27_wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyCyDtDtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyD0AtAzzzzyEzyyEtGyCtC0BzztG0A0D0CyEtGtAtDyDyDtG0F0ByCtDtB0AyDtA0E0C0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D404109493%26a%3Dhdr_s_16_27_wbf_tpvidsft_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_38_wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyBtBtAtN1L2XzutAtFtByEtFtCtDtFtCtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StByE0B0C0F0E0D0FtGtA0DyC0CtG0AyDtD0FtGyDtA0C0DtG0A0F0AyDyCtB0C0AyEzzyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D382694861%26a%3Dhdr_s_16_38_wbf_tpvidsft_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_38_wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyBtBtAtN1L2XzutAtFtByEtFtCtDtFtCtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StByE0B0C0F0E0D0FtGtA0DyC0CtG0AyDtD0FtGyDtA0C0DtG0A0F0AyDyCtB0C0AyEzzyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D382694861%26a%3Dhdr_s_16_38_wbf_tpvidsft_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyCyEtCtN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2StDtAtAyB0F0D0A0BtGtAyByE0FtGyDtByB0BtGtAzyyBtBtG0Dzz0D0AyByD0EyBtBzzyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D495210464%26a%3Dwbf_tpvidsft_16_26%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZOkiLMwdFQEJrVxK-JPlQEJf7UcoDCQam5kcL5htPuwsC4SXptkavg3YtL7YuKr5Eae0fMxV8bhc-YXZd7FzhuoJUvSwRNRMgHQoqiOoe32y8RKYSb4VEl_xShbXCOyA2qujHS8si2ijw,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_27_wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyCyDtDtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyD0AtAzzzzyEzyyEtGyCtC0BzztG0A0D0CyEtGtAtDyDyDtG0F0ByCtDtB0AyDtA0E0C0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D404109493%26a%3Dhdr_s_16_27_wbf_tpvidsft_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331401&octid=EB_ORIGINAL_CTID&ISID=M9BED4808-CCE1-4F42-81F4-BC1F0E556EDB&SearchSource=58&CUI=&UM=8&UP=SP021F868C-D881-4636-A1D0-F92DE38EB9D1&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_38_wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyBtBtAtN1L2XzutAtFtByEtFtCtDtFtCtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StByE0B0C0F0E0D0FtGtA0DyC0CtG0AyDtD0FtGyDtA0C0DtG0A0F0AyDyCtB0C0AyEzzyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D382694861%26a%3Dhdr_s_16_38_wbf_tpvidsft_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB691D20151112&p={searchTerms}
SearchScopes: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> {AC61418A-9CF7-42CC-9F15-BC91C35FEC09} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyCyEtCtN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2StDtAtAyB0F0D0A0BtGtAyByE0FtGyDtByB0BtGtAzyyBtBtG0Dzz0D0AyByD0EyBtBzzyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D495210464%26a%3Dwbf_tpvidsft_16_26%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
BHO: No Name -> {11111111-1111-1111-1111-110411901104} -> No File
BHO: No Name -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> No File
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
BHO-x32: Applon -> {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} -> C:\Program Files (x86)\SmartMediaConverter\Applon_ie.dll [2013-09-03] (Applon)
BHO-x32: Positive Finds -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll => No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Toolbar: HKLM - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
DPF: HKLM-x32 {2A293777-79CA-4DD9-A545-0E1718C0D3CF} hxxps://bg.itronenergypoint.net/IHVConnect2/KeyboxControl.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\gentlerain\AppData\Roaming\Mozilla\Firefox\Profiles\i233vc8b.default [2017-01-15]
FF user.js: detected! => C:\Users\gentlerain\AppData\Roaming\Mozilla\Firefox\Profiles\i233vc8b.default\user.js [2014-04-29]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\i233vc8b.default -> Bing 
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\i233vc8b.default -> hxxps://www.google.com/search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\i233vc8b.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\i233vc8b.default -> hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZOkiLMwdFQEJrVxK-JPlQEJf7UcoDCQam5kcL5htPuwsC4SXptkavg3YtL7YuKr5Eae0fMxV8bhc-YbUToE50-rJ2mCtxBMavGLX6F2a6d-Rf2WYYTfGYksqlVtdX4j_ZmlUkUYxaFiHA,,
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\i233vc8b.default -> Bing 
FF Keyword.URL: Mozilla\Firefox\Profiles\i233vc8b.default -> hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF NewTab: Mozilla\Firefox\Profiles\i233vc8b.default -> hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZOkiLMwdFQEJrVxK-JPlQEJf7UcoDCQam5kcL5htPuwsC4SXptkavg3YtL7YuKr5Eae0fMxV8bhc-YdQaf86t-mTEioTmnwk-mcb1Fp6ldOz9WXloATaGA4X_V1OXekVwxBJXYrXbT71w,,
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\i233vc8b.default -> Bing 
FF Extension: (Positive Finds) - C:\Users\gentlerain\AppData\Roaming\Mozilla\Firefox\Profiles\i233vc8b.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi [2015-02-08] [not signed]
FF Extension: (Shopping Helper Smartbar) - C:\Users\gentlerain\AppData\Roaming\Mozilla\Firefox\Profiles\i233vc8b.default\Extensions\{d382bffc-75f4-52e3-2cfa-61ebf61c9960} [2014-04-20] [not signed]
FF SearchPlugin: C:\Users\gentlerain\AppData\Roaming\Mozilla\Firefox\Profiles\i233vc8b.default\searchplugins\bingp.xml [2014-12-27]
FF SearchPlugin: C:\Users\gentlerain\AppData\Roaming\Mozilla\Firefox\Profiles\i233vc8b.default\searchplugins\Mysearchdial.xml [2014-04-29]
FF SearchPlugin: C:\Users\gentlerain\AppData\Roaming\Mozilla\Firefox\Profiles\i233vc8b.default\searchplugins\Web Search.xml [2014-05-04]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-01-11]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-13] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxps://www.google.co.uk/search?q=google%20search"
CHR DefaultSearchURL: Profile 1 -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> bing.com
CHR DefaultSuggestURL: Profile 1 -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default [2015-11-29]
CHR Extension: (Google Slides) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-27]
CHR Extension: (Google Docs) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-27]
CHR Extension: (Google Drive) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-27]
CHR Extension: (YouTube) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-27]
CHR Extension: (Bing) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2015-11-27]
CHR Extension: (Google Search) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-27]
CHR Extension: (Google Sheets) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-27]
CHR Extension: (SiteAdvisor) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-27]
CHR Extension: (Avira Browser Safety) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-11-27]
CHR Extension: (Google Docs Offline) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-27]
CHR Extension: (Skype Click to Call) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-27]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-11-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-27]
CHR Extension: (Gmail) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-27]
CHR Profile: C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-02-12]
CHR Profile: C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-16]
CHR Extension: (Google Slides) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-12]
CHR Extension: (Google Docs) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Google Drive) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-13]
CHR Extension: (Skype Calling) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-11-28]
CHR Extension: (YouTube) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Dropbox for Gmail) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-12-05]
CHR Extension: (PhotoFunia) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdobpagoeokcdnpgdehandkpoabkibcj [2015-03-11]
CHR Extension: (Google Sheets) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-12]
CHR Extension: (jollywallet) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fhogchfgdonibfhhcalbaaejfoopigik [2015-02-12]
CHR Extension: (Avira Browser Safety) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-20]
CHR Extension: (Google Docs Offline) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-30]
CHR Extension: (My Scrap Nook) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf [2015-02-13]
CHR Extension: (iPiccy Photo Editor) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2015-04-14]
CHR Extension: (Spell Checker for Chrome) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jfpdnkkdgghlpdgldicfgnnnkhdfhocg [2015-02-12]
CHR Extension: (Coupons at Checkout) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2016-09-12]
CHR Extension: (Email This!) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo [2015-02-12]
CHR Extension: (Skype) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-23]
CHR Extension: (AnonMe) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mopkmlafmmhcgdkdmldfiohlajhlpcch [2016-12-31]
CHR Extension: (EasyPhotoEdit) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nffddjoibhjhmidfeflefakdkbhbnhpg [2016-09-30]
CHR Extension: (Shopping Helper) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlcphjankhppgohedpkjonpadimhaoof [2015-02-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Audio Converter) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ojfphighcpfimfhblaigjckljcoeipga [2015-02-12]
CHR Extension: (Hover Zoom+) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2017-01-16]
CHR Extension: (Gmail) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-562656355-2901532616-2536167456-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-562656355-2901532616-2536167456-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-562656355-2901532616-2536167456-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gnfaiijpfcmdehcgcnnippmnhjjnbllp] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-13] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51504 2017-01-06] (Dropbox, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [187840 2016-10-24] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2016-12-06] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\\McCSPServiceHost.exe [2053568 2016-11-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S2 avgntflt; C:\Windows\SysWOW64\DRIVERS\avgntflt.sys [144664 2016-08-18] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\SysWOW64\DRIVERS\avipbb.sys [154392 2016-08-18] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\SysWOW64\DRIVERS\avkmgr.sys [35488 2016-08-18] (Avira Operations GmbH & Co. KG)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
U5 iaStorA; C:\Windows\System32\Drivers\iaStorA.sys [645952 2012-07-09] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-16 15:17 - 2017-01-16 15:18 - 00050604 _____ C:\Users\gentlerain\Downloads\FRST.txt
2017-01-16 15:17 - 2017-01-16 15:17 - 00000000 ____D C:\FRST
2017-01-16 15:15 - 2017-01-16 15:16 - 02419200 _____ (Farbar) C:\Users\gentlerain\Downloads\FRST64.exe
2017-01-16 14:02 - 2017-01-16 14:02 - 01065376 _____ (Google Inc.) C:\Users\gentlerain\Downloads\ChromeSetup.exe
2017-01-16 14:02 - 2017-01-16 14:02 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-16 14:02 - 2017-01-16 14:02 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-16 11:48 - 2017-01-16 11:48 - 00000000 ___HD C:\OneDriveTemp
2017-01-15 22:18 - 2017-01-15 22:18 - 00000000 ____D C:\Users\gentlerain\AppData\Roaming\MyTurboPC.com
2017-01-15 22:17 - 2017-01-15 22:17 - 10578984 _____ (MyTurboPC.com) C:\Users\gentlerain\Downloads\Myturbopc_2ce2b7d6-b9d6-4e6a-a865-200d3b44579a_.exe
2017-01-15 22:17 - 2017-01-15 22:17 - 00000000 ____D C:\ProgramData\MyTurboPC.com
2017-01-15 20:09 - 2017-01-16 11:49 - 00003110 _____ C:\WINDOWS\System32\Tasks\RunAtStartup
2017-01-15 20:09 - 2017-01-16 11:49 - 00000000 ____D C:\Users\gentlerain\AppData\Roaming\SysMon
2017-01-15 17:14 - 2017-01-15 17:14 - 00000000 ____D C:\$WINDOWS.~BT
2017-01-15 16:30 - 2017-01-15 17:13 - 00000000 ___HD C:\$SysReset
2017-01-15 14:29 - 2017-01-16 11:47 - 00000000 ____D C:\Users\gentlerain\AppData\LocalLow\uTorrent
2017-01-12 20:50 - 2017-01-12 20:50 - 00000000 _____ C:\autoexec.bat
2017-01-12 19:00 - 2016-07-14 16:05 - 00002024 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170112-190032.backup
2017-01-12 18:31 - 2017-01-12 21:41 - 00000085 _____ C:\WINDOWS\wininit.ini
2017-01-11 20:09 - 2017-01-11 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-11 14:32 - 2017-01-12 21:57 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-11 14:32 - 2017-01-12 21:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-11 14:32 - 2017-01-11 14:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-01-10 21:28 - 2016-12-21 08:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 21:28 - 2016-12-21 08:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 21:28 - 2016-12-21 07:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 21:28 - 2016-12-21 07:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 21:28 - 2016-12-21 07:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 21:28 - 2016-12-21 07:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 21:28 - 2016-12-21 07:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 21:28 - 2016-12-21 07:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 21:28 - 2016-12-21 07:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 21:28 - 2016-12-21 07:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 21:28 - 2016-12-21 07:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 21:28 - 2016-12-21 07:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 21:28 - 2016-12-21 07:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 21:28 - 2016-12-21 06:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 21:28 - 2016-12-21 06:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 21:28 - 2016-12-21 06:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 21:28 - 2016-12-21 06:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 21:28 - 2016-12-21 06:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 21:28 - 2016-12-21 06:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 21:28 - 2016-12-21 05:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 21:28 - 2016-12-21 05:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 21:28 - 2016-12-21 05:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 21:28 - 2016-12-21 04:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 21:28 - 2016-12-21 04:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 21:28 - 2016-12-21 04:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 21:28 - 2016-12-21 04:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 21:28 - 2016-12-21 04:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 21:28 - 2016-12-21 04:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 21:28 - 2016-12-21 04:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 21:28 - 2016-12-21 04:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 21:28 - 2016-12-21 04:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 21:28 - 2016-12-21 04:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 21:28 - 2016-12-21 04:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 21:28 - 2016-12-14 05:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 21:28 - 2016-12-14 05:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 21:28 - 2016-12-14 05:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 21:28 - 2016-12-14 05:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 21:28 - 2016-12-14 05:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 21:28 - 2016-12-14 04:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 21:28 - 2016-12-14 04:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 21:28 - 2016-12-14 04:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 21:28 - 2016-12-14 04:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 21:28 - 2016-12-14 04:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 21:28 - 2016-12-14 04:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 21:28 - 2016-12-14 04:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 21:28 - 2016-12-14 04:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 21:28 - 2016-12-14 04:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 21:28 - 2016-12-14 04:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 21:28 - 2016-12-14 04:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 21:28 - 2016-12-14 04:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 21:28 - 2016-12-14 04:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 21:28 - 2016-12-14 04:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 21:28 - 2016-12-14 04:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 21:28 - 2016-12-14 04:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 21:28 - 2016-12-14 04:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 21:28 - 2016-12-14 04:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 21:28 - 2016-12-14 04:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 21:28 - 2016-12-14 04:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 21:28 - 2016-12-14 04:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 21:28 - 2016-11-02 12:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 21:28 - 2016-08-02 04:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 21:27 - 2016-12-21 08:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 21:27 - 2016-12-21 07:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 21:27 - 2016-12-21 07:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 21:27 - 2016-12-21 07:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 21:27 - 2016-12-21 07:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 21:27 - 2016-12-21 07:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 21:27 - 2016-12-21 07:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 21:27 - 2016-12-21 07:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 21:27 - 2016-12-21 07:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 21:27 - 2016-12-21 07:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 21:27 - 2016-12-21 07:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 21:27 - 2016-12-21 07:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 21:27 - 2016-12-21 07:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 21:27 - 2016-12-21 07:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 21:27 - 2016-12-21 07:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 21:27 - 2016-12-21 07:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 21:27 - 2016-12-21 07:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 21:27 - 2016-12-21 07:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 21:27 - 2016-12-21 07:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 21:27 - 2016-12-21 07:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 21:27 - 2016-12-21 07:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 21:27 - 2016-12-21 07:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 21:27 - 2016-12-21 07:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 21:27 - 2016-12-21 07:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 21:27 - 2016-12-21 07:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 21:27 - 2016-12-21 07:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 21:27 - 2016-12-21 06:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 21:27 - 2016-12-21 06:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 21:27 - 2016-12-21 06:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 21:27 - 2016-12-21 06:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 21:27 - 2016-12-21 06:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 21:27 - 2016-12-21 06:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 21:27 - 2016-12-21 06:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 21:27 - 2016-12-21 06:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 21:27 - 2016-12-21 06:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 21:27 - 2016-12-21 06:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 21:27 - 2016-12-21 06:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 21:27 - 2016-12-21 06:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 21:27 - 2016-12-21 06:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 21:27 - 2016-12-21 06:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 21:27 - 2016-12-21 05:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 21:27 - 2016-12-21 05:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 21:27 - 2016-12-21 05:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 21:27 - 2016-12-21 05:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 21:27 - 2016-12-21 05:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 21:27 - 2016-12-21 05:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 21:27 - 2016-12-21 04:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 21:27 - 2016-12-21 04:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 21:27 - 2016-12-21 04:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 21:27 - 2016-12-21 04:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 21:27 - 2016-12-21 04:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 21:27 - 2016-12-21 04:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 21:27 - 2016-12-21 04:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 21:27 - 2016-12-21 04:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 21:27 - 2016-12-21 04:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 21:27 - 2016-12-21 04:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 21:27 - 2016-12-21 04:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 21:27 - 2016-12-21 04:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 21:27 - 2016-12-21 04:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 21:27 - 2016-12-21 04:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 21:27 - 2016-12-21 04:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 21:27 - 2016-12-21 04:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 21:27 - 2016-12-21 04:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 21:27 - 2016-12-14 05:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 21:27 - 2016-12-14 05:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 21:27 - 2016-12-14 05:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 21:27 - 2016-12-14 05:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 21:27 - 2016-12-14 05:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 21:27 - 2016-12-14 05:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 21:27 - 2016-12-14 05:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 21:27 - 2016-12-14 05:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 21:27 - 2016-12-14 05:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 21:27 - 2016-12-14 05:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 21:27 - 2016-12-14 05:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 21:27 - 2016-12-14 05:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 21:27 - 2016-12-14 05:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 21:27 - 2016-12-14 04:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 21:27 - 2016-12-14 04:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 21:27 - 2016-12-14 04:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 21:27 - 2016-12-14 04:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 21:27 - 2016-12-14 04:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 21:27 - 2016-12-14 04:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 21:27 - 2016-12-14 04:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 21:27 - 2016-12-14 04:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 21:27 - 2016-12-14 04:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 21:27 - 2016-12-14 04:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 21:27 - 2016-12-14 04:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 21:27 - 2016-12-14 04:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 21:27 - 2016-12-14 04:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 21:27 - 2016-12-14 04:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 21:27 - 2016-12-14 04:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 21:27 - 2016-12-14 04:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 21:27 - 2016-12-14 04:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 21:27 - 2016-12-14 04:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 21:27 - 2016-12-14 04:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 21:27 - 2016-12-14 04:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 21:27 - 2016-12-14 04:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 21:27 - 2016-12-14 04:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 21:27 - 2016-12-14 04:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 21:27 - 2016-12-14 04:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 21:27 - 2016-12-14 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 21:27 - 2016-11-02 11:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 21:27 - 2016-11-02 10:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 21:27 - 2016-11-02 10:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 21:27 - 2016-11-02 10:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-08 21:49 - 2017-01-08 21:49 - 00001154 _____ C:\Users\Public\Desktop\MyCraftStudio.lnk
2017-01-08 21:49 - 2017-01-08 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Craft Studio
2017-01-08 21:48 - 2017-01-08 21:49 - 00000000 ____D C:\Program Files (x86)\My Craft Studio
2017-01-08 21:22 - 2017-01-08 21:22 - 00001722 _____ C:\Users\Public\Desktop\Decoupage_2.lnk
2017-01-08 21:22 - 2017-01-08 21:22 - 00000000 ____D C:\Users\gentlerain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Decoupage_2
2017-01-08 21:22 - 2006-11-07 17:33 - 03567062 _____ (Macromedia, Inc.) C:\WINDOWS\Decoupage2Uninstall.exe
2017-01-08 21:21 - 2017-01-08 21:33 - 00000000 ____D C:\Users\gentlerain\Documents\Decoupage 2 Projects
2017-01-08 21:21 - 2017-01-08 21:28 - 00000000 ____D C:\Program Files\Decoupage_2
2017-01-08 21:21 - 2017-01-08 21:21 - 00000000 ____D C:\Users\gentlerain\Documents\Decoupage 2 Tiles
2017-01-06 00:04 - 2017-01-06 00:04 - 00051504 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-05 23:48 - 2017-01-05 23:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-05 23:48 - 2017-01-05 23:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-05 23:48 - 2017-01-05 23:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-02 18:51 - 2017-01-16 14:41 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-01-02 18:51 - 2017-01-16 14:01 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-01-01 17:28 - 2017-01-01 17:28 - 00002085 _____ C:\Users\Public\Desktop\McAfee® AntiVirus Plus.lnk
2017-01-01 17:28 - 2017-01-01 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-01 17:27 - 2016-08-02 01:03 - 00216704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2017-01-01 17:26 - 2017-01-11 18:38 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-01-01 17:26 - 2017-01-01 17:26 - 00000000 ____D C:\ProgramData\Intel Security
2017-01-01 17:24 - 2017-01-01 17:24 - 00000000 ____D C:\Program Files\McAfee.com
2017-01-01 17:23 - 2017-01-12 18:49 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-01 17:23 - 2017-01-01 17:23 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2017-01-01 17:23 - 2017-01-01 17:23 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-01 17:22 - 2016-11-14 17:41 - 00342768 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2017-01-01 17:21 - 2017-01-11 18:40 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-01 17:15 - 2017-01-11 18:38 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-12-31 12:15 - 2016-12-31 12:16 - 00000000 ____D C:\Users\gentlerain\Downloads\NOW.Thats.What.I.Call.Music95(2016)
2016-12-31 12:12 - 2016-12-31 12:12 - 00000000 ____D C:\Users\gentlerain\Downloads\mbid-8bd42e63-46cb-43e3-8294-c9c3b9793581
2016-12-28 19:45 - 2016-12-28 19:45 - 01309280 _____ C:\Users\gentlerain\Documents\IMG_20161228_0007.pdf
2016-12-28 19:44 - 2016-12-28 19:44 - 02004543 _____ C:\Users\gentlerain\Documents\IMG_20161228_0006.pdf
2016-12-28 19:44 - 2016-12-28 19:44 - 01426355 _____ C:\Users\gentlerain\Documents\IMG_20161228_0005.pdf
2016-12-28 19:43 - 2016-12-28 19:43 - 01614781 _____ C:\Users\gentlerain\Documents\IMG_20161228_0004.pdf
2016-12-28 19:42 - 2016-12-28 19:42 - 01552416 _____ C:\Users\gentlerain\Documents\IMG_20161228_0003.pdf
2016-12-28 19:41 - 2016-12-28 19:41 - 01460936 _____ C:\Users\gentlerain\Documents\IMG_20161228_0002.pdf
2016-12-28 19:39 - 2016-12-28 19:39 - 01740446 _____ C:\Users\gentlerain\Documents\IMG_20161228_0001.pdf
2016-12-28 19:39 - 2016-12-28 19:39 - 00000000 ___HD C:\ProgramData\CanonIJScan
2016-12-23 15:30 - 2016-12-23 15:30 - 00259598 _____ C:\Users\gentlerain\Documents\2016-11-Bill.pdf
2016-12-18 15:01 - 2016-12-18 15:01 - 00344210 _____ C:\Users\gentlerain\Documents\Invoice.pdf
 
==================== One Month Modified files and folders ========
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by gentlerain (administrator) on SUESP (16-01-2017 15:17:18)
Running from C:\Users\gentlerain\Downloads
Loaded Profiles: gentlerain (Available Profiles: gentlerain)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\McCSPServiceHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AMD) C:\Windows\System32\atieclxx.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\Magnify.exe
() C:\Users\gentlerain\AppData\Roaming\SysMon\sysmon.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(© 2015 Microsoft Corporation) C:\Users\gentlerain\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Windows\HelpPane.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1612.3341.0_x64__8wekyb3d8bbwe\Calculator.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
(Microsoft Corporation) C:\Windows\System32\AtBroker.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-24] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1163264 2012-09-25] ()
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46368 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [29984 2008-07-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [fst_uk_1] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26287016 2017-01-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-562656355-2901532616-2536167456-1002\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-08-09] (InstallShield Software Corporation)
HKU\S-1-5-21-562656355-2901532616-2536167456-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-562656355-2901532616-2536167456-1002\...\Run: [BingSvc] => C:\Users\gentlerain\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-562656355-2901532616-2536167456-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-562656355-2901532616-2536167456-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\TIGERA~1.SCR [3750446 2015-09-16] ()
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-562656355-2901532616-2536167456-1002\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-562656355-2901532616-2536167456-1002] => file://C:/Program%20Files%20(x86)/LPT/Proxy.pac
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2dbc01a8-4e66-4987-985b-1a54bd3d2199}: [DhcpNameServer] 192.168.1.254
ManualProxies: 0file://C:/Program%20Files%20(x86)/LPT/Proxy.pac
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_38_wbf_tpvidsft_16_26&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyBtBtAtN1L2XzutAtFtByEtFtCtDtFtCtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StByE0B0C0F0E0D0FtGtA0DyC0CtG0AyDtD0FtGyDtA0C0DtG0A0F0AyDyCtB0C0AyEzzyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D382694861%26a%3Dhdr_s_16_38_wbf_tpvidsft_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131183480067592391&GUID=2E22A02E-8B75-48A0-8529-3A7927E7410A
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZOkiLMwdFQEJrVxK-JPlQEJf7UcoDCQam5kcL5htPuwsC4SXptkavg3YtL7YuKr5Eae0fMxV8bhc-YXZd7FzhuoJUvSwRNRMgHQoqiOoe32y8RKYSb4VEl_xShbXCOyA2qujHS8si2ijw,,&q={searchTerms}
HKU\S-1-5-21-562656355-2901532616-2536167456-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-562656355-2901532616-2536167456-1002\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=39033&home=true&tid=114
HKU\S-1-5-21-562656355-2901532616-2536167456-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_38_wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyBtBtAtN1L2XzutAtFtByEtFtCtDtFtCtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StByE0B0C0F0E0D0FtGtA0DyC0CtG0AyDtD0FtGyDtA0C0DtG0A0F0AyDyCtB0C0AyEzzyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D382694861%26a%3Dhdr_s_16_38_wbf_tpvidsft_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_38_wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyBtBtAtN1L2XzutAtFtByEtFtCtDtFtCtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StByE0B0C0F0E0D0FtGtA0DyC0CtG0AyDtD0FtGyDtA0C0DtG0A0F0AyDyCtB0C0AyEzzyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D382694861%26a%3Dhdr_s_16_38_wbf_tpvidsft_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyCyEtCtN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2StDtAtAyB0F0D0A0BtGtAyByE0FtGyDtByB0BtGtAzyyBtBtG0Dzz0D0AyByD0EyBtBzzyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D495210464%26a%3Dwbf_tpvidsft_16_26%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_27_wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyCyDtDtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyD0AtAzzzzyEzyyEtGyCtC0BzztG0A0D0CyEtGtAtDyDyDtG0F0ByCtDtB0AyDtA0E0C0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D404109493%26a%3Dhdr_s_16_27_wbf_tpvidsft_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_38_wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyBtBtAtN1L2XzutAtFtByEtFtCtDtFtCtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StByE0B0C0F0E0D0FtGtA0DyC0CtG0AyDtD0FtGyDtA0C0DtG0A0F0AyDyCtB0C0AyEzzyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D382694861%26a%3Dhdr_s_16_38_wbf_tpvidsft_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_38_wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyBtBtAtN1L2XzutAtFtByEtFtCtDtFtCtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StByE0B0C0F0E0D0FtGtA0DyC0CtG0AyDtD0FtGyDtA0C0DtG0A0F0AyDyCtB0C0AyEzzyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D382694861%26a%3Dhdr_s_16_38_wbf_tpvidsft_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyCyEtCtN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2StDtAtAyB0F0D0A0BtGtAyByE0FtGyDtByB0BtGtAzyyBtBtG0Dzz0D0AyByD0EyBtBzzyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D495210464%26a%3Dwbf_tpvidsft_16_26%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZOkiLMwdFQEJrVxK-JPlQEJf7UcoDCQam5kcL5htPuwsC4SXptkavg3YtL7YuKr5Eae0fMxV8bhc-YXZd7FzhuoJUvSwRNRMgHQoqiOoe32y8RKYSb4VEl_xShbXCOyA2qujHS8si2ijw,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_27_wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyCyDtDtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyD0AtAzzzzyEzyyEtGyCtC0BzztG0A0D0CyEtGtAtDyDyDtG0F0ByCtDtB0AyDtA0E0C0EyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D404109493%26a%3Dhdr_s_16_27_wbf_tpvidsft_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331401&octid=EB_ORIGINAL_CTID&ISID=M9BED4808-CCE1-4F42-81F4-BC1F0E556EDB&SearchSource=58&CUI=&UM=8&UP=SP021F868C-D881-4636-A1D0-F92DE38EB9D1&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_38_wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyBtBtAtN1L2XzutAtFtByEtFtCtDtFtCtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StByE0B0C0F0E0D0FtGtA0DyC0CtG0AyDtD0FtGyDtA0C0DtG0A0F0AyDyCtB0C0AyEzzyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D382694861%26a%3Dhdr_s_16_38_wbf_tpvidsft_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=C011GB691D20151112&p={searchTerms}
SearchScopes: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> {a62abdee-78a2-4ddb-9355-1c334abd6e43} URL = hxxp://www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> {AC61418A-9CF7-42CC-9F15-BC91C35FEC09} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_tpvidsft_16_26&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0DyEtA0DyB0EtB0FtDyByEzy0AyCtB0FtN0D0Tzu0StCyCyEtCtN1L2XzutAtFtBtAtFtCtFtBtN1L1Czu1BtCtDtN1L1G1B1V1N2Y1L1Qzu2StDtAtAyB0F0D0A0BtGtAyByE0FtGyDtByB0BtGtAzyyBtBtG0Dzz0D0AyByD0EyBtBzzyEyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtC0AyD0AtD0FzztG0AyDyDtCtGyE0DtA0CtGzyyEtAtAtG0A0DyC0ByEtCyBtBtA0EzyyD2QtN0A0LzutB%26cr%3D495210464%26a%3Dwbf_tpvidsft_16_26%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
BHO: No Name -> {11111111-1111-1111-1111-110411901104} -> No File
BHO: No Name -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> No File
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
BHO-x32: Applon -> {1B4D240E-8BDE-4C8D-8B93-C74D2F8A8284} -> C:\Program Files (x86)\SmartMediaConverter\Applon_ie.dll [2013-09-03] (Applon)
BHO-x32: Positive Finds -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> C:\Program Files (x86)\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll => No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Toolbar: HKLM - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} -  No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - No Name - {05478A66-EDB6-4A22-A870-A5987F80A7DA} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-562656355-2901532616-2536167456-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
DPF: HKLM-x32 {2A293777-79CA-4DD9-A545-0E1718C0D3CF} hxxps://bg.itronenergypoint.net/IHVConnect2/KeyboxControl.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-10-24] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\gentlerain\AppData\Roaming\Mozilla\Firefox\Profiles\i233vc8b.default [2017-01-15]
FF user.js: detected! => C:\Users\gentlerain\AppData\Roaming\Mozilla\Firefox\Profiles\i233vc8b.default\user.js [2014-04-29]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\i233vc8b.default -> Bing 
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\i233vc8b.default -> hxxps://www.google.com/search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\i233vc8b.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\i233vc8b.default -> hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZOkiLMwdFQEJrVxK-JPlQEJf7UcoDCQam5kcL5htPuwsC4SXptkavg3YtL7YuKr5Eae0fMxV8bhc-YbUToE50-rJ2mCtxBMavGLX6F2a6d-Rf2WYYTfGYksqlVtdX4j_ZmlUkUYxaFiHA,,
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\i233vc8b.default -> Bing 
FF Keyword.URL: Mozilla\Firefox\Profiles\i233vc8b.default -> hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF NewTab: Mozilla\Firefox\Profiles\i233vc8b.default -> hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJlBATeRnAqXYyYJDXLfK6eZOkiLMwdFQEJrVxK-JPlQEJf7UcoDCQam5kcL5htPuwsC4SXptkavg3YtL7YuKr5Eae0fMxV8bhc-YdQaf86t-mTEioTmnwk-mcb1Fp6ldOz9WXloATaGA4X_V1OXekVwxBJXYrXbT71w,,
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\i233vc8b.default -> Bing 
FF Extension: (Positive Finds) - C:\Users\gentlerain\AppData\Roaming\Mozilla\Firefox\Profiles\i233vc8b.default\Extensions\{7084813e-70d5-4251-9d2b-03bda4f44792}.xpi [2015-02-08] [not signed]
FF Extension: (Shopping Helper Smartbar) - C:\Users\gentlerain\AppData\Roaming\Mozilla\Firefox\Profiles\i233vc8b.default\Extensions\{d382bffc-75f4-52e3-2cfa-61ebf61c9960} [2014-04-20] [not signed]
FF SearchPlugin: C:\Users\gentlerain\AppData\Roaming\Mozilla\Firefox\Profiles\i233vc8b.default\searchplugins\bingp.xml [2014-12-27]
FF SearchPlugin: C:\Users\gentlerain\AppData\Roaming\Mozilla\Firefox\Profiles\i233vc8b.default\searchplugins\Mysearchdial.xml [2014-04-29]
FF SearchPlugin: C:\Users\gentlerain\AppData\Roaming\Mozilla\Firefox\Profiles\i233vc8b.default\searchplugins\Web Search.xml [2014-05-04]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-01-11]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-13] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxps://www.google.co.uk/search?q=google%20search"
CHR DefaultSearchURL: Profile 1 -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Profile 1 -> bing.com
CHR DefaultSuggestURL: Profile 1 -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default [2015-11-29]
CHR Extension: (Google Slides) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-27]
CHR Extension: (Google Docs) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-27]
CHR Extension: (Google Drive) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-27]
CHR Extension: (YouTube) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-27]
CHR Extension: (Bing) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2015-11-27]
CHR Extension: (Google Search) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-27]
CHR Extension: (Google Sheets) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-27]
CHR Extension: (SiteAdvisor) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-27]
CHR Extension: (Avira Browser Safety) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-11-27]
CHR Extension: (Google Docs Offline) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-27]
CHR Extension: (Skype Click to Call) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-11-27]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-11-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-27]
CHR Extension: (Gmail) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-27]
CHR Profile: C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-02-12]
CHR Profile: C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-16]
CHR Extension: (Google Slides) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-12]
CHR Extension: (Google Docs) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Google Drive) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-03-13]
CHR Extension: (Skype Calling) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-11-28]
CHR Extension: (YouTube) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Dropbox for Gmail) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-12-05]
CHR Extension: (PhotoFunia) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdobpagoeokcdnpgdehandkpoabkibcj [2015-03-11]
CHR Extension: (Google Sheets) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-12]
CHR Extension: (jollywallet) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fhogchfgdonibfhhcalbaaejfoopigik [2015-02-12]
CHR Extension: (Avira Browser Safety) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-09-20]
CHR Extension: (Google Docs Offline) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-30]
CHR Extension: (My Scrap Nook) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf [2015-02-13]
CHR Extension: (iPiccy Photo Editor) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2015-04-14]
CHR Extension: (Spell Checker for Chrome) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jfpdnkkdgghlpdgldicfgnnnkhdfhocg [2015-02-12]
CHR Extension: (Coupons at Checkout) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2016-09-12]
CHR Extension: (Email This!) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kfakeonomonapccoamcmdgpoaicnpnoo [2015-02-12]
CHR Extension: (Skype) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-23]
CHR Extension: (AnonMe) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mopkmlafmmhcgdkdmldfiohlajhlpcch [2016-12-31]
CHR Extension: (EasyPhotoEdit) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nffddjoibhjhmidfeflefakdkbhbnhpg [2016-09-30]
CHR Extension: (Shopping Helper) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nlcphjankhppgohedpkjonpadimhaoof [2015-02-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Audio Converter) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ojfphighcpfimfhblaigjckljcoeipga [2015-02-12]
CHR Extension: (Hover Zoom+) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pccckmaobkjjboncdfnnofkonhgpceea [2017-01-16]
CHR Extension: (Gmail) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\gentlerain\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-562656355-2901532616-2536167456-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-562656355-2901532616-2536167456-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-562656355-2901532616-2536167456-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gnfaiijpfcmdehcgcnnippmnhjjnbllp] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-13] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51504 2017-01-06] (Dropbox, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [187840 2016-10-24] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2016-12-06] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\\McCSPServiceHost.exe [2053568 2016-11-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S2 avgntflt; C:\Windows\SysWOW64\DRIVERS\avgntflt.sys [144664 2016-08-18] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\SysWOW64\DRIVERS\avipbb.sys [154392 2016-08-18] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\SysWOW64\DRIVERS\avkmgr.sys [35488 2016-08-18] (Avira Operations GmbH & Co. KG)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
U5 iaStorA; C:\Windows\System32\Drivers\iaStorA.sys [645952 2012-07-09] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-16 15:17 - 2017-01-16 15:18 - 00050604 _____ C:\Users\gentlerain\Downloads\FRST.txt
2017-01-16 15:17 - 2017-01-16 15:17 - 00000000 ____D C:\FRST
2017-01-16 15:15 - 2017-01-16 15:16 - 02419200 _____ (Farbar) C:\Users\gentlerain\Downloads\FRST64.exe
2017-01-16 14:02 - 2017-01-16 14:02 - 01065376 _____ (Google Inc.) C:\Users\gentlerain\Downloads\ChromeSetup.exe
2017-01-16 14:02 - 2017-01-16 14:02 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-16 14:02 - 2017-01-16 14:02 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-16 11:48 - 2017-01-16 11:48 - 00000000 ___HD C:\OneDriveTemp
2017-01-15 22:18 - 2017-01-15 22:18 - 00000000 ____D C:\Users\gentlerain\AppData\Roaming\MyTurboPC.com
2017-01-15 22:17 - 2017-01-15 22:17 - 10578984 _____ (MyTurboPC.com) C:\Users\gentlerain\Downloads\Myturbopc_2ce2b7d6-b9d6-4e6a-a865-200d3b44579a_.exe
2017-01-15 22:17 - 2017-01-15 22:17 - 00000000 ____D C:\ProgramData\MyTurboPC.com
2017-01-15 20:09 - 2017-01-16 11:49 - 00003110 _____ C:\WINDOWS\System32\Tasks\RunAtStartup
2017-01-15 20:09 - 2017-01-16 11:49 - 00000000 ____D C:\Users\gentlerain\AppData\Roaming\SysMon
2017-01-15 17:14 - 2017-01-15 17:14 - 00000000 ____D C:\$WINDOWS.~BT
2017-01-15 16:30 - 2017-01-15 17:13 - 00000000 ___HD C:\$SysReset
2017-01-15 14:29 - 2017-01-16 11:47 - 00000000 ____D C:\Users\gentlerain\AppData\LocalLow\uTorrent
2017-01-12 20:50 - 2017-01-12 20:50 - 00000000 _____ C:\autoexec.bat
2017-01-12 19:00 - 2016-07-14 16:05 - 00002024 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170112-190032.backup
2017-01-12 18:31 - 2017-01-12 21:41 - 00000085 _____ C:\WINDOWS\wininit.ini
2017-01-11 20:09 - 2017-01-11 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-11 14:32 - 2017-01-12 21:57 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-11 14:32 - 2017-01-12 21:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-11 14:32 - 2017-01-11 14:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-01-10 21:28 - 2016-12-21 08:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 21:28 - 2016-12-21 08:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 21:28 - 2016-12-21 07:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 21:28 - 2016-12-21 07:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 21:28 - 2016-12-21 07:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 21:28 - 2016-12-21 07:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 21:28 - 2016-12-21 07:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 21:28 - 2016-12-21 07:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 21:28 - 2016-12-21 07:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 21:28 - 2016-12-21 07:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 21:28 - 2016-12-21 07:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 21:28 - 2016-12-21 07:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 21:28 - 2016-12-21 07:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 21:28 - 2016-12-21 06:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 21:28 - 2016-12-21 06:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 21:28 - 2016-12-21 06:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 21:28 - 2016-12-21 06:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 21:28 - 2016-12-21 06:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 21:28 - 2016-12-21 06:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 21:28 - 2016-12-21 05:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 21:28 - 2016-12-21 05:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 21:28 - 2016-12-21 05:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 21:28 - 2016-12-21 04:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 21:28 - 2016-12-21 04:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 21:28 - 2016-12-21 04:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 21:28 - 2016-12-21 04:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 21:28 - 2016-12-21 04:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 21:28 - 2016-12-21 04:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 21:28 - 2016-12-21 04:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 21:28 - 2016-12-21 04:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 21:28 - 2016-12-21 04:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 21:28 - 2016-12-21 04:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 21:28 - 2016-12-21 04:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 21:28 - 2016-12-14 05:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 21:28 - 2016-12-14 05:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 21:28 - 2016-12-14 05:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 21:28 - 2016-12-14 05:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 21:28 - 2016-12-14 05:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 21:28 - 2016-12-14 04:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 21:28 - 2016-12-14 04:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 21:28 - 2016-12-14 04:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 21:28 - 2016-12-14 04:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 21:28 - 2016-12-14 04:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 21:28 - 2016-12-14 04:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 21:28 - 2016-12-14 04:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 21:28 - 2016-12-14 04:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 21:28 - 2016-12-14 04:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 21:28 - 2016-12-14 04:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 21:28 - 2016-12-14 04:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 21:28 - 2016-12-14 04:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 21:28 - 2016-12-14 04:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 21:28 - 2016-12-14 04:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 21:28 - 2016-12-14 04:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 21:28 - 2016-12-14 04:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 21:28 - 2016-12-14 04:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 21:28 - 2016-12-14 04:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 21:28 - 2016-12-14 04:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 21:28 - 2016-12-14 04:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 21:28 - 2016-12-14 04:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 21:28 - 2016-11-02 12:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 21:28 - 2016-08-02 04:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 21:27 - 2016-12-21 08:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 21:27 - 2016-12-21 07:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 21:27 - 2016-12-21 07:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 21:27 - 2016-12-21 07:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 21:27 - 2016-12-21 07:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 21:27 - 2016-12-21 07:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 21:27 - 2016-12-21 07:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 21:27 - 2016-12-21 07:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 21:27 - 2016-12-21 07:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 21:27 - 2016-12-21 07:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 21:27 - 2016-12-21 07:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 21:27 - 2016-12-21 07:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 21:27 - 2016-12-21 07:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 21:27 - 2016-12-21 07:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 21:27 - 2016-12-21 07:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 21:27 - 2016-12-21 07:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 21:27 - 2016-12-21 07:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 21:27 - 2016-12-21 07:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 21:27 - 2016-12-21 07:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 21:27 - 2016-12-21 07:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 21:27 - 2016-12-21 07:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 21:27 - 2016-12-21 07:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 21:27 - 2016-12-21 07:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 21:27 - 2016-12-21 07:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 21:27 - 2016-12-21 07:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 21:27 - 2016-12-21 07:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 21:27 - 2016-12-21 06:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 21:27 - 2016-12-21 06:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 21:27 - 2016-12-21 06:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 21:27 - 2016-12-21 06:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 21:27 - 2016-12-21 06:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 21:27 - 2016-12-21 06:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 21:27 - 2016-12-21 06:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 21:27 - 2016-12-21 06:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 21:27 - 2016-12-21 06:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 21:27 - 2016-12-21 06:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 21:27 - 2016-12-21 06:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 21:27 - 2016-12-21 06:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 21:27 - 2016-12-21 06:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 21:27 - 2016-12-21 06:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 21:27 - 2016-12-21 05:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 21:27 - 2016-12-21 05:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 21:27 - 2016-12-21 05:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 21:27 - 2016-12-21 05:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 21:27 - 2016-12-21 05:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 21:27 - 2016-12-21 05:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 21:27 - 2016-12-21 04:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 21:27 - 2016-12-21 04:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 21:27 - 2016-12-21 04:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 21:27 - 2016-12-21 04:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 21:27 - 2016-12-21 04:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 21:27 - 2016-12-21 04:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 21:27 - 2016-12-21 04:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 21:27 - 2016-12-21 04:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 21:27 - 2016-12-21 04:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 21:27 - 2016-12-21 04:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 21:27 - 2016-12-21 04:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 21:27 - 2016-12-21 04:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 21:27 - 2016-12-21 04:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 21:27 - 2016-12-21 04:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 21:27 - 2016-12-21 04:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 21:27 - 2016-12-21 04:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 21:27 - 2016-12-21 04:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 21:27 - 2016-12-14 05:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 21:27 - 2016-12-14 05:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 21:27 - 2016-12-14 05:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 21:27 - 2016-12-14 05:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 21:27 - 2016-12-14 05:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 21:27 - 2016-12-14 05:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 21:27 - 2016-12-14 05:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 21:27 - 2016-12-14 05:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 21:27 - 2016-12-14 05:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 21:27 - 2016-12-14 05:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 21:27 - 2016-12-14 05:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 21:27 - 2016-12-14 05:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 21:27 - 2016-12-14 05:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 21:27 - 2016-12-14 04:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 21:27 - 2016-12-14 04:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 21:27 - 2016-12-14 04:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 21:27 - 2016-12-14 04:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 21:27 - 2016-12-14 04:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 21:27 - 2016-12-14 04:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 21:27 - 2016-12-14 04:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 21:27 - 2016-12-14 04:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 21:27 - 2016-12-14 04:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 21:27 - 2016-12-14 04:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 21:27 - 2016-12-14 04:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 21:27 - 2016-12-14 04:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 21:27 - 2016-12-14 04:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 21:27 - 2016-12-14 04:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 21:27 - 2016-12-14 04:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 21:27 - 2016-12-14 04:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 21:27 - 2016-12-14 04:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 21:27 - 2016-12-14 04:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 21:27 - 2016-12-14 04:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 21:27 - 2016-12-14 04:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 21:27 - 2016-12-14 04:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 21:27 - 2016-12-14 04:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 21:27 - 2016-12-14 04:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 21:27 - 2016-12-14 04:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 21:27 - 2016-12-14 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 21:27 - 2016-11-02 11:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 21:27 - 2016-11-02 10:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 21:27 - 2016-11-02 10:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 21:27 - 2016-11-02 10:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-08 21:49 - 2017-01-08 21:49 - 00001154 _____ C:\Users\Public\Desktop\MyCraftStudio.lnk
2017-01-08 21:49 - 2017-01-08 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Craft Studio
2017-01-08 21:48 - 2017-01-08 21:49 - 00000000 ____D C:\Program Files (x86)\My Craft Studio
2017-01-08 21:22 - 2017-01-08 21:22 - 00001722 _____ C:\Users\Public\Desktop\Decoupage_2.lnk
2017-01-08 21:22 - 2017-01-08 21:22 - 00000000 ____D C:\Users\gentlerain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Decoupage_2
2017-01-08 21:22 - 2006-11-07 17:33 - 03567062 _____ (Macromedia, Inc.) C:\WINDOWS\Decoupage2Uninstall.exe
2017-01-08 21:21 - 2017-01-08 21:33 - 00000000 ____D C:\Users\gentlerain\Documents\Decoupage 2 Projects
2017-01-08 21:21 - 2017-01-08 21:28 - 00000000 ____D C:\Program Files\Decoupage_2
2017-01-08 21:21 - 2017-01-08 21:21 - 00000000 ____D C:\Users\gentlerain\Documents\Decoupage 2 Tiles
2017-01-06 00:04 - 2017-01-06 00:04 - 00051504 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-05 23:48 - 2017-01-05 23:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-05 23:48 - 2017-01-05 23:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-05 23:48 - 2017-01-05 23:48 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-02 18:51 - 2017-01-16 14:41 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-01-02 18:51 - 2017-01-16 14:01 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-01-01 17:28 - 2017-01-01 17:28 - 00002085 _____ C:\Users\Public\Desktop\McAfee® AntiVirus Plus.lnk
2017-01-01 17:28 - 2017-01-01 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-01 17:27 - 2016-08-02 01:03 - 00216704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2017-01-01 17:26 - 2017-01-11 18:38 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-01-01 17:26 - 2017-01-01 17:26 - 00000000 ____D C:\ProgramData\Intel Security
2017-01-01 17:24 - 2017-01-01 17:24 - 00000000 ____D C:\Program Files\McAfee.com
2017-01-01 17:23 - 2017-01-12 18:49 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-01 17:23 - 2017-01-01 17:23 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2017-01-01 17:23 - 2017-01-01 17:23 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-01 17:22 - 2016-11-14 17:41 - 00342768 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2017-01-01 17:21 - 2017-01-11 18:40 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-01 17:15 - 2017-01-11 18:38 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-12-31 12:15 - 2016-12-31 12:16 - 00000000 ____D C:\Users\gentlerain\Downloads\NOW.Thats.What.I.Call.Music95(2016)
2016-12-31 12:12 - 2016-12-31 12:12 - 00000000 ____D C:\Users\gentlerain\Downloads\mbid-8bd42e63-46cb-43e3-8294-c9c3b9793581
2016-12-28 19:45 - 2016-12-28 19:45 - 01309280 _____ C:\Users\gentlerain\Documents\IMG_20161228_0007.pdf
2016-12-28 19:44 - 2016-12-28 19:44 - 02004543 _____ C:\Users\gentlerain\Documents\IMG_20161228_0006.pdf
2016-12-28 19:44 - 2016-12-28 19:44 - 01426355 _____ C:\Users\gentlerain\Documents\IMG_20161228_0005.pdf
2016-12-28 19:43 - 2016-12-28 19:43 - 01614781 _____ C:\Users\gentlerain\Documents\IMG_20161228_0004.pdf
2016-12-28 19:42 - 2016-12-28 19:42 - 01552416 _____ C:\Users\gentlerain\Documents\IMG_20161228_0003.pdf
2016-12-28 19:41 - 2016-12-28 19:41 - 01460936 _____ C:\Users\gentlerain\Documents\IMG_20161228_0002.pdf
2016-12-28 19:39 - 2016-12-28 19:39 - 01740446 _____ C:\Users\gentlerain\Documents\IMG_20161228_0001.pdf
2016-12-28 19:39 - 2016-12-28 19:39 - 00000000 ___HD C:\ProgramData\CanonIJScan
2016-12-23 15:30 - 2016-12-23 15:30 - 00259598 _____ C:\Users\gentlerain\Documents\2016-11-Bill.pdf
2016-12-18 15:01 - 2016-12-18 15:01 - 00344210 _____ C:\Users\gentlerain\Documents\Invoice.pdf
 
==================== One Month Modified files and folders ========
 
 
 

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,008 posts
  • MVP
Multiple Replies are easiest.  If you post a log as you get it then you don't lose logs.
 
Get the free 14 day trial of MBAM:
 
Download Malwarebytes' Anti-Malware from http://www.malwareby...am-download.php
 
right-click the mbam-setup file you downloaded and RUn As Admin.
 
Once MBAM opens, when it says Your databases are out of date, click the Update Now button.
 
Once you get the green checkmark:
Click the Scan tab at the left of the program window, select Threat Scan and click the Scan Now button.
 
The scan may take some time to finish,so please be patient.
If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export Summary button, select Text file 
 
(*.txt), and save the log to your Desktop. Post the log.   You can also save a step and select Copy to clipboard instead of Text file then you can 
 
move to a reply and Ctrl + v to paste it into the reply.
 
The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
 
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
===
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    •  
     
  • Right click FRST64.exe and Run as administrator  When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP