Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Web browsing unusually slow

Started by gmcube , Jan 22 2017 10:09 PM

Please log in to reply

#1
gmcube

Posted 22 January 2017 - 10:09 PM

Member

Member
176 posts

I first noticed the problem a few days ago in Firefox, but chrome doesn't fair much better. Often a lot of elements like thumbnails flat out wont load. Youtube will take like 2 mins to even start playing. And when turn off my ad blocker I notice more intrusive ads than I think I should be seeing. Sometimes I cant even right click without being redirected. I ran various scanners and got some of the symptoms to ease up, but I think more can be done.

I have tried resetting my firefox profile, no change.

Normal things outside of web browsing seem fine.

Haven't been here in a while, is this the right scan to start with?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by tonya (administrator) on HOME (22-01-2017 22:59:44)
Running from C:\Users\tonya\Downloads
Loaded Profiles: tonya (Available Profiles: tonya & wiicu)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "K:\ff\firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Scarlet.Crush Productions) C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Flux Software LLC) C:\Users\tonya\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\sugarcoated\thigpen.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) K:\ff\firefox.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Spotify Ltd) C:\Users\tonya\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [123800 2016-11-18] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26287016 2017-01-05] (Dropbox, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-04] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [868352 2016-03-02] (RemoteMouse.net)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWoW64\userinit.exe,
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [uTorrent] => C:\Users\tonya\AppData\Roaming\uTorrent\uTorrent.exe [1979072 2017-01-08] (BitTorrent Inc.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [Google Update] => C:\Users\tonya\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [EPSON Stylus Photo R220] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIAIA.EXE [211456 2006-12-25] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [Spotify] => C:\Users\tonya\AppData\Roaming\Spotify\Spotify.exe [6805616 2016-03-20] (Spotify Ltd)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [hubiC] => C:\Program Files\OVH\hubiC\hubiC.exe [3527168 2015-03-03] (OVH)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [f.lux] => C:\Users\tonya\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [thigpen] => C:\Program Files (x86)\sugarcoated\thigpen.exe [36840 2016-10-21] ()
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [WiinUSoft] => C:\Program Files\WiinUSoft\WiinUSoft.exe [3273216 2015-09-07] ()
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [torchbearers] => "C:\Program Files (x86)\si\disparate.exe"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [] => 0
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicBackupRootOverlayHandler] -> {2DF0C6DB-1E85-4894-9D4F-63CB0EAB17EA} => C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicPublishedItemOverlayHandler] -> {7C76B697-27DF-4CFF-9909-863905561298} => C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicSyncItemOverlayHandler] -> {9B497753-D273-4A80-9DE8-72248D7FA595} => C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicUnsyncItemOverlayHandler] -> {D5454A6E-0904-4BA3-9E4A-240A5080259D} => C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-12] (Microsoft Corporation)
Startup: C:\Users\tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-04-29]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\tonya\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{458d62d0-8781-4cc4-a1cf-cd118439edb4}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{47696d14-a98f-4ac8-adf3-5107a53a7243}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{be060f33-9fcd-456f-a7c3-29089e3ee7e6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f5ca0098-b3b3-4a1c-9583-dc11a77d36c3}: [DhcpNameServer] 82.163.143.176

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-291635215-515170609-3999724420-1001 -> {9FA945DD-4733-4FEF-AC83-E900E9AC7183} URL =
SearchScopes: HKU\S-1-5-21-291635215-515170609-3999724420-1001 -> {C7B0FD4F-5B13-41BC-AB39-A4295FC6DD0F} URL = hxxp://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
SearchScopes: HKU\S-1-5-21-291635215-515170609-3999724420-1001 -> {E9E1D8CE-343B-4F42-82CC-EEEDA10AB3F5} URL = hxxp://search.whiteskyservices.com/?wstoken=6AF9B5EE-BAE4-4906-A05C-1B522D55AE52&dtid=1&pid=21&src=sgsearch&v=1.14.1210.3&searchparam={SearchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-22] (Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll => No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-22] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll => No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File
Toolbar: HKLM-x32 - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: u68ebjyn.default-1394244039659
FF ProfilePath: C:\Users\tonya\AppData\Roaming\Mozilla\Firefox\Profiles\rchc9kh1.default-1485055679079 [2017-01-22]
FF Extension: (uBlock Origin) - C:\Users\tonya\AppData\Roaming\Mozilla\Firefox\Profiles\rchc9kh1.default-1485055679079\Extensions\[email protected] [2017-01-22]
FF ProfilePath: C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 [2017-01-21]
FF NewTab: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 ->
FF DefaultSearchEngine: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 -> Google
FF DefaultSearchEngine.US: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 -> Google
FF SelectedSearchEngine: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 -> Google
FF Homepage: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 -> chrome://speeddial/content/speeddial.xul
FF Session Restore: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 -> is enabled.
FF Extension: (Google Images) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\@google-images.xpi [2015-11-08]
FF Extension: (Customizable Shortcuts) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2015-11-11]
FF Extension: (Exif Viewer) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-03-06]
FF Extension: (facepaste) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-01-08]
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-01-02]
FF Extension: (Hide Menubar) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2015-05-31]
FF Extension: (Hide Navigation Bar) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2015-05-31]
FF Extension: (YouTube mp3) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2015-05-28]
FF Extension: (Reddit Enhancement Suite) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-01-12]
FF Extension: (SmartVideo For YouTube) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-02-10]
FF Extension: (YouTube Plus) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-03-09]
FF Extension: (Turn Off the Lights) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-02-29]
FF Extension: (uBlock Origin) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-03-08]
FF Extension: (VLC Youtube Shortcut) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-02-10]
FF Extension: (Capture & Print) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2015-08-11]
FF Extension: (Image Zoom) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2015-05-31]
FF Extension: (Save Image in Folder) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}.xpi [2015-12-13]
FF Extension: (SmoothWheel (mozdev.org)) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2015-09-01]
FF Extension: (Speed Dial) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2015-09-16]
FF Extension: (Share Button for Pinterest) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2016-03-09]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-12-26]
FF Extension: (Flash and Video Download) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-03-09]
FF Extension: (Scrollbar Auto Show/Hide) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{d3d35bb5-999d-11da-a72b-0800200c9a66}.xpi [2016-01-19]
FF Extension: (Greasemonkey) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-02-21]
FF Extension: (SearchPreview) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2016-03-09]
FF Extension: (Open With Photoshop) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{f3f219f9-cbce-467e-b8fe-6e076d29665c}.xpi [2016-03-09]
FF SearchPlugin: C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\searchplugins\google-default.xml [2015-02-20]
FF SearchPlugin: C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\searchplugins\kickassto.xml [2015-10-08]
FF SearchPlugin: C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\searchplugins\youtube-mp3.xml [2015-05-15]
FF SearchPlugin: C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\searchplugins\youtube-video-search.xml [2015-08-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-18] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-291635215-515170609-3999724420-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\tonya\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-291635215-515170609-3999724420-1001: @talk.google.com/O1DPlugin -> C:\Users\tonya\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-291635215-515170609-3999724420-1001: @tools.google.com/Google Update;version=3 -> C:\Users\tonya\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-291635215-515170609-3999724420-1001: @tools.google.com/Google Update;version=9 -> C:\Users\tonya\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\tonya\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\tonya\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
StartMenuInternet: FIREFOX.EXE - K:\ff\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=GAMzftpbl0cshmoAU,60a68768-cf3b-42cd-8dc8-61ee444974c9,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default [2017-01-22]
CHR Extension: (Google Docs) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-27]
CHR Extension: (Google Drive) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-11]
CHR Extension: (YouTube) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-12]
CHR Extension: (Adblock Plus) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-02]
CHR Extension: (Google Search) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-11]
CHR Extension: (Google Docs Offline) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2278152 2015-08-04] (Broadcom Corporation.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-07-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-07-21] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-07-21] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-22] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51504 2017-01-05] (Dropbox, Inc.)
R2 Ds3Service; C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe [381952 2015-09-04] (Scarlet.Crush Productions) [File not signed]
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-05-12] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3877768 2016-12-12] (Paramount Software UK Ltd)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-04] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-04] (Panda Security, S.L.)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [29080 2016-11-18] (Samsung Electronics Co., Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [92160 2015-02-17] (Code Sector) [File not signed]
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672208 2017-01-17] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [186152 2017-01-10] (Broadcom Corporation.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-07-21] (BlueStack Systems)
R3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-07-21] (Bluestack System Inc. )
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-12-21] (REALiX™)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2013-08-06] (Apple Inc.) [File not signed]
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NNSALPC; C:\Windows\system32\DRIVERS\NNSALPC.sys [103856 2015-12-10] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [210864 2015-12-10] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [120240 2015-12-10] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [120240 2015-12-10] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [112560 2015-12-10] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\system32\DRIVERS\NNSPIHSW.sys [82864 2016-03-17] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [133552 2015-12-10] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [309680 2015-12-10] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [179632 2016-02-18] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [122800 2015-12-10] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [267184 2016-02-18] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\system32\DRIVERS\NNSTLSC.sys [115632 2015-12-10] (Panda Security, S.L.)
S3 panda_url_filteringd; C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [51288 2014-03-19] (Visicom Media Inc.)
R2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [174000 2016-08-09] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [129456 2016-08-09] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [207272 2016-08-09] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [133544 2016-08-09] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [146864 2016-08-09] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [117168 2016-08-09] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [72112 2016-08-09] (Panda Security, S.L.)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [418784 2016-12-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [5695744 2016-12-21] (Realtek Semiconductor Corporation                           )
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [272792 2016-11-18] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111512 2016-11-18] (Samsung Electronics Co., Ltd.)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2015-09-04] (Scarlet.Crush Productions)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 Tosrfcom; no ImagePath
R3 TSVAD_PCM; C:\Windows\system32\drivers\tsvadpcm.sys [33552 2016-08-11] (Windows ® Win 7 DDK provider)
R3 WacHidRouterPro; C:\Windows\System32\drivers\wachidrouter.sys [120472 2017-01-17] (Wacom Technology)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-22 22:59 - 2017-01-22 23:00 - 00046578 _____ C:\Users\tonya\Downloads\FRST.txt
2017-01-22 22:59 - 2017-01-22 22:59 - 00000000 ____D C:\FRST
2017-01-22 22:58 - 2017-01-22 22:59 - 02420736 _____ (Farbar) C:\Users\tonya\Downloads\FRST64.exe
2017-01-22 22:32 - 2017-01-22 22:32 - 00003016 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (tonya)
2017-01-22 22:28 - 2017-01-22 22:28 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2017-01-22 22:27 - 2016-08-09 21:10 - 00072112 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-01-22 22:18 - 2017-01-22 22:20 - 03988944 _____ C:\Users\tonya\Downloads\adwcleaner_6.042.exe
2017-01-22 02:21 - 2017-01-22 02:21 - 00000000 ____D C:\Users\tonya\is-I9QJF.tmp
2017-01-22 02:21 - 2017-01-22 02:21 - 00000000 ____D C:\Users\tonya\is-1CEEK.tmp
2017-01-22 02:10 - 2017-01-22 02:10 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-22 02:08 - 2017-01-22 02:08 - 00000000 ____D C:\Windows\Panther
2017-01-21 22:23 - 2017-01-21 22:23 - 00243552 _____ C:\Users\tonya\Downloads\Firefox Setup Stub 50.1.0(3).exe
2017-01-21 22:19 - 2017-01-21 22:19 - 00243552 _____ C:\Users\tonya\Downloads\Firefox Setup Stub 50.1.0(2).exe
2017-01-21 21:55 - 2017-01-21 21:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2017-01-21 21:54 - 2017-01-17 16:24 - 02274256 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 02267600 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 02173392 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 02111952 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 01787856 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 01781200 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 01673168 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 01632720 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2017-01-21 21:54 - 2017-01-17 15:26 - 00120472 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2017-01-21 17:42 - 2017-01-21 17:42 - 1103113280 _____ C:\Users\tonya\Documents\highlights.mp4
2017-01-21 12:39 - 2017-01-21 12:39 - 1528678829 _____ C:\Users\tonya\Documents\roughesthighday.mp4
2017-01-21 07:54 - 2017-01-21 08:03 - 00132448 _____ C:\Users\tonya\Documents\uhhhhm_yeah.mp4.sfk
2017-01-20 20:18 - 2017-01-20 20:18 - 21314250 _____ C:\Users\tonya\Documents\roughesthighreel.mp4
2017-01-19 21:30 - 2017-01-19 22:23 - 40865571 _____ C:\Users\tonya\Downloads\Satans_Bluetooth_Stack_Installer.exe
2017-01-19 21:04 - 2017-01-19 21:12 - 29800283 _____ C:\Users\tonya\Downloads\Unconfirmed 186042.crdownload
2017-01-19 00:03 - 2017-01-19 00:03 - 00000000 ____D C:\Users\tonya\Downloads\MS_BT_HotFix
2017-01-19 00:02 - 2017-01-19 21:33 - 00000430 _____ C:\Users\tonya\AppData\Roaming\WiinUSoft_prefs.config
2017-01-19 00:02 - 2017-01-19 00:02 - 00084154 _____ C:\Users\tonya\Downloads\MS_BT_HotFix.zip
2017-01-19 00:00 - 2017-01-19 00:00 - 00000876 _____ C:\Users\Public\Desktop\WiinUSoft.lnk
2017-01-19 00:00 - 2017-01-19 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiinUSoft
2017-01-19 00:00 - 2017-01-19 00:00 - 00000000 ____D C:\Program Files\WiinUSoft
2017-01-19 00:00 - 2015-09-04 16:55 - 00039168 _____ (Scarlet.Crush Productions) C:\Windows\system32\Drivers\ScpVBus.sys
2017-01-18 23:47 - 2017-01-18 23:59 - 48273181 _____ (Justin Keys ) C:\Users\tonya\Downloads\wiinusoft_2.1.234_setup.exe
2017-01-18 02:05 - 2017-01-18 02:05 - 00003372 _____ C:\Windows\System32\Tasks\Driver Booster Scheduler
2017-01-18 02:04 - 2017-01-18 02:04 - 17628560 _____ (IObit ) C:\Users\tonya\Downloads\driver_booster_setup (1).exe
2017-01-15 16:37 - 2017-01-15 17:52 - 00000000 ____D C:\Users\tonya\AppData\LocalLow\uTorrent
2017-01-15 16:37 - 2017-01-15 16:37 - 00000000 ____D C:\Users\tonya\Downloads\Girl Meets World S03E21 Girl Meets Goodbye 720p HDrip X264 Solar
2017-01-13 03:20 - 2017-01-13 03:20 - 01297040 _____ C:\Users\tonya\Documents\sample.veg
2017-01-12 21:39 - 2017-01-12 21:39 - 01296464 _____ C:\Users\tonya\Documents\sample.veg.bak
2017-01-11 22:23 - 2017-01-11 22:23 - 88264481 _____ C:\Users\tonya\Documents\sample.mp4
2017-01-11 17:03 - 2017-01-11 17:05 - 03356672 _____ C:\Users\tonya\Documents\sample.avi
2017-01-11 01:37 - 2017-01-11 16:56 - 12072960 _____ C:\Users\tonya\Documents\bellsdedede.avi
2017-01-10 21:16 - 2017-01-10 21:16 - 01286784 _____ C:\Users\tonya\Documents\bells.veg
2017-01-10 20:22 - 2016-12-22 18:13 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 20:22 - 2016-12-22 18:13 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 20:18 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2017-01-10 20:18 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-01-10 20:18 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-10 20:18 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-01-10 20:18 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-10 20:18 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-01-10 20:18 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2017-01-10 20:18 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-01-10 20:18 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-01-10 20:18 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-01-10 20:18 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-01-10 20:18 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-01-10 20:18 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-01-10 20:18 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-01-10 20:18 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-01-10 20:18 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-01-10 20:18 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-01-10 20:18 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2017-01-10 20:18 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2017-01-10 20:18 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2017-01-10 20:18 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2017-01-10 20:18 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll
2017-01-10 20:18 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-01-10 20:18 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-01-10 20:18 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-01-10 20:18 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-01-10 20:18 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-01-10 20:18 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-01-10 20:18 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-01-10 20:18 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2017-01-10 20:18 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2017-01-10 20:18 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-01-10 20:18 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2017-01-10 20:18 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-01-10 20:18 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-01-10 20:18 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-01-10 20:18 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll
2017-01-10 20:18 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2017-01-10 20:18 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-01-10 20:18 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-01-10 20:18 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-01-10 20:18 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2017-01-10 20:18 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2017-01-10 20:18 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-01-10 20:18 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 20:18 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-01-10 20:18 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-01-10 20:18 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-01-10 20:18 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 20:18 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-01-10 20:18 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-01-10 20:18 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-01-10 20:18 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-01-10 20:18 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-01-10 20:18 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-01-10 20:18 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-10 20:18 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-01-10 20:18 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 20:18 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 20:18 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 20:18 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-01-10 20:18 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-01-10 20:18 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-01-10 20:18 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-01-10 20:18 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-01-10 20:18 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 20:18 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-01-10 20:18 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-01-10 20:18 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-01-10 20:18 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-01-10 20:18 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-01-10 20:18 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-10 20:18 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-01-10 20:18 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 20:18 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-01-10 20:18 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-01-10 20:18 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-01-10 20:18 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-01-10 20:18 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-01-10 20:18 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-01-10 20:18 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-01-10 20:18 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-01-10 20:18 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-01-10 20:18 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-01-10 20:18 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-01-10 20:18 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-01-10 20:18 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-01-10 20:18 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2017-01-10 20:18 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 20:18 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-01-10 20:18 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-01-10 20:18 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-01-10 20:18 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2017-01-10 20:18 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-01-10 20:18 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2017-01-10 20:18 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-01-10 20:18 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2017-01-10 20:18 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 20:18 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-01-10 20:18 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-01-10 20:18 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-01-10 20:18 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-01-10 20:18 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 20:18 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 20:18 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-10 20:18 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2017-01-10 20:18 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-01-10 20:18 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-01-10 20:18 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-01-10 20:18 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 20:18 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-01-10 20:18 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-01-10 20:18 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-01-10 20:18 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2017-01-10 20:18 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-01-10 20:18 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-01-10 20:18 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 20:18 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2017-01-10 20:18 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-01-10 20:18 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll
2017-01-10 20:18 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-01-10 20:18 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 20:18 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\CloudBackupSettings.dll
2017-01-10 20:18 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 20:18 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-01-10 20:18 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2017-01-10 20:18 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-01-10 20:18 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-01-10 20:18 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 20:18 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-01-10 20:18 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-01-10 20:18 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-01-10 20:18 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2017-01-10 20:18 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2017-01-10 20:18 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 20:18 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-10 20:18 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2017-01-10 20:18 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2017-01-10 20:18 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-01-10 20:18 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-01-10 20:18 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-01-10 20:18 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-01-10 20:18 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-01-10 20:18 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-10 20:18 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-01-10 20:18 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-01-10 20:18 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-01-10 20:18 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-01-10 20:18 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-01-10 20:18 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-01-10 20:18 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 20:18 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-01-10 20:18 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-01-10 20:18 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-01-10 14:28 - 2017-01-10 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-10 03:28 - 2017-01-10 03:28 - 00001931 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2017-01-10 03:28 - 2017-01-10 03:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-01-10 03:25 - 2017-01-10 03:26 - 41896256 _____ (Apple Inc.) C:\Users\tonya\Downloads\QuickTimeInstaller(2).exe
2017-01-10 03:25 - 2017-01-10 03:25 - 01204344 _____ (Adobe Systems Incorporated) C:\Users\tonya\Downloads\readerdc_en_jd_install.exe
2017-01-10 01:38 - 2017-01-10 01:38 - 00213312 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
2017-01-10 01:38 - 2017-01-10 01:38 - 00186152 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
2017-01-10 01:38 - 2017-01-10 01:38 - 00071148 _____ C:\Windows\system32\Drivers\BCM20702A1_001.002.014.1502.1764.hex
2017-01-10 01:33 - 2017-01-10 01:33 - 00003526 _____ C:\Users\tonya\Desktop\Greeting.amr
2017-01-10 01:32 - 2017-01-10 01:32 - 00385542 _____ C:\Users\tonya\Desktop\TASCAM_005623.wav
2017-01-10 01:17 - 2017-01-10 01:16 - 00004166 _____ C:\Users\tonya\Downloads\Greeting2.amr
2017-01-10 01:13 - 2015-05-01 17:38 - 00074502 _____ C:\Users\tonya\Downloads\1.amr
2017-01-10 01:09 - 2017-01-10 01:09 - 00003526 _____ C:\Users\tonya\Downloads\Greeting.amr
2017-01-10 01:02 - 2017-01-10 01:02 - 00527423 _____ ( ) C:\Users\tonya\Downloads\Lame_v3.99.3_for_Windows.exe
2017-01-10 01:02 - 2017-01-10 01:02 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2017-01-10 00:59 - 2017-01-10 00:57 - 00004166 _____ C:\Users\tonya\Desktop\Greeting3.amr
2017-01-10 00:50 - 2017-01-10 03:03 - 00000000 ____D C:\Users\tonya\AppData\Roaming\Cyberduck
2017-01-10 00:50 - 2017-01-10 00:50 - 00000000 __SHD C:\Users\tonya\wc
2017-01-10 00:50 - 2017-01-10 00:50 - 00000000 __SHD C:\Users\tonya\AppData\Roaming\wyUpdate AU
2017-01-10 00:48 - 2017-01-10 00:48 - 00001099 _____ C:\Users\Public\Desktop\Cyberduck.lnk
2017-01-10 00:48 - 2017-01-10 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberduck
2017-01-10 00:47 - 2017-01-10 00:48 - 00000000 ____D C:\Program Files (x86)\Cyberduck
2017-01-10 00:46 - 2017-01-10 00:47 - 16547632 _____ C:\Users\tonya\Downloads\Cyberduck-Installer-4.5.1.exe
2017-01-09 14:06 - 2017-01-09 14:06 - 01286784 _____ C:\Users\tonya\Documents\bells.veg.bak
2017-01-08 16:24 - 2017-01-22 22:35 - 00000000 ____D C:\Program Files\FreeFixer
2017-01-08 16:24 - 2017-01-08 16:24 - 00000000 ____D C:\Users\tonya\AppData\Roaming\FreeFixer
2017-01-08 16:23 - 2017-01-08 16:24 - 02704615 _____ (Kephyr) C:\Users\tonya\Downloads\freefixersetup.exe
2017-01-08 03:28 - 2017-01-08 14:21 - 00000000 ____D C:\Users\tonya\Downloads\Ariana Grande - Dangerous W (2016) [24bit]
2017-01-08 01:00 - 2017-01-08 01:00 - 00000000 ____D C:\Windows\system32\RAPID
2017-01-08 01:00 - 2016-11-18 19:04 - 00272792 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\SamsungRapidDiskFltr.sys
2017-01-08 00:54 - 2017-01-08 00:54 - 00000000 ____D C:\Program Files\Western Digital
2017-01-07 14:03 - 2017-01-07 14:04 - 00173320 _____ C:\Users\tonya\Documents\MVI_6803 - 1.MOV.sfk
2017-01-07 14:03 - 2017-01-07 14:04 - 00132448 _____ C:\Users\tonya\Documents\MVI_6808 - 1.MOV.sfk
2017-01-07 14:03 - 2017-01-07 14:04 - 00115280 _____ C:\Users\tonya\Documents\MVI_6804 - 1.MOV.sfk
2017-01-07 14:03 - 2017-01-07 14:04 - 00103568 _____ C:\Users\tonya\Documents\MVI_6909 - 1.MOV.sfk
2017-01-07 14:03 - 2017-01-07 14:04 - 00063832 _____ C:\Users\tonya\Documents\MVI_6807 - 1.MOV.sfk
2017-01-07 14:03 - 2017-01-07 14:04 - 00042864 _____ C:\Users\tonya\Documents\MVI_6805 - 1.MOV.sfk
2017-01-07 04:00 - 2017-01-21 22:22 - 00000645 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-07 03:58 - 2017-01-07 03:58 - 00243552 _____ C:\Users\tonya\Downloads\Firefox Setup Stub 50.1.0.exe
2017-01-07 03:58 - 2017-01-07 03:58 - 00243552 _____ C:\Users\tonya\Downloads\Firefox Setup Stub 50.1.0(1).exe
2017-01-07 03:40 - 2017-01-07 04:45 - 00000031 _____ C:\Windows\script.txt
2017-01-07 03:36 - 2017-01-07 03:36 - 00001874 _____ C:\Users\Public\Desktop\Data Migration.lnk
2017-01-07 03:36 - 2017-01-07 03:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-01-07 03:35 - 2017-01-07 03:35 - 00000000 ____D C:\Users\tonya\Downloads\Samsung_Data_Migration_Setup_v30
2017-01-07 03:34 - 2017-01-07 03:35 - 36941793 _____ C:\Users\tonya\Downloads\Samsung_Data_Migration_Setup_v30.zip
2017-01-07 03:19 - 2017-01-07 03:20 - 00000000 ____D C:\Users\tonya\Documents\Reflect
2017-01-07 03:03 - 2017-01-07 03:03 - 00002017 _____ C:\Users\Public\Desktop\Reflect.lnk
2017-01-07 03:03 - 2017-01-07 03:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2017-01-07 03:03 - 2017-01-07 03:03 - 00000000 ____D C:\Program Files\Macrium
2017-01-07 02:42 - 2017-01-07 02:57 - 00000000 ____D C:\Users\tonya\Downloads\Macrium
2017-01-07 02:41 - 2017-01-07 03:05 - 00000000 ____D C:\ProgramData\Macrium
2017-01-07 02:38 - 2017-01-07 02:41 - 03545552 _____ (Paramount Software UK Ltd) C:\Users\tonya\Downloads\ReflectDL.exe
2017-01-06 20:37 - 2017-01-06 20:37 - 00003330 _____ C:\Windows\System32\Tasks\SamsungMagician
2017-01-06 20:37 - 2017-01-06 20:37 - 00001318 _____ C:\Users\Public\Desktop\Samsung Magician.lnk
2017-01-06 20:37 - 2017-01-06 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2017-01-06 20:36 - 2017-01-06 20:36 - 00000000 ____D C:\Users\tonya\Downloads\Samsung_Magician_Installer
2017-01-06 20:32 - 2017-01-06 20:34 - 13944028 _____ C:\Users\tonya\Downloads\Samsung_Magician_Installer.zip
2017-01-06 20:28 - 2017-01-06 20:28 - 00000000 ____D C:\Users\tonya\Downloads\Samsung_NVMeDriver_2
2017-01-06 20:24 - 2017-01-06 20:24 - 03566683 _____ C:\Users\tonya\Downloads\Samsung_NVMeDriver_2.zip
2017-01-06 19:56 - 2017-01-06 19:57 - 00000000 ____D C:\Users\tonya\Downloads\9386_Disc_Win_120413
2017-01-06 19:46 - 2017-01-06 19:53 - 462787524 _____ C:\Users\tonya\Downloads\9386_Disc_Win_120413.zip
2017-01-06 19:42 - 2017-01-06 19:42 - 03700104 _____ C:\Users\tonya\Downloads\windows_pl2303_usb_driver.zip
2017-01-05 19:04 - 2017-01-05 19:04 - 00051504 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-01-05 18:48 - 2017-01-05 18:48 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-01-01 00:55 - 2017-01-01 00:55 - 00000032 _____ C:\Users\tonya\Documents\bellsCE.avi.sfl
2016-12-31 23:50 - 2017-01-01 00:55 - 321125376 _____ C:\Users\tonya\Documents\bellsCE.avi
2016-12-31 23:47 - 2016-12-31 23:47 - 00000032 _____ C:\Users\tonya\Documents\bellsDE.avi.sfl
2016-12-31 23:08 - 2016-12-31 23:47 - 89205760 _____ C:\Users\tonya\Documents\bellsDE.avi
2016-12-31 23:03 - 2016-12-31 23:03 - 00000036 _____ C:\Users\tonya\Documents\bellsSCENE.avi.sfl
2016-12-31 22:36 - 2016-12-31 23:03 - 330736128 _____ C:\Users\tonya\Documents\bellsSCENE.avi
2016-12-31 01:33 - 2016-12-28 14:02 - 03325952 _____ (Silicon Valley Software) C:\Users\tonya\Desktop\Anim8or_1264.exe
2016-12-30 20:21 - 2016-12-30 20:21 - 01491818 _____ C:\Users\tonya\Downloads\animcl1264.zip
2016-12-29 13:53 - 2016-12-29 13:53 - 00001150 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-12-28 23:24 - 2016-12-28 23:25 - 00393552 _____ (Americanino Limited) C:\Users\tonya\Downloads\mrmemoryscanner (1).exe
2016-12-28 02:58 - 2016-12-28 02:59 - 00393552 _____ (Americanino Limited) C:\Users\tonya\Downloads\mrmemoryscanner.exe
2016-12-27 21:16 - 2016-12-27 21:16 - 00000040 _____ C:\Users\tonya\Documents\playbackhighdel.avi.sfl
2016-12-27 03:00 - 2016-12-27 03:00 - 00000044 _____ C:\Users\tonya\Documents\playbackhighbellly.avi.sfl
2016-12-27 02:21 - 2016-12-27 03:00 - 306240512 _____ C:\Users\tonya\Documents\playbackhighbellly.avi
2016-12-27 02:12 - 2016-12-27 02:12 - 01267128 _____ C:\Users\tonya\Documents\playbackhigh.veg
2016-12-26 14:34 - 2016-12-26 14:34 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2016-12-26 14:34 - 2016-12-26 14:34 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2016-12-25 18:30 - 2016-12-25 18:30 - 01263016 _____ C:\Users\tonya\Documents\playbackhigh.veg.bak
2016-12-25 18:22 - 2016-12-25 18:22 - 01263008 _____ C:\Users\tonya\Documents\playback.veg
2016-12-25 02:17 - 2016-12-25 02:17 - 00001024 _____ C:\HD-Plus-Service-Android-0.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-22 22:38 - 2016-12-21 21:41 - 00000000 ____D C:\Program Files (x86)\IObit
2017-01-22 22:35 - 2016-12-21 21:42 - 00000000 ____D C:\ProgramData\ProductData
2017-01-22 22:33 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-22 22:33 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\AppReadiness
2017-01-22 22:28 - 2016-11-17 23:09 - 00000000 ____D C:\Users\tonya\AppData\LocalLow\Mozilla
2017-01-22 22:27 - 2016-03-02 02:17 - 00000000 ___RD C:\Users\tonya\iCloudDrive
2017-01-22 22:27 - 2015-08-13 05:26 - 00000000 __SHD C:\Users\tonya\IntelGraphicsProfiles
2017-01-22 22:26 - 2016-08-12 03:13 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-22 22:26 - 2016-07-16 01:04 - 00786432 _____ C:\Windows\system32\config\BBI
2017-01-22 22:25 - 2016-10-23 16:44 - 00000000 ____D C:\Program Files\Panda Security URL Filtering
2017-01-22 22:25 - 2014-03-07 19:52 - 00000000 ____D C:\AdwCleaner
2017-01-22 21:56 - 2016-10-23 16:44 - 00000000 ____D C:\ProgramData\panda_url_filtering
2017-01-22 21:42 - 2016-07-16 06:45 - 00000000 ____D C:\Windows\INF
2017-01-22 21:26 - 2016-10-22 11:57 - 00004142 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{441C6BE9-AD64-4A16-8C0D-6D2091E1B08F}
2017-01-22 21:23 - 2016-08-12 02:33 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-01-22 02:57 - 2016-06-23 10:23 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-22 02:29 - 2016-08-12 02:42 - 00000000 ____D C:\Users\tonya
2017-01-22 01:07 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\PLA
2017-01-22 00:41 - 2015-10-09 16:55 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-21 22:28 - 2014-03-07 21:00 - 00000000 ____D C:\Users\tonya\Desktop\Old Firefox Data
2017-01-21 22:22 - 2014-03-07 00:33 - 00000645 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-21 22:19 - 2016-11-16 15:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-21 21:54 - 2016-03-21 21:34 - 00000000 ____D C:\Program Files\Tablet
2017-01-21 21:37 - 2015-03-04 15:22 - 00000000 ____D C:\Users\tonya\AppData\Roaming\TeraCopy
2017-01-21 14:48 - 2015-08-09 18:12 - 00000000 ____D C:\Users\tonya\AppData\Roaming\vlc
2017-01-20 23:38 - 2015-10-08 13:48 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-19 22:41 - 2013-09-12 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2017-01-19 22:41 - 2013-09-12 23:41 - 00000000 ____D C:\Program Files (x86)\Toshiba
2017-01-19 21:12 - 2014-03-07 18:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-18 02:02 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-18 02:02 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-18 02:00 - 2016-12-21 21:41 - 00000000 ____D C:\ProgramData\IObit
2017-01-18 01:58 - 2015-03-06 02:04 - 00000000 ____D C:\Users\tonya\AppData\Roaming\uTorrent
2017-01-15 15:29 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-15 15:28 - 2014-03-06 21:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-01-12 22:36 - 2014-04-28 23:14 - 00000000 ____D C:\Users\tonya\AppData\Roaming\Audacity
2017-01-11 19:08 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\rescache
2017-01-10 21:21 - 2016-08-12 02:33 - 05035464 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-10 21:20 - 2016-07-16 06:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-01-10 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-01-10 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\oobe
2017-01-10 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-01-10 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\Provisioning
2017-01-10 20:30 - 2016-07-16 06:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-10 20:27 - 2014-03-09 13:21 - 00000000 ____D C:\Windows\system32\MRT
2017-01-10 20:22 - 2014-03-09 13:21 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-10 14:28 - 2015-06-21 21:14 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-10 03:28 - 2014-03-07 19:37 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-01-08 00:59 - 2015-04-29 17:22 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-01-08 00:54 - 2015-08-12 21:31 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2017-01-08 00:54 - 2015-08-12 21:21 - 00000000 ____D C:\ProgramData\Western Digital
2017-01-08 00:54 - 2015-08-12 21:21 - 00000000 ____D C:\Program Files (x86)\Western Digital
2017-01-08 00:54 - 2013-12-20 08:31 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-07 19:07 - 2016-03-12 02:11 - 00000000 ____D C:\Users\tonya\AppData\Roaming\Adobe
2017-01-07 19:07 - 2016-03-12 02:08 - 00000000 ____D C:\ProgramData\Adobe
2017-01-07 19:07 - 2016-02-25 01:49 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-01-07 07:29 - 2016-07-16 06:47 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2017-01-07 04:31 - 2014-03-07 00:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-07 03:36 - 2013-09-12 23:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-07 02:10 - 2015-08-13 03:36 - 01193250 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-06 20:36 - 2015-04-29 17:19 - 00000000 ____D C:\ProgramData\Samsung
2016-12-26 14:34 - 2016-07-16 06:47 - 00000000 ____D C:\Users\Default\AppData\Roaming
2016-12-26 14:34 - 2016-07-16 06:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming
2016-12-25 02:24 - 2016-07-30 14:49 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-12-23 02:45 - 2016-12-21 21:36 - 00000000 ____D C:\Users\tonya\AppData\Roaming\IObit

==================== Files in the root of some directories =======

2014-03-06 16:49 - 2014-03-06 16:49 - 49940480 _____ () C:\Program Files (x86)\GUT1229.tmp
2016-02-24 21:27 - 2016-02-24 21:27 - 0000016 ____H () C:\Program Files (x86)\Common Files\dys1-astg
2016-02-24 19:50 - 2016-02-24 19:50 - 0000016 ____H () C:\Program Files (x86)\Common Files\vs1-astg
2015-03-28 22:08 - 2015-04-30 11:47 - 0000132 _____ () C:\Users\tonya\AppData\Roaming\Adobe PNG Format CC Prefs
2016-08-17 01:14 - 2016-09-29 19:27 - 0001178 _____ () C:\Users\tonya\AppData\Roaming\Coolorus 2
2015-06-03 21:10 - 2015-06-03 21:10 - 0000112 _____ () C:\Users\tonya\AppData\Roaming\JP2K CS6 Prefs
2016-01-23 01:51 - 2016-03-18 22:57 - 0000028 _____ () C:\Users\tonya\AppData\Roaming\kulerdata.json
2016-10-22 12:04 - 2016-11-02 17:42 - 0138296 _____ () C:\Users\tonya\AppData\Roaming\net.telestream.wirecast.xml
2016-10-22 12:04 - 2016-10-22 12:04 - 0067454 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_AKAMAI_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0004755 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_BAMBUSER_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0004935 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_CHURCHSTREAMING_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0003931 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_DAILYMOTION_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0005919 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_LIGHTCAST_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0004356 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_MAKETV_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0003439 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0003825 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFILIATE_ID_brandingimage_main.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0016357 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_ONSTREAM_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0010088 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0004482 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFILIATE_ID_brandingimage_main.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0007122 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMING_MEDIA_HOSTING_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0008261 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMSHARK_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0010619 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0005241 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAM_SPOT_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0008986 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_SUNDAY_STREAMS_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0003213 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_THE_CUBE_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0022670 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_TILTEDGLOBE_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0003302 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_TULIX_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0008949 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_VERIZON_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0008949 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_VERIZON_AFFILIATE_ID_brandingimage_main.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0008683 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_ZIXI_AFFILIATE_ID_brandingimage_destination.png
2015-08-08 00:07 - 2015-10-02 02:39 - 0000866 _____ () C:\Users\tonya\AppData\Roaming\PureRef.ini
2014-03-07 18:31 - 2014-03-07 18:31 - 0000045 _____ () C:\Users\tonya\AppData\Roaming\WB.CFG
2017-01-19 00:02 - 2017-01-19 21:33 - 0000430 _____ () C:\Users\tonya\AppData\Roaming\WiinUSoft_prefs.config
2016-11-02 17:42 - 2016-11-02 17:42 - 0000000 _____ () C:\Users\tonya\AppData\Roaming\wirecast_check_crash.txt
2015-02-27 17:27 - 2017-01-21 23:20 - 0001456 _____ () C:\Users\tonya\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-10-13 10:29 - 2016-10-13 10:29 - 0004608 _____ () C:\Users\tonya\AppData\Local\dnow.exe
2016-02-08 00:21 - 2016-12-27 00:29 - 0007593 _____ () C:\Users\tonya\AppData\Local\Resmon.ResmonCfg
2016-10-21 21:32 - 2016-10-21 21:33 - 0000003 _____ () C:\Users\tonya\AppData\Local\run1.txt
2016-02-24 21:27 - 2016-02-24 21:27 - 0000011 ____H () C:\ProgramData\.dys1sfi
2016-02-24 19:50 - 2016-02-24 19:50 - 0000016 ____H () C:\ProgramData\.vs1sfi
2016-08-12 02:36 - 2016-08-12 02:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-04 17:29

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by tonya (22-01-2017 23:00:40)
Running from C:\Users\tonya\Downloads
Windows 10 Home Version 1607 (X64) (2016-08-12 08:26:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-291635215-515170609-3999724420-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-291635215-515170609-3999724420-503 - Limited - Disabled)
Guest (S-1-5-21-291635215-515170609-3999724420-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-291635215-515170609-3999724420-1003 - Limited - Enabled)
tonya (S-1-5-21-291635215-515170609-3999724420-1001 - Administrator - Enabled) => C:\Users\tonya
wiicu (S-1-5-21-291635215-515170609-3999724420-1004 - Limited - Enabled) => C:\Users\wiicu

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Panda Free Antivirus (Disabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Disabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.1.4 - Intel) Hidden
µTorrent (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 5.0.0 - Atomi Systems, Inc.)
Ad-Aware Web Companion (x32 Version: 1.1.885.1766 - Lavasoft) Hidden
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.1 - Adobe Systems Incorporated)
Adobe After Effects CC 2014.1.1 (HKLM-x32\...\Adobe After Effects CC 2014.1.1) (Version: - )
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.7.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.272 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.2.1 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0) (Version: 17.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014.0.1 (HKLM-x32\...\Adobe Premiere Pro CC 2014.0.1) (Version: - )
Adobe Reader XI (11.0.07) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.4-6 - Wacom Technology Corp.)
Beyond Good and Evil (HKLM-x32\...\Beyond Good and Evil_is1) (Version: - GOG.com)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.3.41.6024 - BlueStack Systems, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.12(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boris Continuum Complete 10 CE for Adobe CS5, CS6, CC (HKLM\...\{45F7EB88-E0B4-4B57-8C1B-A5D8A61F9A29}) (Version: 10.0.0079 - Boris FX, Inc.)
Boris FX 10 (64 Bit) (HKLM\...\{BAF3FFCF-4BFC-42C9-A5F3-EF5F55615C29}) (Version: 10.0.1 - Boris FX, Inc.)
Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation)
Canon 600D Camera Pack (HKLM-x32\...\{CC3B772B-FBF9-4D16-99E7-2B5C144B7900}) (Version: 2.00.0000 - Rubber Monkey Software)
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version: - )
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.3.0.1 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.2.10.0 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.14.10.0 - Canon Inc.)
CanoScan 4400F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.3.8 - CELSYS)
Corel Painter 13 - IPM (Version: 14.0 - Corel Corporation) Hidden
Corel Painter 13 - IPM Content (Version: 14.0 - Corel Corporation) Hidden
Corel Painter 2017 - Content (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - Core (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - Corex64 (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - CT (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - DE (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - EN (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - FR (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - IPM (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - IPM Content (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - JP (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 (HKLM\...\_{0EB4382B-8422-4059-8027-3403DE8E8C3F}) (Version: 16.0.0.400 - Corel Corporation)
Corel Update Manager (Version: 2.3.129 - Corel corporation) Hidden
Cyberduck 4.5.1 (14915) (HKLM-x32\...\Cyberduck) (Version: 4.5.1 (14915) - )
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.41) (Version: 1.1.0.41 - DAZ 3D)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Dropbox (HKLM-x32\...\Dropbox) (Version: 17.4.33 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DynamicSketch v1.6.0 for Adobe™ Illustrator™ CS4-CC (17) (HKLM\...\{D2F0DA0D-6D27-42DA-B53D-C352EC0E7FA7}) (Version: 1.6.0 - Astute Graphics Limited)
Epson Easy Photo Print 2 (HKLM-x32\...\{674E262F-72EA-41C1-AF16-9727311A4553}) (Version: 2.4.1.0 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
f.lux (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Flux) (Version: - )
FastStone Image Viewer 6.0 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.0 - FastStone Soft)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
FilmConvert Pro OFX (HKLM\...\{ED2C998B-E673-4084-A7A2-F156B93C98AF}) (Version: 2.0.7 - Rubber Monkey Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
hubiC - x64 (Version: 2.1.1.145 - OVH) Hidden
hubiC (HKLM-x32\...\{51fea8cc-5bb6-4312-86f5-1802a10e030d}) (Version: 2.1.1.145 - OVH)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
Imagenomic Portraiture 2.3.3 Plug-in (build 2330) (HKLM\...\ImagenomicPortraiturePlugin) (Version: - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.418 - IObit)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Knoll Light Factory Photo 32 bit (HKLM-x32\...\InstallShield_{671BFBC4-81B0-49B0-958F-765670D7E10A}) (Version: 3.2 - Red Giant Software)
Knoll Light Factory Photo 32 bit (x32 Version: 3.2 - Red Giant Software) Hidden
Knoll Light Factory Photo 64 bit (HKLM-x32\...\InstallShield_{69F849EF-4918-4333-81C1-8D8FC07E62B1}) (Version: 3.2 - Red Giant Software)
Knoll Light Factory Photo 64 bit (Version: 3.2 - Red Giant Software) Hidden
Kodi (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Kodi) (Version: - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LavasoftTcpService (x32 Version: 2.3.2.7 - Lavasoft) Hidden
Lazy Nezumi Pro 15.7.3.1740 (HKLM-x32\...\Lazy Nezumi Pro_is1) (Version: 15.7.3.1740 - Guillaume Stordeur)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.3.1665 - Paramount Software (UK) Ltd.) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}) (Version: 11.4.0 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.4.0 - Red Giant Software) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.5 - Smith Micro)
MAYFLASH GameCube Controller Adapter (HKLM-x32\...\{FEF678F8-4BD4-4692-8288-6CAFFDFD7739}) (Version: 3.85 - MAYFLASH)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4893.1002 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
Neat Video v2.6 Pro plug-in for Sony Vegas (64-bit) (HKLM\...\Neat Video for Sony Vegas_is1) (Version: - Neat Video team, ABSoft)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.2 - OBS Project)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.3.24 (HKLM\...\{15E093DF-951E-46CB-B3EC-E1287E7A2319}) (Version: 4.3.24 - Oracle Corporation)
Painter 2015 - Contentx64 (Version: 14.1.4 - Corel Corporation) Hidden
Painter 2015 - Core (Version: 14.1.5 - Corel Corporation) Hidden
Painter 2015 - Corex64 (Version: 14.1.4 - Corel Corporation) Hidden
Painter 2015 - CT (Version: 14.1.4 - Corel Corporation) Hidden
Painter 2015 - DE (Version: 14.1.5 - Corel Corporation) Hidden
Painter 2015 - EN (Version: 14.1.5 - Corel Corporation) Hidden
Painter 2015 - FR (Version: 14.1.4 - Corel Corporation) Hidden
Painter 2015 - Setup Files (Version: 14.1.4 - Corel Corporation) Hidden
Painter 2017 - Setup Files (Version: 16.0 - Corel Corporation) Hidden
Pale Moon 26.1.1 (x86 en-US) (HKLM-x32\...\Pale Moon 26.1.1 (x86 en-US)) (Version: 26.1.1 - Moonchild Productions)
Panda Devices Agent (x32 Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.08.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 17.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 8.31.00 - Panda Security) Hidden
Panda Safe Web (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.20 - Panda Security and Visicom Media Inc.)
ParticleShop - Core (Version: 1.0 - Corel Corporation) Hidden
ParticleShop - IPM (Version: 1.0 - Corel Corporation) Hidden
ParticleShop - IPM Content (Version: 1.0 - Corel Corporation) Hidden
ParticleShop (HKLM\...\_{6F224046-E164-4B78-9867-3AE494271D29}) (Version: 1.0.0.516 - Corel Corporation)
ParticleShop (Version: 1.0 - Corel Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Perfectly Clear Plugin 1.7.1 (HKLM-x32\...\Perfectly Clear Plugin) (Version: 1.7.1 - Athentech)
Perfectly Clear Plugin v2 2.0.0.28 (HKLM-x32\...\Perfectly Clear Plugin v2) (Version: 2.0.0.28 - Athentech)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Portrait Professional Studio 10.8 Trial (HKLM-x32\...\PortraitProfessionalStudio10Trial_is1) (Version: 10.8 - Anthropics Technology Ltd.)
PortraitPro 15.4 (HKLM-x32\...\PortraitPro15_is1) (Version: 15.4 - Anthropics Technology Ltd.)
PortraitPro 15.5 Trial (HKLM-x32\...\PortraitPro15Trial_is1) (Version: 15.5 - Anthropics Technology Ltd.)
PureRef (HKLM-x32\...\PureRef) (Version: 1.6.0 - Idyllic Pixel)
qBittorrent 3.1.12 (HKLM-x32\...\qBittorrent) (Version: 3.1.12 - The qBittorrent project)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RAPID Mode (Version: 1.0.0.97 - Samsung Electronics Co., Ltd.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
ReelSmart Motion Blur 4, After Effects-compatible plugin set (HKLM-x32\...\ReelSmart Motion Blur 4, After Effects-compatible plugin set) (Version: - )
Remote Mouse version 2.801 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.801 - Remote Mouse)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.0 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Sonic Generations (HKLM-x32\...\Sonic Generations_is1) (Version: - )
Spotify (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Spotify) (Version: 1.0.25.127.g58007b4c - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TeraCopy 3.0 alfa 2 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Tony Hawks Pro Skater HD (HKLM-x32\...\Tony Hawks Pro Skater HD_is1) (Version: - )
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.38 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
TVMC (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\TVMC) (Version: - TVADDONS.ag)
TVPaint Animation 10 Pro v10.0.16 (HKLM-x32\...\TVPaint Animation 10 Pro v10.0.1610.0.16) (Version: 10.0.16 - Friends in War)
VectorScribe v1.9.2 for Adobe™ Illustrator™ CS4-CC (17) (HKLM\...\{5BD20D46-9055-4A4B-8110-3C1D6472EDEB}) (Version: 1.9.2 - Astute Graphics Limited)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{F15270DE-AAA0-11E6-BC48-8EDAE4BED5C9}) (Version: 14.0.201 - VEGAS)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3A78192E-E683-4231-8DB5-F9453910CEF6}) (Version: 2.15.0401 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{BB5A0BB0-657F-48DC-A475-5503F39CED05}) (Version: 2.14.1202 - Samsung Electronics Co., Ltd.)
Visual Studio 2010 SP1 Runtime x64 (HKLM\...\{F6305232-7952-4CCE-BDCD-9B2E66591C4A}) (Version: 1.0.0 - Microsoft Corporation)
Visual Studio 2010 SP1 Runtime x86 (HKLM-x32\...\{AEA163A5-BA2F-4E63-9529-DE8606AC82A4}) (Version: 1.0.0 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.20-5 - Wacom Technology Corp.)
Waterfox 44.0.3 (x64 en-US) (HKLM\...\Waterfox 44.0.3 (x64 en-US)) (Version: 44.0.3 - Mozilla)
WD Drive Utilities (HKLM-x32\...\{22662b08-91e0-4540-bb98-c96f32e09417}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{429a42d7-4c55-44d4-b38a-5872a0d70495}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
Web Companion (HKLM-x32\...\{0CCC3DEB-F976-4477-AD38-520A692B9F4D}_WebCompanion) (Version: 1.1.885.1766 - Lavasoft)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.7 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.5 - Wacom Technology Corp.)
WiinUSoft version 2.1 (HKLM\...\{1BFC4F9F-BB85-4CE3-AC22-0CBFF78D5EE4}_is1) (Version: 2.1 - Justin Keys)
WinDirStat 1.1.2 (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\WinDirStat) (Version: - )
Window On Top version 3.8 (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\{7F2C28D2-EE31-49A5-94F2-67285DAE372B}_is1) (Version: 3.8 - Skybn Software)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wirecast (HKLM\...\{2EDE31E5-8935-4E89-9D47-BCCF70668A09}) (Version: 7.1.0 - Telestream LLC)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-291635215-515170609-3999724420-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-291635215-515170609-3999724420-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\tonya\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-291635215-515170609-3999724420-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-291635215-515170609-3999724420-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\tonya\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0970A26B-7B06-4E14-B438-5982A31B8AF4} - \{28794B7E-D82D-4F10-9AA0-E0566EC1BEC7} -> No File <==== ATTENTION
Task: {0C52E362-A66B-4E4F-87AB-A545CB0D31D6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {140EE89E-A67F-4BB3-A119-49321942E151} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {17B97FA6-74C3-4B17-9C02-2B9C68526B88} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {192674FC-B397-4A81-BDEF-E3FA82E19983} - \RTKCPL -> No File <==== ATTENTION
Task: {2254F70A-C900-4DAF-A740-3471FDE79D60} - \{4DA03C92-FA0B-8B39-7E48-5461C13681E2} -> No File <==== ATTENTION
Task: {266748D8-3EF8-4DDA-AB6E-7ADDF2D82AD0} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {2CB4FBD7-574F-42A0-9D66-8C76CA1228F5} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {360E63AA-9436-4D59-854A-7656D83B776D} - \Red Giant Link -> No File <==== ATTENTION
Task: {3A741055-8DBC-448A-80BF-699325662D85} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-01-12] (Corel Corporation)
Task: {3B76A56B-EC53-4136-9E67-FF10994F3C4B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {3C647729-C9A2-4121-8558-F9E3FB29CC77} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {3E1CA44E-9325-4679-BA8A-7BB1D4FC8898} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {3F9940A8-1937-4C86-B850-16F6AB843B38} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3FEFE4E9-9E68-47C5-8366-B0C6F0C77E6B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {42E688D7-947E-490D-879E-CD84AAFE63BA} - System32\Tasks\Uninstaller_SkipUac_tonya => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-11-04] (IObit)
Task: {49E55F3F-8D25-492D-A383-8AA1B13A57E9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {54A14671-633C-459D-AC82-37589045A6D5} - \Optimize Start Menu Cache Files-S-1-5-21-291635215-515170609-3999724420-500 -> No File <==== ATTENTION
Task: {5CEA0B17-E991-47D4-9EE9-0081BAA8E1B2} - \Optimize Start Menu Cache Files-S-1-5-21-291635215-515170609-3999724420-1001 -> No File <==== ATTENTION
Task: {5F6B8A60-EDFA-4E39-BF8C-B60F9CD4B79B} - \3267205 -> No File <==== ATTENTION
Task: {6C8C3FC5-2615-49AD-9092-7CDB8CA2E6AE} - \{A99B2F1B-1E30-98B0-7B45-4B8445817625} -> No File <==== ATTENTION
Task: {6DF692BC-B6C4-442C-BAC9-715F13851189} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {73FC4279-6832-4311-A8D9-8D0223485EDB} - \WPD\SqmUpload_S-1-5-21-291635215-515170609-3999724420-1001 -> No File <==== ATTENTION
Task: {77AA10C1-B277-49C9-A4F8-6D68367AE165} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7A55DBAC-8130-4547-A5DE-EEB67CDE504E} - System32\Tasks\Driver Booster SkipUAC (tonya) => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
Task: {7AA827B3-0D83-4967-8532-068BBDFEEF21} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-22] (Dropbox, Inc.)
Task: {7AC2B429-2750-4BFD-91E8-A24FBCB87FD9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {7CF04528-B047-4549-B31B-5D6903166D84} - \{AE52246C-19F9-93C7-6FC5-58497BF89301} -> No File <==== ATTENTION
Task: {9167DF03-62CB-4A2A-997A-4D8637F5F886} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-291635215-515170609-3999724420-1001UA => C:\Users\tonya\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-18] (Google Inc.)
Task: {9CC83142-A520-4E52-B673-A0D45C71AA7B} - \{D031D5AC-BE4D-CE53-E922-EE8600EF673E} -> No File <==== ATTENTION
Task: {9EEA600B-6778-4A39-93ED-9B637831053E} - System32\Tasks\CorelUpdateHelperTask => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-01-12] (Corel Corporation)
Task: {A0833729-A324-45A6-BBF4-3BF0B91DAB6F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {A6928E78-6EF6-4728-AAE7-AFF952E86153} - \{E746A105-CFB9-41A1-B710-2E841870CCCE} -> No File <==== ATTENTION
Task: {A69E1FBC-DAF9-4B54-8103-2B9BB4D1D2A0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A6D90AC5-BC36-4B5F-A8D8-AEA3054B13B4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {ADC8D19A-50BD-43D6-9060-24D616968B4F} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\Scheduler.exe
Task: {AF765BC3-6001-49A9-97BE-63DEEB91ABB2} - \{E5A3C53C-5208-7297-84D3-A180245EB23D} -> No File <==== ATTENTION
Task: {B224710A-187A-46E7-8F6C-E307F62FE55B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-18] (Adobe Systems Incorporated)
Task: {B3142959-AFFB-4A77-978D-2E1BA4E3F3F7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation)
Task: {BA8D47FE-537B-4C60-9925-FBBD31DCBDDE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-291635215-515170609-3999724420-1001Core => C:\Users\tonya\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-18] (Google Inc.)
Task: {C5A469AD-5894-412A-8539-B6DA06422E05} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {C903B731-E8A7-4458-B6B9-C622F4B3448F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CBB28EC9-AEB5-4035-9662-652DDA1F2DDE} - \Resolution+ Setting Task -> No File <==== ATTENTION
Task: {D19BC68E-FFEB-4168-915C-3AFB793BBDEF} - \{A215C698-15BE-7133-61E8-E0D25E1A559E} -> No File <==== ATTENTION
Task: {D288EFDD-A2EC-48EA-B3B1-B31C728BB83A} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2016-11-23] (Samsung Electronics Co. Ltd.)
Task: {D91D7537-C6FB-4082-8F4B-7D5E37CF40AE} - \{977244DB-20D9-F370-1503-AD2C071911AA} -> No File <==== ATTENTION
Task: {E004A5DA-308F-4C2C-A42C-C696AEB04041} - \{B96818CA-0EC3-AF61-2DFA-CA7C3DF4BFCF} -> No File <==== ATTENTION
Task: {E11984A0-5706-4EE7-A8C7-5F56738CE0C3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E54868B5-2D64-4495-A011-68B8FCA95669} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E6A71B58-E51E-4C3B-AA16-B2E57D68977C} - \{4F8EE889-F825-5F22-E310-3F7A7A92C64C} -> No File <==== ATTENTION
Task: {EB601EBB-1085-42D5-8C56-00A5A2BB1C5E} - \[email protected] -> No File <==== ATTENTION
Task: {EB6B4717-C191-49F2-AF0B-219A2B9348E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F32E2413-366D-48A8-85BB-6976C0CC8440} - \{0A0C7A47-7E09-790E-7D11-0B0D0D05117E} -> No File <==== ATTENTION
Task: {F6739571-6C32-4FF0-94FE-82E9AF06B54D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-10] (Microsoft Corporation)
Task: {F7C3E48E-7E04-4CF0-B208-0BEBBF77449B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {F9C0EAD0-1000-449F-9438-C1E1B1876330} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-22] (Dropbox, Inc.)
Task: {FB8C48AF-C99E-4326-A5BD-0DDA26C35478} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FCEDEA83-D237-4D98-A25F-0AEC003C4AAE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\Uninstaller_SkipUac_tonya.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZ Install Manager\DAZ Install Manager Read Me.lnk -> hxxp:docs.daz3d.com\doku.php\public\read_me\index\1481

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-13 21:05 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-10 15:54 - 2013-09-10 15:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2017-01-15 15:21 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-06-08 17:04 - 2016-06-08 17:04 - 00117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-03-21 21:34 - 2010-10-21 08:38 - 01182576 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 01658320 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-10-21 21:16 - 2016-10-21 21:16 - 00036840 _____ () C:\Program Files (x86)\sugarcoated\thigpen.exe
2016-12-13 21:05 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-05-22 18:33 - 2016-05-22 18:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-12 07:28 - 2016-08-12 07:28 - 00959168 _____ () C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-07-26 13:43 - 2016-05-24 11:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-09-14 20:46 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 20:18 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 20:18 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 20:18 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 20:18 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 20:18 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 20:18 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-21 22:54 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-12-21 22:54 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-12-21 22:54 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-12-15 12:17 - 2015-12-15 12:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-10-08 13:48 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-10-08 13:48 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-10-08 13:48 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-10-08 13:48 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-22 22:28 - 2017-01-22 22:28 - 00004608 _____ () C:\Windows\Temp\nsg5957.tmp\ExecCmd.dll
2016-12-21 22:54 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2016-12-21 22:54 - 2016-11-09 14:35 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2013-12-20 08:13 - 2013-09-03 19:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-12-21 22:54 - 2016-06-15 17:20 - 00130336 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\PluginHelper.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1 [5]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2 [5]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3 [4]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4 [5]
AlternateDataStreams: C:\Users\tonya\Desktop\Version_two.mp4:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\tonya\Downloads\05 Love Will Be Enough for Us.m4a:com.dropbox.attributes [252]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2016-10-21 23:08 - 00001809 ___RA C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com       127.0.0.1 activate.adobe.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
162.222.194.13       cocomo.tremorhub.com
162.222.194.13       virustotal.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-291635215-515170609-3999724420-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tonya\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ss_conn_service => 2
HKLM\...\StartupApproved\StartupFolder: => "Constant Guard.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Fast Connect.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ParticleShop Update Helper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\StartupFolder: => "Verizon Wireless Software Utility Application for Android – Samsung.lnk"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "ComcastAntispyClient"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "hubiC"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "Remote Mouse"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [UDP Query User{32A8101A-E081-43AD-93FF-DCB01EA82F02}C:\users\tonya\downloads\yooka-laylee toybox+\toybox64.exe] => C:\users\tonya\downloads\yooka-laylee toybox+\toybox64.exe
FirewallRules: [TCP Query User{513B5887-9F40-48A6-9412-027DCD7995F3}C:\users\tonya\downloads\yooka-laylee toybox+\toybox64.exe] => C:\users\tonya\downloads\yooka-laylee toybox+\toybox64.exe
FirewallRules: [{CBE9BEB7-6EE0-4612-93EC-9B7E197FE828}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{0BAA79E5-9BAC-463D-8F63-A6D7550ABC61}] => C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{B150D4DA-1A91-46B8-BFB7-F1FCBFF060E1}] => C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{21C289F6-E61F-486A-89CB-B1EAB2B6C7D9}] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{6010F5DC-6A79-4FA7-9A9C-61670E5CDF11}] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [UDP Query User{17C151C1-34B5-44CC-A29F-C175977411D5}C:\program files (x86)\tvmc\tvmc.exe] => C:\program files (x86)\tvmc\tvmc.exe
FirewallRules: [TCP Query User{27E7BA1D-9E15-4E46-BB41-F79196436BA3}C:\program files (x86)\tvmc\tvmc.exe] => C:\program files (x86)\tvmc\tvmc.exe
FirewallRules: [UDP Query User{E9832C74-DE31-4DD1-8F1C-B2414245552C}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{1A838FC5-1241-4046-A153-7FC444F0C03C}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{8276E39D-570D-48E6-B5F0-F44804B72F31}C:\users\tonya\appdata\roaming\spotify\spotify.exe] => C:\users\tonya\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{083E1E3A-F1A3-422F-BD67-D905AA5ED347}C:\users\tonya\appdata\roaming\spotify\spotify.exe] => C:\users\tonya\appdata\roaming\spotify\spotify.exe
FirewallRules: [{467C0391-50E7-4AF1-A6FB-A48E082C391A}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7DD7DB96-EC64-4B91-81F3-60A5F0179C95}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{23E507F5-CCF2-4971-8821-2C714A357FA4}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{163903C9-F7DF-410F-B959-A2E1AB93BA22}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{F4C4E406-F032-40E3-9552-CC82E790AB32}C:\program files\sony\vegas pro 13.0\vegas130.exe] => C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [TCP Query User{6202234D-2A08-418D-A157-BC31CA67C952}C:\program files\sony\vegas pro 13.0\vegas130.exe] => C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{00F8983E-59FA-4F80-99A0-2A7FF9DAAA56}C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe] => C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe
FirewallRules: [TCP Query User{F7A87201-611A-40EA-A8B2-EF9A60A181B0}C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe] => C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe
FirewallRules: [UDP Query User{BAA47B75-FDBE-4C18-BAB3-3221029C3ED7}C:\windows\system32\settingsynchost.exe] => C:\windows\system32\settingsynchost.exe
FirewallRules: [TCP Query User{3AE50254-F1C3-4F12-BD8E-63E353DB416D}C:\windows\system32\settingsynchost.exe] => C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{F1E8BEB0-7027-40D7-85AE-DE7963A2C2D4}C:\program files\adobe\adobe premiere pro cc 2014\pproheadless.exe] => C:\program files\adobe\adobe premiere pro cc 2014\pproheadless.exe
FirewallRules: [TCP Query User{3686BFC0-B178-4E5E-9134-0F0D89DB313A}C:\program files\adobe\adobe premiere pro cc 2014\pproheadless.exe] => C:\program files\adobe\adobe premiere pro cc 2014\pproheadless.exe
FirewallRules: [UDP Query User{4E274D4D-207F-4D56-B653-6FC781C352AB}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
FirewallRules: [TCP Query User{4006E628-24B8-4E8D-AF38-959E806D3AAD}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
FirewallRules: [{2DBBD932-E4FE-4459-9A96-89F87851729D}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4DEB31A3-92C0-4C49-A6FB-0D3CC5C01F6E}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{E99702A0-534D-4F5C-890C-01475773AE37}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{0DDB692E-C4E0-47EB-8274-5CCB548A0EE7}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{9FEE6124-FF81-4155-A4A9-92CAE79D6413}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{687C4A58-7D80-44D1-85D1-58E81D092264}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{8B943FF9-4FC7-4424-8881-A0D64BEF518F}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{508B8365-86F7-45AC-AFA9-E1E29257AE80}] => C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{2F544BBE-F796-41DB-B983-F9AECD9FED40}] => C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [UDP Query User{5D4E6AA1-996C-4DBF-940E-9901BBF23CE2}C:\program files\oracle\virtualbox\virtualbox.exe] => C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [TCP Query User{12A3C666-26A3-4D61-A8E3-B0172395A90D}C:\program files\oracle\virtualbox\virtualbox.exe] => C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [UDP Query User{44CA6F60-1DF0-4773-9EB1-9E8DD3835A7C}C:\program files\sony\vegas pro 13.0\vegas130.exe] => C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [TCP Query User{5BF13A1B-999A-4160-93C8-23EE397CF533}C:\program files\sony\vegas pro 13.0\vegas130.exe] => C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{C7E65BA6-71F6-4EA6-9FBB-72DF6BA68314}] => C:\Users\tonya\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE3663BC-B423-4E13-B59E-196FCEAD0CBC}] => C:\Users\tonya\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{54A652F6-BF40-4B59-B1EF-3C8836AAF6FD}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{3081EF79-F792-4AE3-91B1-C7441609E506}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{F796F914-2B6B-4B38-88B1-D12F494C4568}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{40211190-78F9-4288-8EA1-A5FBC8A9526D}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{713EFF07-C88F-4885-A499-76E931D2F7BE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0236D466-9545-48BA-9181-628BEF82D9E8}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BB515514-C3E3-46A0-BB3B-E6F9F18F9D1B}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{084B8B57-906D-4A4C-8042-A6EAABDCE021}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ED152A87-2B59-4AA9-BFFE-D120222CFDD7}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F5816747-3C87-4F3C-8FEE-93D919A98626}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{71A30099-C1B6-43CD-87E7-6C58B4A66224}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8EE4BCF8-166D-4D6C-A99E-7D16AD2CB05D}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F98D7D16-D486-456A-989A-43A0CC131F04}C:\program files\telestream\wirecast\wirecast.exe] => C:\program files\telestream\wirecast\wirecast.exe
FirewallRules: [UDP Query User{EE0053BA-4562-47E7-A6CF-D3FBF7005B76}C:\program files\telestream\wirecast\wirecast.exe] => C:\program files\telestream\wirecast\wirecast.exe
FirewallRules: [{3B1B9A8E-DC31-4DEE-B9D3-7619BEA2EE48}] => C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{554EE7E2-07F5-49ED-9900-8679C87EEA7D}] => C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{459604BD-947D-4A60-B507-13AF60981240}] => LPort=8317
FirewallRules: [TCP Query User{9D8206AB-D36A-447C-ACE9-88ED2C89F6A7}C:\program files\vegas\vegas pro 14.0\vegas140.exe] => C:\program files\vegas\vegas pro 14.0\vegas140.exe
FirewallRules: [UDP Query User{15200338-8145-4ADE-AAB1-0166A656CFFD}C:\program files\vegas\vegas pro 14.0\vegas140.exe] => C:\program files\vegas\vegas pro 14.0\vegas140.exe
FirewallRules: [{43A1979E-34E5-41DF-B8B1-45242AD9C2A9}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{03C231C0-6BEC-4B4D-8556-EA66936AD9C9}] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{4B3F42BF-85D0-4271-9F86-4B65F1597A6B}] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{75480341-446D-42D1-B1E3-91E68B5F9908}] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe
FirewallRules: [{8608EB98-5386-4DCB-8839-6690C6EA2E05}] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe
FirewallRules: [{3CE12865-062B-4E42-ACBF-ED6C50561108}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{E9F9D8C2-36D5-4DFF-AFB0-C4CB3A2877F8}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{2C5405EA-77F6-4CCF-9165-6B46F3880BB4}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{41AC39DC-5923-4AEA-991F-68C79C830097}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{34DEBF83-542C-4D64-841D-AFDD0048D780}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{F28F554A-2C7D-4BA1-A973-982A4FC09317}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe
FirewallRules: [{2D56EAF6-A902-4815-8161-B01480F87B5C}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe
FirewallRules: [{35AD686C-21C5-470C-A8CD-23D6FE2F1867}] => K:\ff\firefox.exe
FirewallRules: [{113FDE4D-04A4-4739-B326-2EE1A7F1CA38}] => K:\ff\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2017 10:34:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.14393.479, time stamp: 0x58258a90
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000374
Fault offset: 0x00000000000f8283
Faulting process id: 0x1a70
Faulting application start time: 0x01d275289e91bd12
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: dd90f486-6b9c-4f0f-adf4-40653faa4f77
Faulting package full name:
Faulting package-relative application ID:

Error: (01/22/2017 10:34:32 PM) (Source: BstHdPlusAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/22/2017 10:27:09 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/22/2017 10:27:03 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/22/2017 10:25:39 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (01/22/2017 10:04:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 50.1.0.6186, time stamp: 0x584a057c
Faulting module name: mozglue.dll, version: 50.1.0.6186, time stamp: 0x5849ff8b
Exception code: 0x80000003
Fault offset: 0x0000ec79
Faulting process id: 0x2bf4
Faulting application start time: 0x01d2751fc75c9a3e
Faulting application path: K:\ff\plugin-container.exe
Faulting module path: K:\ff\mozglue.dll
Report Id: bfcae391-efdf-4769-a5d9-279fdd6899ad
Faulting package full name:
Faulting package-relative application ID:

Error: (01/22/2017 10:04:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 50.1.0.6186 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: e60

Start Time: 01d2751fc4b1a7e2

Termination Time: 4294967295

Application Path: K:\ff\firefox.exe

Report Id: ad4f4245-e118-11e6-839a-00190e18aede

Faulting package full name:

Faulting package-relative application ID:

Error: (01/22/2017 09:26:38 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/22/2017 09:23:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 50.1.0.6186, time stamp: 0x584a057c
Faulting module name: mozglue.dll, version: 50.1.0.6186, time stamp: 0x5849ff8b
Exception code: 0x80000003
Fault offset: 0x0000ec79
Faulting process id: 0x3758
Faulting application start time: 0x01d27482bd6a4e0e
Faulting application path: K:\ff\plugin-container.exe
Faulting module path: K:\ff\mozglue.dll
Report Id: 0145bff8-e3ca-42d1-baf2-353f9ccfa16d
Faulting package full name:
Faulting package-relative application ID:

Error: (01/22/2017 09:23:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 50.1.0.6186, time stamp: 0x5849ff9c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x16209c90
Faulting process id: 0x35f8
Faulting application start time: 0x01d27482a2cf9bcf
Faulting application path: K:\ff\firefox.exe
Faulting module path: unknown
Report Id: 45249c8a-6dd5-471b-ad68-147629e15388
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (01/22/2017 10:35:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{3185A766-B338-11E4-A71E-12E3F512A338}
and APPID
{7006698D-2974-4091-A424-85DD0B909E23}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/22/2017 10:34:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Plus Android Service service terminated with the following error:
An exception occurred in the service when handling the control request.

Error: (01/22/2017 10:34:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error:
The system cannot find the file specified.

Error: (01/22/2017 10:34:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BlueStacks Hypervisor service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/22/2017 10:34:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Advanced SystemCare Service 10 service terminated unexpectedly. It has done this 1 time(s).

Error: (01/22/2017 10:34:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AdvancedSystemCareAntivirus service terminated unexpectedly. It has done this 1 time(s).

Error: (01/22/2017 10:33:57 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (01/22/2017 10:33:56 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (01/22/2017 10:33:56 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (01/22/2017 10:33:56 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU 2020M @ 2.40GHz
Percentage of memory in use: 57%
Total physical RAM: 6023.27 MB
Available physical RAM: 2543.43 MB
Total Virtual: 12935.27 MB
Available Virtual: 8868.04 MB

==================== Drives ================================

Drive c: (TI10673200G) (Fixed) (Total:930.29 GB) (Free:291.35 GB) NTFS
Drive e: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive i: (DR-40) (Removable) (Total:28.77 GB) (Free:24.93 GB) FAT32
Drive k: (My Book) (Fixed) (Total:3725.99 GB) (Free:225.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

========================================================
Disk: 2 (Size: 28.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Edited by gmcube, 23 January 2017 - 01:19 PM.

#2
RKinner

Posted 24 January 2017 - 03:19 PM

Malware Expert

Expert
24,625 posts

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Run FRST again as before, check the Addition.txt box before hitting Scan. Post both logs

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

#3
gmcube

Posted 24 January 2017 - 04:26 PM

Member

Topic Starter
Member
176 posts

Here's the first one, I'll edit the others in as they come in.

# AdwCleaner v6.042 - Logfile created 24/01/2017 at 16:40:20
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-24.2 [Server]
# Operating System : Windows 10 Home (X64)
# Username : tonya - HOME
# Running from : C:\Users\tonya\Downloads\AdwCleaner(1).exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by tonya (Administrator) on Tue 01/24/2017 at 17:28:57.38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 9

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\tonya\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\tonya\AppData\Roaming\wyupdate au (Folder)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster Scheduler (Task)
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (tonya) (Task)
Successfully deleted: C:\Windows\system32\Tasks\Uninstaller_SkipUac_tonya (Task)
Successfully deleted: C:\Windows\Tasks\Uninstaller_SkipUac_tonya.job (Task)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\GUT1229.tmp (File)

Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9FA945DD-4733-4FEF-AC83-E900E9AC7183} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/24/2017 at 17:31:12.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\86ee22e9-0e11-0
[-] Folder deleted: C:\ProgramData\86ee22e9-0fb3-1
[-] Folder deleted: C:\ProgramData\86ee22e9-1461-0
[-] Folder deleted: C:\ProgramData\86ee22e9-1ff5-0
[-] Folder deleted: C:\ProgramData\86ee22e9-2a37-0
[-] Folder deleted: C:\ProgramData\86ee22e9-4ac1-1
[-] Folder deleted: C:\ProgramData\86ee22e9-6bf3-0
[-] Folder deleted: C:\ProgramData\ff9ad289
[-] Folder deleted: C:\ProgramData\{072347d6-412c-0}
[-] Folder deleted: C:\Program Files\Panda Security URL Filtering

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{458d62d0-8781-4cc4-a1cf-cd118439edb4} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{47696d14-a98f-4ac8-adf3-5107a53a7243} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{be060f33-9fcd-456f-a7c3-29089e3ee7e6} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f5ca0098-b3b3-4a1c-9583-dc11a77d36c3} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{458d62d0-8781-4cc4-a1cf-cd118439edb4} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{47696d14-a98f-4ac8-adf3-5107a53a7243} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{be060f33-9fcd-456f-a7c3-29089e3ee7e6} [NameServer]
[-] Data restored: [x64] HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{f5ca0098-b3b3-4a1c-9583-dc11a77d36c3} [NameServer]
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C2].txt - [13471 Bytes] - [22/10/2016 00:55:25]
C:\AdwCleaner\AdwCleaner[C3].txt - [4399 Bytes] - [18/01/2016 22:55:23]
C:\AdwCleaner\AdwCleaner[C4].txt - [3364 Bytes] - [22/01/2017 22:25:52]
C:\AdwCleaner\AdwCleaner[C5].txt - [2839 Bytes] - [24/01/2017 16:40:20]
C:\AdwCleaner\AdwCleaner[R0].txt - [8188 Bytes] - [07/03/2014 19:53:12]
C:\AdwCleaner\AdwCleaner[R1].txt - [7124 Bytes] - [23/05/2015 19:57:35]
C:\AdwCleaner\AdwCleaner[S0].txt - [8024 Bytes] - [07/03/2014 19:56:24]
C:\AdwCleaner\AdwCleaner[S1].txt - [6944 Bytes] - [23/05/2015 20:03:17]
C:\AdwCleaner\AdwCleaner[S3].txt - [4013 Bytes] - [18/01/2016 22:39:02]
C:\AdwCleaner\AdwCleaner[S4].txt - [4013 Bytes] - [18/01/2016 22:45:27]
C:\AdwCleaner\AdwCleaner[S5].txt - [12812 Bytes] - [22/10/2016 00:51:57]
C:\AdwCleaner\AdwCleaner[S6].txt - [3247 Bytes] - [22/01/2017 22:24:02]
C:\AdwCleaner\AdwCleaner[S7].txt - [3905 Bytes] - [24/01/2017 16:39:36]

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [3570 Bytes] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by tonya (administrator) on HOME (24-01-2017 17:37:21)
Running from C:\Users\tonya\Downloads
Loaded Profiles: tonya (Available Profiles: tonya & wiicu)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Scarlet.Crush Productions) C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [123800 2016-11-18] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-04] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [868352 2016-03-02] (RemoteMouse.net)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWoW64\userinit.exe,
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [uTorrent] => C:\Users\tonya\AppData\Roaming\uTorrent\uTorrent.exe [1979072 2017-01-08] (BitTorrent Inc.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [Google Update] => C:\Users\tonya\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [EPSON Stylus Photo R220] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIAIA.EXE [211456 2006-12-25] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [Spotify] => C:\Users\tonya\AppData\Roaming\Spotify\Spotify.exe [6805616 2016-03-20] (Spotify Ltd)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [hubiC] => C:\Program Files\OVH\hubiC\hubiC.exe [3527168 2015-03-03] (OVH)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [f.lux] => C:\Users\tonya\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [thigpen] => C:\Program Files (x86)\sugarcoated\thigpen.exe [36840 2016-10-21] ()
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [WiinUSoft] => C:\Program Files\WiinUSoft\WiinUSoft.exe [3273216 2015-09-07] ()
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [torchbearers] => "C:\Program Files (x86)\si\disparate.exe"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [] => 0
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicBackupRootOverlayHandler] -> {2DF0C6DB-1E85-4894-9D4F-63CB0EAB17EA} => C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicPublishedItemOverlayHandler] -> {7C76B697-27DF-4CFF-9909-863905561298} => C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicSyncItemOverlayHandler] -> {9B497753-D273-4A80-9DE8-72248D7FA595} => C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicUnsyncItemOverlayHandler] -> {D5454A6E-0904-4BA3-9E4A-240A5080259D} => C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-12] (Microsoft Corporation)
Startup: C:\Users\tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-04-29]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\tonya\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{458d62d0-8781-4cc4-a1cf-cd118439edb4}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{47696d14-a98f-4ac8-adf3-5107a53a7243}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{be060f33-9fcd-456f-a7c3-29089e3ee7e6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f5ca0098-b3b3-4a1c-9583-dc11a77d36c3}: [DhcpNameServer] 82.163.143.176

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-291635215-515170609-3999724420-1001 -> {C7B0FD4F-5B13-41BC-AB39-A4295FC6DD0F} URL = hxxp://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
SearchScopes: HKU\S-1-5-21-291635215-515170609-3999724420-1001 -> {E9E1D8CE-343B-4F42-82CC-EEEDA10AB3F5} URL = hxxp://search.whiteskyservices.com/?wstoken=6AF9B5EE-BAE4-4906-A05C-1B522D55AE52&dtid=1&pid=21&src=sgsearch&v=1.14.1210.3&searchparam={SearchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-22] (Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Panda Safe Web -> {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} -> C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll => No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-22] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: u68ebjyn.default-1394244039659
FF ProfilePath: C:\Users\tonya\AppData\Roaming\Mozilla\Firefox\Profiles\rchc9kh1.default-1485055679079 [2017-01-24]
FF Extension: (uBlock Origin) - C:\Users\tonya\AppData\Roaming\Mozilla\Firefox\Profiles\rchc9kh1.default-1485055679079\Extensions\[email protected] [2017-01-22]
FF ProfilePath: C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 [2017-01-21]
FF NewTab: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 ->
FF DefaultSearchEngine: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 -> Google
FF DefaultSearchEngine.US: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 -> Google
FF SelectedSearchEngine: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 -> Google
FF Homepage: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 -> chrome://speeddial/content/speeddial.xul
FF Session Restore: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 -> is enabled.
FF Extension: (Google Images) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\@google-images.xpi [2015-11-08]
FF Extension: (Customizable Shortcuts) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2015-11-11]
FF Extension: (Exif Viewer) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-03-06]
FF Extension: (facepaste) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-01-08]
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-01-02]
FF Extension: (Hide Menubar) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2015-05-31]
FF Extension: (Hide Navigation Bar) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2015-05-31]
FF Extension: (YouTube mp3) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2015-05-28]
FF Extension: (Reddit Enhancement Suite) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-01-12]
FF Extension: (SmartVideo For YouTube) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-02-10]
FF Extension: (YouTube Plus) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-03-09]
FF Extension: (Turn Off the Lights) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-02-29]
FF Extension: (uBlock Origin) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-03-08]
FF Extension: (VLC Youtube Shortcut) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-02-10]
FF Extension: (Capture & Print) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2015-08-11]
FF Extension: (Image Zoom) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2015-05-31]
FF Extension: (Save Image in Folder) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}.xpi [2015-12-13]
FF Extension: (SmoothWheel (mozdev.org)) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2015-09-01]
FF Extension: (Speed Dial) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2015-09-16]
FF Extension: (Share Button for Pinterest) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2016-03-09]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-12-26]
FF Extension: (Flash and Video Download) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-03-09]
FF Extension: (Scrollbar Auto Show/Hide) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{d3d35bb5-999d-11da-a72b-0800200c9a66}.xpi [2016-01-19]
FF Extension: (Greasemonkey) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-02-21]
FF Extension: (SearchPreview) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2016-03-09]
FF Extension: (Open With Photoshop) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{f3f219f9-cbce-467e-b8fe-6e076d29665c}.xpi [2016-03-09]
FF SearchPlugin: C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\searchplugins\google-default.xml [2015-02-20]
FF SearchPlugin: C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\searchplugins\kickassto.xml [2015-10-08]
FF SearchPlugin: C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\searchplugins\youtube-mp3.xml [2015-05-15]
FF SearchPlugin: C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\searchplugins\youtube-video-search.xml [2015-08-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-18] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-291635215-515170609-3999724420-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\tonya\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-291635215-515170609-3999724420-1001: @talk.google.com/O1DPlugin -> C:\Users\tonya\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-291635215-515170609-3999724420-1001: @tools.google.com/Google Update;version=3 -> C:\Users\tonya\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-291635215-515170609-3999724420-1001: @tools.google.com/Google Update;version=9 -> C:\Users\tonya\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\tonya\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\tonya\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
StartMenuInternet: FIREFOX.EXE - K:\ff\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=GAMzftpbl0cshmoAU,60a68768-cf3b-42cd-8dc8-61ee444974c9,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default [2017-01-22]
CHR Extension: (Google Docs) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-27]
CHR Extension: (Google Drive) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-11]
CHR Extension: (YouTube) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-12]
CHR Extension: (Adblock Plus) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-02]
CHR Extension: (Google Search) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-11]
CHR Extension: (Google Docs Offline) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2278152 2015-08-04] (Broadcom Corporation.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-07-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-07-21] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-07-21] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-22] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-01-04] (Dropbox, Inc.)
R2 Ds3Service; C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe [381952 2015-09-04] (Scarlet.Crush Productions) [File not signed]
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-05-12] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3877768 2016-12-12] (Paramount Software UK Ltd)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-04] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-04] (Panda Security, S.L.)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [29080 2016-11-18] (Samsung Electronics Co., Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [92160 2015-02-17] (Code Sector) [File not signed]
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672208 2017-01-17] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [186152 2017-01-10] (Broadcom Corporation.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-07-21] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-07-21] (Bluestack System Inc. )
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-12-21] (REALiX™)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2013-08-06] (Apple Inc.) [File not signed]
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NNSALPC; C:\Windows\system32\DRIVERS\NNSALPC.sys [103856 2015-12-10] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [210864 2015-12-10] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [120240 2015-12-10] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [120240 2015-12-10] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [112560 2015-12-10] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\system32\DRIVERS\NNSPIHSW.sys [82864 2016-03-17] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [133552 2015-12-10] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [309680 2015-12-10] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [179632 2016-02-18] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [122800 2015-12-10] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [267184 2016-02-18] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\system32\DRIVERS\NNSTLSC.sys [115632 2015-12-10] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [174000 2016-08-09] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [129456 2016-08-09] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [207272 2016-08-09] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [133544 2016-08-09] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [146864 2016-08-09] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [117168 2016-08-09] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [72112 2016-08-09] (Panda Security, S.L.)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [418784 2016-12-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [5695744 2016-12-21] (Realtek Semiconductor Corporation                           )
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [272792 2016-11-18] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111512 2016-11-18] (Samsung Electronics Co., Ltd.)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2015-09-04] (Scarlet.Crush Productions)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 Tosrfcom; no ImagePath
R3 TSVAD_PCM; C:\Windows\system32\drivers\tsvadpcm.sys [33552 2016-08-11] (Windows ® Win 7 DDK provider)
R3 WacHidRouterPro; C:\Windows\System32\drivers\wachidrouter.sys [120472 2017-01-17] (Wacom Technology)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 panda_url_filteringd; \??\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 17:31 - 2017-01-24 17:31 - 00001809 _____ C:\Users\tonya\Desktop\JRT.txt
2017-01-24 17:25 - 2017-01-24 17:28 - 01663040 _____ (Malwarebytes) C:\Users\tonya\Desktop\JRT(1).exe
2017-01-24 17:22 - 2017-01-24 17:22 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2017-01-24 16:41 - 2016-08-09 21:10 - 00072112 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-01-24 16:33 - 2017-01-24 16:33 - 03988944 _____ C:\Users\tonya\Downloads\AdwCleaner(1).exe
2017-01-24 15:39 - 2017-01-24 15:39 - 00003978 _____ C:\Windows\System32\Tasks\{D4343E2F-639F-8984-B0F9-5AC6EFDECEF4}
2017-01-24 15:39 - 2017-01-24 15:39 - 00000000 ____D C:\ProgramData\{D45344F6-63F8-F35D-4CF5-7381C7E54F3F}
2017-01-24 15:38 - 2017-01-24 15:38 - 00003978 _____ C:\Windows\System32\Tasks\{77A35286-C008-E52D-AAF9-1A01589F2BF7}
2017-01-24 15:38 - 2017-01-24 15:38 - 00000000 ____D C:\ProgramData\{9BDF868D-2C74-3126-57BB-3F9DA35C40A6}
2017-01-24 00:55 - 2017-01-24 00:55 - 00000000 ____D C:\Users\tonya\AppData\Roaming\Faasoft Audio Converter
2017-01-24 00:54 - 2017-01-24 00:54 - 13488623 _____ (Faasoft Corporation) C:\Users\tonya\Downloads\f-audio-converter.exe
2017-01-24 00:48 - 2017-01-24 00:48 - 12288370 _____ (Hoo Technologies ) C:\Users\tonya\Downloads\totalamcvt.exe
2017-01-24 00:48 - 2017-01-24 00:48 - 00001238 _____ C:\Users\Public\Desktop\Total Audio MP3 Converter 3.lnk
2017-01-24 00:48 - 2017-01-24 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Audio MP3 Converter 3
2017-01-24 00:48 - 2017-01-24 00:48 - 00000000 ____D C:\Program Files (x86)\Total Audio MP3 Converter 3
2017-01-23 23:22 - 2017-01-23 23:22 - 00003978 _____ C:\Windows\System32\Tasks\{566F6876-E1C4-DFDD-1005-9A9DA525147B}
2017-01-23 23:22 - 2017-01-23 23:22 - 00000000 ____D C:\ProgramData\{83855B80-342E-EC2B-3EAC-8108D3EE7329}
2017-01-23 21:56 - 2017-01-23 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-23 20:05 - 2017-01-23 20:05 - 00003978 _____ C:\Windows\System32\Tasks\{BA7B6938-0DD0-DE93-706B-0DC6ACA1C7D2}
2017-01-23 20:05 - 2017-01-23 20:05 - 00003978 _____ C:\Windows\System32\Tasks\{18B90680-AF12-B12B-7DDC-25F09F933C69}
2017-01-23 20:05 - 2017-01-23 20:05 - 00000000 ____D C:\ProgramData\{803F2B78-3794-9CD3-24BF-6CBA55BD9AC8}
2017-01-23 20:05 - 2017-01-23 20:05 - 00000000 ____D C:\ProgramData\{2FD7D6B9-987C-6112-5D1E-8F9F945E8702}
2017-01-23 14:05 - 2017-01-23 14:05 - 00003978 _____ C:\Windows\System32\Tasks\{77CD6F01-C066-D8AA-189E-51AEF607FD9D}
2017-01-23 14:05 - 2017-01-23 14:05 - 00000000 ____D C:\ProgramData\{1547664B-A2EC-D1E0-A538-18E999DC47B0}
2017-01-22 23:28 - 2017-01-22 23:28 - 00003978 _____ C:\Windows\System32\Tasks\{81BB4220-3610-F58B-9DF1-E975748DA648}
2017-01-22 23:28 - 2017-01-22 23:28 - 00003978 _____ C:\Windows\System32\Tasks\{7BC1AD99-CC6A-1A32-0348-8ECFEFDCB956}
2017-01-22 23:28 - 2017-01-22 23:28 - 00000000 ____D C:\ProgramData\{43EA74C8-F441-C363-41F9-D1037AB1F13E}
2017-01-22 23:28 - 2017-01-22 23:28 - 00000000 ____D C:\ProgramData\{1F19E231-A8B2-559A-F3FD-9AB1E929E427}
2017-01-22 23:24 - 2017-01-22 23:24 - 00003978 _____ C:\Windows\System32\Tasks\{D7653E10-60CE-89BB-1C3F-71EB123E8329}
2017-01-22 23:24 - 2017-01-22 23:24 - 00000000 ____D C:\ProgramData\{36B3ADFB-8118-1A50-962C-259E1E21BF78}
2017-01-22 23:23 - 2017-01-22 23:23 - 00003888 _____ C:\Windows\System32\Tasks\{D031D5AC-BE4D-CE53-E922-EE8600EF673E}
2017-01-22 23:22 - 2017-01-22 23:22 - 00003978 _____ C:\Windows\System32\Tasks\{F8EDE224-4F46-558F-4F36-7C9765D32548}
2017-01-22 23:22 - 2017-01-22 23:22 - 00000000 ____D C:\ProgramData\{91BCA694-2617-113F-4689-1CE239FFBF4F}
2017-01-22 23:00 - 2017-01-22 23:02 - 00070178 _____ C:\Users\tonya\Downloads\Addition.txt
2017-01-22 22:59 - 2017-01-24 17:37 - 00044166 _____ C:\Users\tonya\Downloads\FRST.txt
2017-01-22 22:59 - 2017-01-24 17:37 - 00000000 ____D C:\FRST
2017-01-22 22:58 - 2017-01-22 22:59 - 02420736 _____ (Farbar) C:\Users\tonya\Downloads\FRST64.exe
2017-01-22 22:18 - 2017-01-22 22:20 - 03988944 _____ C:\Users\tonya\Downloads\adwcleaner_6.042.exe
2017-01-22 02:21 - 2017-01-22 02:21 - 00000000 ____D C:\Users\tonya\is-I9QJF.tmp
2017-01-22 02:21 - 2017-01-22 02:21 - 00000000 ____D C:\Users\tonya\is-1CEEK.tmp
2017-01-22 02:10 - 2017-01-22 02:10 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-22 02:08 - 2017-01-22 02:08 - 00000000 ____D C:\Windows\Panther
2017-01-21 22:23 - 2017-01-21 22:23 - 00243552 _____ C:\Users\tonya\Downloads\Firefox Setup Stub 50.1.0(3).exe
2017-01-21 22:19 - 2017-01-21 22:19 - 00243552 _____ C:\Users\tonya\Downloads\Firefox Setup Stub 50.1.0(2).exe
2017-01-21 21:55 - 2017-01-21 21:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2017-01-21 21:54 - 2017-01-17 16:24 - 02274256 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 02267600 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 02173392 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 02111952 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 01787856 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 01781200 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 01673168 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 01632720 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2017-01-21 21:54 - 2017-01-17 15:26 - 00120472 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2017-01-21 17:42 - 2017-01-21 17:42 - 1103113280 _____ C:\Users\tonya\Documents\highlights.mp4
2017-01-21 12:39 - 2017-01-21 12:39 - 1528678829 _____ C:\Users\tonya\Documents\roughesthighday.mp4
2017-01-21 07:54 - 2017-01-21 08:03 - 00132448 _____ C:\Users\tonya\Documents\uhhhhm_yeah.mp4.sfk
2017-01-20 20:18 - 2017-01-20 20:18 - 21314250 _____ C:\Users\tonya\Documents\roughesthighreel.mp4
2017-01-19 21:30 - 2017-01-19 22:23 - 40865571 _____ C:\Users\tonya\Downloads\Satans_Bluetooth_Stack_Installer.exe
2017-01-19 21:04 - 2017-01-19 21:12 - 29800283 _____ C:\Users\tonya\Downloads\Unconfirmed 186042.crdownload
2017-01-19 00:03 - 2017-01-19 00:03 - 00000000 ____D C:\Users\tonya\Downloads\MS_BT_HotFix
2017-01-19 00:02 - 2017-01-19 21:33 - 00000430 _____ C:\Users\tonya\AppData\Roaming\WiinUSoft_prefs.config
2017-01-19 00:02 - 2017-01-19 00:02 - 00084154 _____ C:\Users\tonya\Downloads\MS_BT_HotFix.zip
2017-01-19 00:00 - 2017-01-19 00:00 - 00000876 _____ C:\Users\Public\Desktop\WiinUSoft.lnk
2017-01-19 00:00 - 2017-01-19 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiinUSoft
2017-01-19 00:00 - 2017-01-19 00:00 - 00000000 ____D C:\Program Files\WiinUSoft
2017-01-19 00:00 - 2015-09-04 16:55 - 00039168 _____ (Scarlet.Crush Productions) C:\Windows\system32\Drivers\ScpVBus.sys
2017-01-18 23:47 - 2017-01-18 23:59 - 48273181 _____ (Justin Keys ) C:\Users\tonya\Downloads\wiinusoft_2.1.234_setup.exe
2017-01-18 02:04 - 2017-01-18 02:04 - 17628560 _____ (IObit ) C:\Users\tonya\Downloads\driver_booster_setup (1).exe
2017-01-15 16:37 - 2017-01-15 17:52 - 00000000 ____D C:\Users\tonya\AppData\LocalLow\uTorrent
2017-01-15 16:37 - 2017-01-15 16:37 - 00000000 ____D C:\Users\tonya\Downloads\Girl Meets World S03E21 Girl Meets Goodbye 720p HDrip X264 Solar
2017-01-13 03:20 - 2017-01-13 03:20 - 01297040 _____ C:\Users\tonya\Documents\sample.veg
2017-01-12 21:39 - 2017-01-12 21:39 - 01296464 _____ C:\Users\tonya\Documents\sample.veg.bak
2017-01-12 14:14 - 2017-01-12 14:14 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-01-12 14:14 - 2017-01-12 14:14 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-01-12 14:14 - 2017-01-12 14:14 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-01-11 22:23 - 2017-01-11 22:23 - 88264481 _____ C:\Users\tonya\Documents\sample.mp4
2017-01-11 17:03 - 2017-01-11 17:05 - 03356672 _____ C:\Users\tonya\Documents\sample.avi
2017-01-11 01:37 - 2017-01-11 16:56 - 12072960 _____ C:\Users\tonya\Documents\bellsdedede.avi
2017-01-10 21:16 - 2017-01-10 21:16 - 01286784 _____ C:\Users\tonya\Documents\bells.veg
2017-01-10 20:22 - 2016-12-22 18:13 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 20:22 - 2016-12-22 18:13 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 20:18 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2017-01-10 20:18 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-01-10 20:18 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-10 20:18 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-01-10 20:18 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-10 20:18 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-01-10 20:18 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2017-01-10 20:18 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-01-10 20:18 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-01-10 20:18 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-01-10 20:18 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-01-10 20:18 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-01-10 20:18 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-01-10 20:18 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-01-10 20:18 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-01-10 20:18 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-01-10 20:18 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-01-10 20:18 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2017-01-10 20:18 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2017-01-10 20:18 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2017-01-10 20:18 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2017-01-10 20:18 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll
2017-01-10 20:18 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-01-10 20:18 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-01-10 20:18 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-01-10 20:18 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-01-10 20:18 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-01-10 20:18 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-01-10 20:18 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-01-10 20:18 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2017-01-10 20:18 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2017-01-10 20:18 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-01-10 20:18 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2017-01-10 20:18 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-01-10 20:18 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-01-10 20:18 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-01-10 20:18 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll
2017-01-10 20:18 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2017-01-10 20:18 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-01-10 20:18 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-01-10 20:18 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-01-10 20:18 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2017-01-10 20:18 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2017-01-10 20:18 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-01-10 20:18 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 20:18 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-01-10 20:18 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-01-10 20:18 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-01-10 20:18 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 20:18 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-01-10 20:18 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-01-10 20:18 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-01-10 20:18 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-01-10 20:18 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-01-10 20:18 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-01-10 20:18 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-10 20:18 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-01-10 20:18 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 20:18 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 20:18 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 20:18 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-01-10 20:18 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-01-10 20:18 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-01-10 20:18 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-01-10 20:18 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-01-10 20:18 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 20:18 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-01-10 20:18 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-01-10 20:18 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-01-10 20:18 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-01-10 20:18 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-01-10 20:18 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-10 20:18 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-01-10 20:18 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 20:18 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-01-10 20:18 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-01-10 20:18 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-01-10 20:18 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-01-10 20:18 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-01-10 20:18 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-01-10 20:18 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-01-10 20:18 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-01-10 20:18 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-01-10 20:18 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-01-10 20:18 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-01-10 20:18 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-01-10 20:18 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-01-10 20:18 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2017-01-10 20:18 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 20:18 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-01-10 20:18 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-01-10 20:18 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-01-10 20:18 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2017-01-10 20:18 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-01-10 20:18 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2017-01-10 20:18 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-01-10 20:18 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2017-01-10 20:18 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 20:18 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-01-10 20:18 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-01-10 20:18 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-01-10 20:18 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-01-10 20:18 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 20:18 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 20:18 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-10 20:18 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2017-01-10 20:18 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-01-10 20:18 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-01-10 20:18 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-01-10 20:18 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 20:18 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-01-10 20:18 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-01-10 20:18 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-01-10 20:18 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2017-01-10 20:18 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-01-10 20:18 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-01-10 20:18 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 20:18 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2017-01-10 20:18 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-01-10 20:18 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll
2017-01-10 20:18 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-01-10 20:18 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 20:18 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\CloudBackupSettings.dll
2017-01-10 20:18 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 20:18 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-01-10 20:18 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2017-01-10 20:18 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-01-10 20:18 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-01-10 20:18 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 20:18 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-01-10 20:18 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-01-10 20:18 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-01-10 20:18 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2017-01-10 20:18 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2017-01-10 20:18 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 20:18 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-10 20:18 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2017-01-10 20:18 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2017-01-10 20:18 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-01-10 20:18 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-01-10 20:18 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-01-10 20:18 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-01-10 20:18 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-01-10 20:18 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-10 20:18 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-01-10 20:18 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-01-10 20:18 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-01-10 20:18 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-01-10 20:18 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-01-10 20:18 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-01-10 20:18 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 20:18 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-01-10 20:18 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-01-10 20:18 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-01-10 03:28 - 2017-01-10 03:28 - 00001931 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2017-01-10 03:28 - 2017-01-10 03:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-01-10 03:25 - 2017-01-10 03:26 - 41896256 _____ (Apple Inc.) C:\Users\tonya\Downloads\QuickTimeInstaller(2).exe
2017-01-10 03:25 - 2017-01-10 03:25 - 01204344 _____ (Adobe Systems Incorporated) C:\Users\tonya\Downloads\readerdc_en_jd_install.exe
2017-01-10 01:38 - 2017-01-10 01:38 - 00213312 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
2017-01-10 01:38 - 2017-01-10 01:38 - 00186152 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
2017-01-10 01:38 - 2017-01-10 01:38 - 00071148 _____ C:\Windows\system32\Drivers\BCM20702A1_001.002.014.1502.1764.hex
2017-01-10 01:33 - 2017-01-10 01:33 - 00003526 _____ C:\Users\tonya\Desktop\Greeting.amr
2017-01-10 01:32 - 2017-01-10 01:32 - 00385542 _____ C:\Users\tonya\Desktop\TASCAM_005623.wav
2017-01-10 01:17 - 2017-01-10 01:16 - 00004166 _____ C:\Users\tonya\Downloads\Greeting2.amr
2017-01-10 01:13 - 2015-05-01 17:38 - 00074502 _____ C:\Users\tonya\Downloads\1.amr
2017-01-10 01:09 - 2017-01-10 01:09 - 00003526 _____ C:\Users\tonya\Downloads\Greeting.amr
2017-01-10 01:02 - 2017-01-10 01:02 - 00527423 _____ ( ) C:\Users\tonya\Downloads\Lame_v3.99.3_for_Windows.exe
2017-01-10 01:02 - 2017-01-10 01:02 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2017-01-10 00:59 - 2017-01-10 00:57 - 00004166 _____ C:\Users\tonya\Desktop\Greeting3.amr
2017-01-10 00:50 - 2017-01-10 03:03 - 00000000 ____D C:\Users\tonya\AppData\Roaming\Cyberduck
2017-01-10 00:50 - 2017-01-10 00:50 - 00000000 __SHD C:\Users\tonya\wc
2017-01-10 00:48 - 2017-01-10 00:48 - 00001099 _____ C:\Users\Public\Desktop\Cyberduck.lnk
2017-01-10 00:48 - 2017-01-10 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberduck
2017-01-10 00:47 - 2017-01-10 00:48 - 00000000 ____D C:\Program Files (x86)\Cyberduck
2017-01-10 00:46 - 2017-01-10 00:47 - 16547632 _____ C:\Users\tonya\Downloads\Cyberduck-Installer-4.5.1.exe
2017-01-09 14:06 - 2017-01-09 14:06 - 01286784 _____ C:\Users\tonya\Documents\bells.veg.bak
2017-01-08 16:24 - 2017-01-22 22:35 - 00000000 ____D C:\Program Files\FreeFixer
2017-01-08 16:24 - 2017-01-08 16:24 - 00000000 ____D C:\Users\tonya\AppData\Roaming\FreeFixer
2017-01-08 16:23 - 2017-01-08 16:24 - 02704615 _____ (Kephyr) C:\Users\tonya\Downloads\freefixersetup.exe
2017-01-08 03:28 - 2017-01-08 14:21 - 00000000 ____D C:\Users\tonya\Downloads\Ariana Grande - Dangerous W (2016) [24bit]
2017-01-08 01:00 - 2017-01-08 01:00 - 00000000 ____D C:\Windows\system32\RAPID
2017-01-08 01:00 - 2016-11-18 19:04 - 00272792 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\SamsungRapidDiskFltr.sys
2017-01-08 00:54 - 2017-01-08 00:54 - 00000000 ____D C:\Program Files\Western Digital
2017-01-07 14:03 - 2017-01-07 14:04 - 00173320 _____ C:\Users\tonya\Documents\MVI_6803 - 1.MOV.sfk
2017-01-07 14:03 - 2017-01-07 14:04 - 00132448 _____ C:\Users\tonya\Documents\MVI_6808 - 1.MOV.sfk
2017-01-07 14:03 - 2017-01-07 14:04 - 00115280 _____ C:\Users\tonya\Documents\MVI_6804 - 1.MOV.sfk
2017-01-07 14:03 - 2017-01-07 14:04 - 00103568 _____ C:\Users\tonya\Documents\MVI_6909 - 1.MOV.sfk
2017-01-07 14:03 - 2017-01-07 14:04 - 00063832 _____ C:\Users\tonya\Documents\MVI_6807 - 1.MOV.sfk
2017-01-07 14:03 - 2017-01-07 14:04 - 00042864 _____ C:\Users\tonya\Documents\MVI_6805 - 1.MOV.sfk
2017-01-07 04:00 - 2017-01-21 22:22 - 00000645 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-07 03:58 - 2017-01-07 03:58 - 00243552 _____ C:\Users\tonya\Downloads\Firefox Setup Stub 50.1.0.exe
2017-01-07 03:58 - 2017-01-07 03:58 - 00243552 _____ C:\Users\tonya\Downloads\Firefox Setup Stub 50.1.0(1).exe
2017-01-07 03:40 - 2017-01-07 04:45 - 00000031 _____ C:\Windows\script.txt
2017-01-07 03:36 - 2017-01-07 03:36 - 00001874 _____ C:\Users\Public\Desktop\Data Migration.lnk
2017-01-07 03:36 - 2017-01-07 03:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-01-07 03:35 - 2017-01-07 03:35 - 00000000 ____D C:\Users\tonya\Downloads\Samsung_Data_Migration_Setup_v30
2017-01-07 03:34 - 2017-01-07 03:35 - 36941793 _____ C:\Users\tonya\Downloads\Samsung_Data_Migration_Setup_v30.zip
2017-01-07 03:19 - 2017-01-07 03:20 - 00000000 ____D C:\Users\tonya\Documents\Reflect
2017-01-07 03:03 - 2017-01-07 03:03 - 00002017 _____ C:\Users\Public\Desktop\Reflect.lnk
2017-01-07 03:03 - 2017-01-07 03:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2017-01-07 03:03 - 2017-01-07 03:03 - 00000000 ____D C:\Program Files\Macrium
2017-01-07 02:42 - 2017-01-07 02:57 - 00000000 ____D C:\Users\tonya\Downloads\Macrium
2017-01-07 02:41 - 2017-01-07 03:05 - 00000000 ____D C:\ProgramData\Macrium
2017-01-07 02:38 - 2017-01-07 02:41 - 03545552 _____ (Paramount Software UK Ltd) C:\Users\tonya\Downloads\ReflectDL.exe
2017-01-06 20:37 - 2017-01-06 20:37 - 00003330 _____ C:\Windows\System32\Tasks\SamsungMagician
2017-01-06 20:37 - 2017-01-06 20:37 - 00001318 _____ C:\Users\Public\Desktop\Samsung Magician.lnk
2017-01-06 20:37 - 2017-01-06 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2017-01-06 20:36 - 2017-01-06 20:36 - 00000000 ____D C:\Users\tonya\Downloads\Samsung_Magician_Installer
2017-01-06 20:32 - 2017-01-06 20:34 - 13944028 _____ C:\Users\tonya\Downloads\Samsung_Magician_Installer.zip
2017-01-06 20:28 - 2017-01-06 20:28 - 00000000 ____D C:\Users\tonya\Downloads\Samsung_NVMeDriver_2
2017-01-06 20:24 - 2017-01-06 20:24 - 03566683 _____ C:\Users\tonya\Downloads\Samsung_NVMeDriver_2.zip
2017-01-06 19:56 - 2017-01-06 19:57 - 00000000 ____D C:\Users\tonya\Downloads\9386_Disc_Win_120413
2017-01-06 19:46 - 2017-01-06 19:53 - 462787524 _____ C:\Users\tonya\Downloads\9386_Disc_Win_120413.zip
2017-01-06 19:42 - 2017-01-06 19:42 - 03700104 _____ C:\Users\tonya\Downloads\windows_pl2303_usb_driver.zip
2017-01-04 00:25 - 2017-01-04 00:25 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-01-01 00:55 - 2017-01-01 00:55 - 00000032 _____ C:\Users\tonya\Documents\bellsCE.avi.sfl
2016-12-31 23:50 - 2017-01-01 00:55 - 321125376 _____ C:\Users\tonya\Documents\bellsCE.avi
2016-12-31 23:47 - 2016-12-31 23:47 - 00000032 _____ C:\Users\tonya\Documents\bellsDE.avi.sfl
2016-12-31 23:08 - 2016-12-31 23:47 - 89205760 _____ C:\Users\tonya\Documents\bellsDE.avi
2016-12-31 23:03 - 2016-12-31 23:03 - 00000036 _____ C:\Users\tonya\Documents\bellsSCENE.avi.sfl
2016-12-31 22:36 - 2016-12-31 23:03 - 330736128 _____ C:\Users\tonya\Documents\bellsSCENE.avi
2016-12-31 01:33 - 2016-12-28 14:02 - 03325952 _____ (Silicon Valley Software) C:\Users\tonya\Desktop\Anim8or_1264.exe
2016-12-30 20:21 - 2016-12-30 20:21 - 01491818 _____ C:\Users\tonya\Downloads\animcl1264.zip
2016-12-29 13:53 - 2016-12-29 13:53 - 00001150 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-12-28 23:24 - 2016-12-28 23:25 - 00393552 _____ (Americanino Limited) C:\Users\tonya\Downloads\mrmemoryscanner (1).exe
2016-12-28 02:58 - 2016-12-28 02:59 - 00393552 _____ (Americanino Limited) C:\Users\tonya\Downloads\mrmemoryscanner.exe
2016-12-27 21:16 - 2016-12-27 21:16 - 00000040 _____ C:\Users\tonya\Documents\playbackhighdel.avi.sfl
2016-12-27 03:00 - 2016-12-27 03:00 - 00000044 _____ C:\Users\tonya\Documents\playbackhighbellly.avi.sfl
2016-12-27 02:21 - 2016-12-27 03:00 - 306240512 _____ C:\Users\tonya\Documents\playbackhighbellly.avi
2016-12-27 02:12 - 2016-12-27 02:12 - 01267128 _____ C:\Users\tonya\Documents\playbackhigh.veg
2016-12-26 14:34 - 2016-12-26 14:34 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2016-12-26 14:34 - 2016-12-26 14:34 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2016-12-25 18:30 - 2016-12-25 18:30 - 01263016 _____ C:\Users\tonya\Documents\playbackhigh.veg.bak
2016-12-25 18:22 - 2016-12-25 18:22 - 01263008 _____ C:\Users\tonya\Documents\playback.veg
2016-12-25 02:17 - 2016-12-25 02:17 - 00001024 _____ C:\HD-Plus-Service-Android-0.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 17:37 - 2016-11-17 23:09 - 00000000 ____D C:\Users\tonya\AppData\LocalLow\Mozilla
2017-01-24 17:22 - 2016-03-02 02:17 - 00000000 ___RD C:\Users\tonya\iCloudDrive
2017-01-24 17:21 - 2016-08-12 02:33 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-01-24 17:21 - 2015-08-13 05:26 - 00000000 __SHD C:\Users\tonya\IntelGraphicsProfiles
2017-01-24 16:41 - 2016-08-12 03:13 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-24 16:40 - 2016-07-16 01:04 - 00786432 _____ C:\Windows\system32\config\BBI
2017-01-24 16:40 - 2014-03-07 19:52 - 00000000 ____D C:\AdwCleaner
2017-01-24 16:34 - 2014-04-28 23:14 - 00000000 ____D C:\Users\tonya\AppData\Roaming\Audacity
2017-01-24 16:08 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\AppReadiness
2017-01-24 15:40 - 2016-10-22 11:57 - 00004142 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{441C6BE9-AD64-4A16-8C0D-6D2091E1B08F}
2017-01-24 03:19 - 2015-08-09 18:12 - 00000000 ____D C:\Users\tonya\AppData\Roaming\vlc
2017-01-23 23:40 - 2015-03-04 15:22 - 00000000 ____D C:\Users\tonya\AppData\Roaming\TeraCopy
2017-01-23 21:56 - 2015-06-21 21:14 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-23 00:26 - 2016-06-23 10:23 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-22 22:38 - 2016-12-21 21:41 - 00000000 ____D C:\Program Files (x86)\IObit
2017-01-22 22:33 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-22 21:56 - 2016-10-23 16:44 - 00000000 ____D C:\ProgramData\panda_url_filtering
2017-01-22 21:42 - 2016-07-16 06:45 - 00000000 ____D C:\Windows\INF
2017-01-22 02:29 - 2016-08-12 02:42 - 00000000 ____D C:\Users\tonya
2017-01-22 01:07 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\PLA
2017-01-22 00:41 - 2015-10-09 16:55 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-21 22:28 - 2014-03-07 21:00 - 00000000 ____D C:\Users\tonya\Desktop\Old Firefox Data
2017-01-21 22:22 - 2014-03-07 00:33 - 00000645 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-21 22:19 - 2016-11-16 15:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-21 21:54 - 2016-03-21 21:34 - 00000000 ____D C:\Program Files\Tablet
2017-01-20 23:38 - 2015-10-08 13:48 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-19 22:41 - 2013-09-12 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2017-01-19 22:41 - 2013-09-12 23:41 - 00000000 ____D C:\Program Files (x86)\Toshiba
2017-01-19 21:12 - 2014-03-07 18:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-18 02:02 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-18 02:02 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-18 02:00 - 2016-12-21 21:41 - 00000000 ____D C:\ProgramData\IObit
2017-01-18 01:58 - 2015-03-06 02:04 - 00000000 ____D C:\Users\tonya\AppData\Roaming\uTorrent
2017-01-15 15:29 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-15 15:28 - 2014-03-06 21:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-01-11 19:08 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\rescache
2017-01-10 21:21 - 2016-08-12 02:33 - 05035464 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-10 21:20 - 2016-07-16 06:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-01-10 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-01-10 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\oobe
2017-01-10 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-01-10 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\Provisioning
2017-01-10 20:30 - 2016-07-16 06:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-10 20:27 - 2014-03-09 13:21 - 00000000 ____D C:\Windows\system32\MRT
2017-01-10 20:22 - 2014-03-09 13:21 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-10 03:28 - 2014-03-07 19:37 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-01-08 00:59 - 2015-04-29 17:22 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-01-08 00:54 - 2015-08-12 21:31 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2017-01-08 00:54 - 2015-08-12 21:21 - 00000000 ____D C:\ProgramData\Western Digital
2017-01-08 00:54 - 2015-08-12 21:21 - 00000000 ____D C:\Program Files (x86)\Western Digital
2017-01-08 00:54 - 2013-12-20 08:31 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-07 19:07 - 2016-03-12 02:11 - 00000000 ____D C:\Users\tonya\AppData\Roaming\Adobe
2017-01-07 19:07 - 2016-03-12 02:08 - 00000000 ____D C:\ProgramData\Adobe
2017-01-07 19:07 - 2016-02-25 01:49 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-01-07 07:29 - 2016-07-16 06:47 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2017-01-07 04:31 - 2014-03-07 00:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-07 03:36 - 2013-09-12 23:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-07 02:10 - 2015-08-13 03:36 - 01193250 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-06 20:36 - 2015-04-29 17:19 - 00000000 ____D C:\ProgramData\Samsung
2016-12-26 14:34 - 2016-07-16 06:47 - 00000000 ____D C:\Users\Default\AppData\Roaming
2016-12-26 14:34 - 2016-07-16 06:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming
2016-12-25 02:24 - 2016-07-30 14:49 - 00000000 ____D C:\ProgramData\BlueStacksSetup

==================== Files in the root of some directories =======

2016-02-24 21:27 - 2016-02-24 21:27 - 0000016 ____H () C:\Program Files (x86)\Common Files\dys1-astg
2016-02-24 19:50 - 2016-02-24 19:50 - 0000016 ____H () C:\Program Files (x86)\Common Files\vs1-astg
2015-03-28 22:08 - 2015-04-30 11:47 - 0000132 _____ () C:\Users\tonya\AppData\Roaming\Adobe PNG Format CC Prefs
2016-08-17 01:14 - 2016-09-29 19:27 - 0001178 _____ () C:\Users\tonya\AppData\Roaming\Coolorus 2
2015-06-03 21:10 - 2015-06-03 21:10 - 0000112 _____ () C:\Users\tonya\AppData\Roaming\JP2K CS6 Prefs
2016-01-23 01:51 - 2016-03-18 22:57 - 0000028 _____ () C:\Users\tonya\AppData\Roaming\kulerdata.json
2016-10-22 12:04 - 2016-11-02 17:42 - 0138296 _____ () C:\Users\tonya\AppData\Roaming\net.telestream.wirecast.xml
2016-10-22 12:04 - 2016-10-22 12:04 - 0067454 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_AKAMAI_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0004755 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_BAMBUSER_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0004935 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_CHURCHSTREAMING_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0003931 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_DAILYMOTION_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0005919 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_LIGHTCAST_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0004356 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_MAKETV_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0003439 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0003825 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFILIATE_ID_brandingimage_main.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0016357 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_ONSTREAM_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0010088 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0004482 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFILIATE_ID_brandingimage_main.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0007122 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMING_MEDIA_HOSTING_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0008261 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMSHARK_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0010619 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0005241 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAM_SPOT_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0008986 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_SUNDAY_STREAMS_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0003213 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_THE_CUBE_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0022670 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_TILTEDGLOBE_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0003302 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_TULIX_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0008949 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_VERIZON_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0008949 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_VERIZON_AFFILIATE_ID_brandingimage_main.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0008683 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_ZIXI_AFFILIATE_ID_brandingimage_destination.png
2015-08-08 00:07 - 2015-10-02 02:39 - 0000866 _____ () C:\Users\tonya\AppData\Roaming\PureRef.ini
2014-03-07 18:31 - 2014-03-07 18:31 - 0000045 _____ () C:\Users\tonya\AppData\Roaming\WB.CFG
2017-01-19 00:02 - 2017-01-19 21:33 - 0000430 _____ () C:\Users\tonya\AppData\Roaming\WiinUSoft_prefs.config
2016-11-02 17:42 - 2016-11-02 17:42 - 0000000 _____ () C:\Users\tonya\AppData\Roaming\wirecast_check_crash.txt
2015-02-27 17:27 - 2017-01-22 23:44 - 0001456 _____ () C:\Users\tonya\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-10-13 10:29 - 2016-10-13 10:29 - 0004608 _____ () C:\Users\tonya\AppData\Local\dnow.exe
2016-02-08 00:21 - 2016-12-27 00:29 - 0007593 _____ () C:\Users\tonya\AppData\Local\Resmon.ResmonCfg
2016-10-21 21:32 - 2016-10-21 21:33 - 0000003 _____ () C:\Users\tonya\AppData\Local\run1.txt
2016-02-24 21:27 - 2016-02-24 21:27 - 0000011 ____H () C:\ProgramData\.dys1sfi
2016-02-24 19:50 - 2016-02-24 19:50 - 0000016 ____H () C:\ProgramData\.vs1sfi
2016-08-12 02:36 - 2016-08-12 02:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-24 16:12

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by tonya (24-01-2017 17:38:09)
Running from C:\Users\tonya\Downloads
Windows 10 Home Version 1607 (X64) (2016-08-12 08:26:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-291635215-515170609-3999724420-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-291635215-515170609-3999724420-503 - Limited - Disabled)
Guest (S-1-5-21-291635215-515170609-3999724420-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-291635215-515170609-3999724420-1003 - Limited - Enabled)
tonya (S-1-5-21-291635215-515170609-3999724420-1001 - Administrator - Enabled) => C:\Users\tonya
wiicu (S-1-5-21-291635215-515170609-3999724420-1004 - Limited - Enabled) => C:\Users\wiicu

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Panda Free Antivirus (Disabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Disabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.1.4 - Intel) Hidden
µTorrent (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 5.0.0 - Atomi Systems, Inc.)
Ad-Aware Web Companion (x32 Version: 1.1.885.1766 - Lavasoft) Hidden
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.1 - Adobe Systems Incorporated)
Adobe After Effects CC 2014.1.1 (HKLM-x32\...\Adobe After Effects CC 2014.1.1) (Version: - )
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.7.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.272 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.2.1 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0) (Version: 17.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014.0.1 (HKLM-x32\...\Adobe Premiere Pro CC 2014.0.1) (Version: - )
Adobe Reader XI (11.0.07) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.4-6 - Wacom Technology Corp.)
Beyond Good and Evil (HKLM-x32\...\Beyond Good and Evil_is1) (Version: - GOG.com)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.3.41.6024 - BlueStack Systems, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.12(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boris Continuum Complete 10 CE for Adobe CS5, CS6, CC (HKLM\...\{45F7EB88-E0B4-4B57-8C1B-A5D8A61F9A29}) (Version: 10.0.0079 - Boris FX, Inc.)
Boris FX 10 (64 Bit) (HKLM\...\{BAF3FFCF-4BFC-42C9-A5F3-EF5F55615C29}) (Version: 10.0.1 - Boris FX, Inc.)
Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation)
Canon 600D Camera Pack (HKLM-x32\...\{CC3B772B-FBF9-4D16-99E7-2B5C144B7900}) (Version: 2.00.0000 - Rubber Monkey Software)
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version: - )
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.3.0.1 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.2.10.0 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.14.10.0 - Canon Inc.)
CanoScan 4400F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.3.8 - CELSYS)
Corel Painter 13 - IPM (Version: 14.0 - Corel Corporation) Hidden
Corel Painter 13 - IPM Content (Version: 14.0 - Corel Corporation) Hidden
Corel Painter 2017 - Content (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - Core (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - Corex64 (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - CT (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - DE (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - EN (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - FR (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - IPM (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - IPM Content (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - JP (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 (HKLM\...\_{0EB4382B-8422-4059-8027-3403DE8E8C3F}) (Version: 16.0.0.400 - Corel Corporation)
Corel Update Manager (Version: 2.3.129 - Corel corporation) Hidden
Cyberduck 4.5.1 (14915) (HKLM-x32\...\Cyberduck) (Version: 4.5.1 (14915) - )
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.41) (Version: 1.1.0.41 - DAZ 3D)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Dropbox (HKLM-x32\...\Dropbox) (Version: 18.4.32 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DynamicSketch v1.6.0 for Adobe™ Illustrator™ CS4-CC (17) (HKLM\...\{D2F0DA0D-6D27-42DA-B53D-C352EC0E7FA7}) (Version: 1.6.0 - Astute Graphics Limited)
Epson Easy Photo Print 2 (HKLM-x32\...\{674E262F-72EA-41C1-AF16-9727311A4553}) (Version: 2.4.1.0 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
f.lux (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Flux) (Version: - )
FastStone Image Viewer 6.0 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.0 - FastStone Soft)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
FilmConvert Pro OFX (HKLM\...\{ED2C998B-E673-4084-A7A2-F156B93C98AF}) (Version: 2.0.7 - Rubber Monkey Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
hubiC - x64 (Version: 2.1.1.145 - OVH) Hidden
hubiC (HKLM-x32\...\{51fea8cc-5bb6-4312-86f5-1802a10e030d}) (Version: 2.1.1.145 - OVH)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
Imagenomic Portraiture 2.3.3 Plug-in (build 2330) (HKLM\...\ImagenomicPortraiturePlugin) (Version: - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.418 - IObit)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Knoll Light Factory Photo 32 bit (HKLM-x32\...\InstallShield_{671BFBC4-81B0-49B0-958F-765670D7E10A}) (Version: 3.2 - Red Giant Software)
Knoll Light Factory Photo 32 bit (x32 Version: 3.2 - Red Giant Software) Hidden
Knoll Light Factory Photo 64 bit (HKLM-x32\...\InstallShield_{69F849EF-4918-4333-81C1-8D8FC07E62B1}) (Version: 3.2 - Red Giant Software)
Knoll Light Factory Photo 64 bit (Version: 3.2 - Red Giant Software) Hidden
Kodi (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Kodi) (Version: - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LavasoftTcpService (x32 Version: 2.3.2.7 - Lavasoft) Hidden
Lazy Nezumi Pro 15.7.3.1740 (HKLM-x32\...\Lazy Nezumi Pro_is1) (Version: 15.7.3.1740 - Guillaume Stordeur)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.3.1665 - Paramount Software (UK) Ltd.) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}) (Version: 11.4.0 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.4.0 - Red Giant Software) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.5 - Smith Micro)
MAYFLASH GameCube Controller Adapter (HKLM-x32\...\{FEF678F8-4BD4-4692-8288-6CAFFDFD7739}) (Version: 3.85 - MAYFLASH)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4893.1002 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
Neat Video v2.6 Pro plug-in for Sony Vegas (64-bit) (HKLM\...\Neat Video for Sony Vegas_is1) (Version: - Neat Video team, ABSoft)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.2 - OBS Project)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.3.24 (HKLM\...\{15E093DF-951E-46CB-B3EC-E1287E7A2319}) (Version: 4.3.24 - Oracle Corporation)
Painter 2015 - Contentx64 (Version: 14.1.4 - Corel Corporation) Hidden
Painter 2015 - Core (Version: 14.1.5 - Corel Corporation) Hidden
Painter 2015 - Corex64 (Version: 14.1.4 - Corel Corporation) Hidden
Painter 2015 - CT (Version: 14.1.4 - Corel Corporation) Hidden
Painter 2015 - DE (Version: 14.1.5 - Corel Corporation) Hidden
Painter 2015 - EN (Version: 14.1.5 - Corel Corporation) Hidden
Painter 2015 - FR (Version: 14.1.4 - Corel Corporation) Hidden
Painter 2015 - Setup Files (Version: 14.1.4 - Corel Corporation) Hidden
Painter 2017 - Setup Files (Version: 16.0 - Corel Corporation) Hidden
Pale Moon 26.1.1 (x86 en-US) (HKLM-x32\...\Pale Moon 26.1.1 (x86 en-US)) (Version: 26.1.1 - Moonchild Productions)
Panda Devices Agent (x32 Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.08.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 17.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 8.31.00 - Panda Security) Hidden
Panda Safe Web (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.20 - Panda Security and Visicom Media Inc.)
ParticleShop - Core (Version: 1.0 - Corel Corporation) Hidden
ParticleShop - IPM (Version: 1.0 - Corel Corporation) Hidden
ParticleShop - IPM Content (Version: 1.0 - Corel Corporation) Hidden
ParticleShop (HKLM\...\_{6F224046-E164-4B78-9867-3AE494271D29}) (Version: 1.0.0.516 - Corel Corporation)
ParticleShop (Version: 1.0 - Corel Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Perfectly Clear Plugin 1.7.1 (HKLM-x32\...\Perfectly Clear Plugin) (Version: 1.7.1 - Athentech)
Perfectly Clear Plugin v2 2.0.0.28 (HKLM-x32\...\Perfectly Clear Plugin v2) (Version: 2.0.0.28 - Athentech)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Portrait Professional Studio 10.8 Trial (HKLM-x32\...\PortraitProfessionalStudio10Trial_is1) (Version: 10.8 - Anthropics Technology Ltd.)
PortraitPro 15.4 (HKLM-x32\...\PortraitPro15_is1) (Version: 15.4 - Anthropics Technology Ltd.)
PortraitPro 15.5 Trial (HKLM-x32\...\PortraitPro15Trial_is1) (Version: 15.5 - Anthropics Technology Ltd.)
PureRef (HKLM-x32\...\PureRef) (Version: 1.6.0 - Idyllic Pixel)
qBittorrent 3.1.12 (HKLM-x32\...\qBittorrent) (Version: 3.1.12 - The qBittorrent project)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RAPID Mode (Version: 1.0.0.97 - Samsung Electronics Co., Ltd.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
ReelSmart Motion Blur 4, After Effects-compatible plugin set (HKLM-x32\...\ReelSmart Motion Blur 4, After Effects-compatible plugin set) (Version: - )
Remote Mouse version 2.801 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.801 - Remote Mouse)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.0 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Sonic Generations (HKLM-x32\...\Sonic Generations_is1) (Version: - )
Spotify (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Spotify) (Version: 1.0.25.127.g58007b4c - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TeraCopy 3.0 alfa 2 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Tony Hawks Pro Skater HD (HKLM-x32\...\Tony Hawks Pro Skater HD_is1) (Version: - )
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.38 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Total Audio MP3 Converter v3.2.3 build 1415 (HKLM-x32\...\{0C2BF220-E21C-493D-B2A3-D89848C719F0}_is1) (Version: - Hoo Technologies)
TVMC (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\TVMC) (Version: - TVADDONS.ag)
TVPaint Animation 10 Pro v10.0.16 (HKLM-x32\...\TVPaint Animation 10 Pro v10.0.1610.0.16) (Version: 10.0.16 - Friends in War)
VectorScribe v1.9.2 for Adobe™ Illustrator™ CS4-CC (17) (HKLM\...\{5BD20D46-9055-4A4B-8110-3C1D6472EDEB}) (Version: 1.9.2 - Astute Graphics Limited)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{F15270DE-AAA0-11E6-BC48-8EDAE4BED5C9}) (Version: 14.0.201 - VEGAS)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3A78192E-E683-4231-8DB5-F9453910CEF6}) (Version: 2.15.0401 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{BB5A0BB0-657F-48DC-A475-5503F39CED05}) (Version: 2.14.1202 - Samsung Electronics Co., Ltd.)
Visual Studio 2010 SP1 Runtime x64 (HKLM\...\{F6305232-7952-4CCE-BDCD-9B2E66591C4A}) (Version: 1.0.0 - Microsoft Corporation)
Visual Studio 2010 SP1 Runtime x86 (HKLM-x32\...\{AEA163A5-BA2F-4E63-9529-DE8606AC82A4}) (Version: 1.0.0 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.20-5 - Wacom Technology Corp.)
Waterfox 44.0.3 (x64 en-US) (HKLM\...\Waterfox 44.0.3 (x64 en-US)) (Version: 44.0.3 - Mozilla)
WD Drive Utilities (HKLM-x32\...\{22662b08-91e0-4540-bb98-c96f32e09417}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{429a42d7-4c55-44d4-b38a-5872a0d70495}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
Web Companion (HKLM-x32\...\{0CCC3DEB-F976-4477-AD38-520A692B9F4D}_WebCompanion) (Version: 1.1.885.1766 - Lavasoft)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.7 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.5 - Wacom Technology Corp.)
WiinUSoft version 2.1 (HKLM\...\{1BFC4F9F-BB85-4CE3-AC22-0CBFF78D5EE4}_is1) (Version: 2.1 - Justin Keys)
WinDirStat 1.1.2 (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\WinDirStat) (Version: - )
Window On Top version 3.8 (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\{7F2C28D2-EE31-49A5-94F2-67285DAE372B}_is1) (Version: 3.8 - Skybn Software)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wirecast (HKLM\...\{2EDE31E5-8935-4E89-9D47-BCCF70668A09}) (Version: 7.1.0 - Telestream LLC)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-291635215-515170609-3999724420-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-291635215-515170609-3999724420-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\tonya\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-291635215-515170609-3999724420-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-291635215-515170609-3999724420-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\tonya\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0970A26B-7B06-4E14-B438-5982A31B8AF4} - \{28794B7E-D82D-4F10-9AA0-E0566EC1BEC7} -> No File <==== ATTENTION
Task: {0C52E362-A66B-4E4F-87AB-A545CB0D31D6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {140EE89E-A67F-4BB3-A119-49321942E151} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {147B414D-6BFE-48CB-8308-9CF7AF180707} - System32\Tasks\{F8EDE224-4F46-558F-4F36-7C9765D32548} => C:\ProgramData\{91BCA694-2617-113F-4689-1CE239FFBF4F}\17C284B6-A069-331D-D40C-BBA3BDF67AE5.exe [2017-01-22] () <==== ATTENTION
Task: {17B97FA6-74C3-4B17-9C02-2B9C68526B88} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {192674FC-B397-4A81-BDEF-E3FA82E19983} - \RTKCPL -> No File <==== ATTENTION
Task: {2254F70A-C900-4DAF-A740-3471FDE79D60} - \{4DA03C92-FA0B-8B39-7E48-5461C13681E2} -> No File <==== ATTENTION
Task: {266748D8-3EF8-4DDA-AB6E-7ADDF2D82AD0} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {2CB4FBD7-574F-42A0-9D66-8C76CA1228F5} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {360E63AA-9436-4D59-854A-7656D83B776D} - \Red Giant Link -> No File <==== ATTENTION
Task: {3A741055-8DBC-448A-80BF-699325662D85} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-01-12] (Corel Corporation)
Task: {3B2E50CA-75B4-4031-BFF1-D4841CD776F9} - System32\Tasks\{BA7B6938-0DD0-DE93-706B-0DC6ACA1C7D2} => C:\ProgramData\{803F2B78-3794-9CD3-24BF-6CBA55BD9AC8}\378A3C99-8021-8B32-3AC0-0022E7FEBC71.exe [2017-01-23] () <==== ATTENTION
Task: {3B76A56B-EC53-4136-9E67-FF10994F3C4B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {3C647729-C9A2-4121-8558-F9E3FB29CC77} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {3E1CA44E-9325-4679-BA8A-7BB1D4FC8898} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {3F6A6962-393D-4C76-A506-BEBC2C051747} - System32\Tasks\{77CD6F01-C066-D8AA-189E-51AEF607FD9D} => C:\ProgramData\{1547664B-A2EC-D1E0-A538-18E999DC47B0}\D5F9B1A9-6252-0602-C276-3C7368131503.exe [2017-01-23] () <==== ATTENTION
Task: {3F9940A8-1937-4C86-B850-16F6AB843B38} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3FEFE4E9-9E68-47C5-8366-B0C6F0C77E6B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {47973DF3-4BC3-4E7B-ADC2-3D0C79C63E80} - System32\Tasks\{18B90680-AF12-B12B-7DDC-25F09F933C69} => C:\ProgramData\{2FD7D6B9-987C-6112-5D1E-8F9F945E8702}\0B4B8873-BCE0-3FD8-5084-4F37A7E425D9.exe [2017-01-23] () <==== ATTENTION
Task: {4941EC19-9A92-454F-99E6-505146EC4F3C} - System32\Tasks\{D031D5AC-BE4D-CE53-E922-EE8600EF673E} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\ff9ad289\a1319b15.dll" <==== ATTENTION
Task: {49E55F3F-8D25-492D-A383-8AA1B13A57E9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {54A14671-633C-459D-AC82-37589045A6D5} - \Optimize Start Menu Cache Files-S-1-5-21-291635215-515170609-3999724420-500 -> No File <==== ATTENTION
Task: {5CEA0B17-E991-47D4-9EE9-0081BAA8E1B2} - \Optimize Start Menu Cache Files-S-1-5-21-291635215-515170609-3999724420-1001 -> No File <==== ATTENTION
Task: {5F6B8A60-EDFA-4E39-BF8C-B60F9CD4B79B} - \3267205 -> No File <==== ATTENTION
Task: {6C8C3FC5-2615-49AD-9092-7CDB8CA2E6AE} - \{A99B2F1B-1E30-98B0-7B45-4B8445817625} -> No File <==== ATTENTION
Task: {6DF692BC-B6C4-442C-BAC9-715F13851189} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {72179CEE-0C8B-4B69-A8AB-E1E1F079BFCF} - System32\Tasks\{81BB4220-3610-F58B-9DF1-E975748DA648} => C:\ProgramData\{1F19E231-A8B2-559A-F3FD-9AB1E929E427}\BBBB935F-0C10-24F4-12B5-F51FA8CAD942.exe [2017-01-22] () <==== ATTENTION
Task: {73FC4279-6832-4311-A8D9-8D0223485EDB} - \WPD\SqmUpload_S-1-5-21-291635215-515170609-3999724420-1001 -> No File <==== ATTENTION
Task: {77AA10C1-B277-49C9-A4F8-6D68367AE165} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7AA827B3-0D83-4967-8532-068BBDFEEF21} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-22] (Dropbox, Inc.)
Task: {7AC2B429-2750-4BFD-91E8-A24FBCB87FD9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {7C2C1B14-723D-4879-85A8-60AA3B005758} - System32\Tasks\{D7653E10-60CE-89BB-1C3F-71EB123E8329} => C:\ProgramData\{36B3ADFB-8118-1A50-962C-259E1E21BF78}\79CEDD93-CE65-6A38-B06E-10DCBAAE2E52.exe [2017-01-22] () <==== ATTENTION
Task: {7CF04528-B047-4549-B31B-5D6903166D84} - \{AE52246C-19F9-93C7-6FC5-58497BF89301} -> No File <==== ATTENTION
Task: {8D262774-B5AD-4191-982E-3EB86FCC3D07} - System32\Tasks\{7BC1AD99-CC6A-1A32-0348-8ECFEFDCB956} => C:\ProgramData\{43EA74C8-F441-C363-41F9-D1037AB1F13E}\D71D735C-60B6-C4F7-F41E-E2D5D9064742.exe [2017-01-22] () <==== ATTENTION
Task: {9167DF03-62CB-4A2A-997A-4D8637F5F886} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-291635215-515170609-3999724420-1001UA => C:\Users\tonya\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-18] (Google Inc.)
Task: {9507210A-D324-4E7A-85FA-90D5BFEE1A9D} - System32\Tasks\{77A35286-C008-E52D-AAF9-1A01589F2BF7} => C:\ProgramData\{9BDF868D-2C74-3126-57BB-3F9DA35C40A6}\19A6ECA6-AE0D-5B0D-648E-E06336377F1B.exe [2017-01-24] () <==== ATTENTION
Task: {9EEA600B-6778-4A39-93ED-9B637831053E} - System32\Tasks\CorelUpdateHelperTask => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-01-12] (Corel Corporation)
Task: {A0833729-A324-45A6-BBF4-3BF0B91DAB6F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {A6928E78-6EF6-4728-AAE7-AFF952E86153} - \{E746A105-CFB9-41A1-B710-2E841870CCCE} -> No File <==== ATTENTION
Task: {A69E1FBC-DAF9-4B54-8103-2B9BB4D1D2A0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A6D90AC5-BC36-4B5F-A8D8-AEA3054B13B4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AF765BC3-6001-49A9-97BE-63DEEB91ABB2} - \{E5A3C53C-5208-7297-84D3-A180245EB23D} -> No File <==== ATTENTION
Task: {B224710A-187A-46E7-8F6C-E307F62FE55B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-18] (Adobe Systems Incorporated)
Task: {B3142959-AFFB-4A77-978D-2E1BA4E3F3F7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation)
Task: {BA8D47FE-537B-4C60-9925-FBBD31DCBDDE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-291635215-515170609-3999724420-1001Core => C:\Users\tonya\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-18] (Google Inc.)
Task: {C5A469AD-5894-412A-8539-B6DA06422E05} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {C903B731-E8A7-4458-B6B9-C622F4B3448F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CBB28EC9-AEB5-4035-9662-652DDA1F2DDE} - \Resolution+ Setting Task -> No File <==== ATTENTION
Task: {D19BC68E-FFEB-4168-915C-3AFB793BBDEF} - \{A215C698-15BE-7133-61E8-E0D25E1A559E} -> No File <==== ATTENTION
Task: {D288EFDD-A2EC-48EA-B3B1-B31C728BB83A} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2016-11-23] (Samsung Electronics Co. Ltd.)
Task: {D91D7537-C6FB-4082-8F4B-7D5E37CF40AE} - \{977244DB-20D9-F370-1503-AD2C071911AA} -> No File <==== ATTENTION
Task: {DCBCBC41-A757-4A6C-8453-0E3DEB7EF93A} - System32\Tasks\{566F6876-E1C4-DFDD-1005-9A9DA525147B} => C:\ProgramData\{83855B80-342E-EC2B-3EAC-8108D3EE7329}\003C7365-B797-C4CE-E3D2-88481EC4BB0D.exe [2017-01-23] () <==== ATTENTION
Task: {E004A5DA-308F-4C2C-A42C-C696AEB04041} - \{B96818CA-0EC3-AF61-2DFA-CA7C3DF4BFCF} -> No File <==== ATTENTION
Task: {E11984A0-5706-4EE7-A8C7-5F56738CE0C3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E54868B5-2D64-4495-A011-68B8FCA95669} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E6A71B58-E51E-4C3B-AA16-B2E57D68977C} - \{4F8EE889-F825-5F22-E310-3F7A7A92C64C} -> No File <==== ATTENTION
Task: {EB601EBB-1085-42D5-8C56-00A5A2BB1C5E} - \[email protected] -> No File <==== ATTENTION
Task: {EB6B4717-C191-49F2-AF0B-219A2B9348E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F32E2413-366D-48A8-85BB-6976C0CC8440} - \{0A0C7A47-7E09-790E-7D11-0B0D0D05117E} -> No File <==== ATTENTION
Task: {F6739571-6C32-4FF0-94FE-82E9AF06B54D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-10] (Microsoft Corporation)
Task: {F7C3E48E-7E04-4CF0-B208-0BEBBF77449B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {F9C0EAD0-1000-449F-9438-C1E1B1876330} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-22] (Dropbox, Inc.)
Task: {FB8C48AF-C99E-4326-A5BD-0DDA26C35478} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {FCEDEA83-D237-4D98-A25F-0AEC003C4AAE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FE898BBF-3731-415F-A23E-E37D2C8A48D3} - System32\Tasks\{D4343E2F-639F-8984-B0F9-5AC6EFDECEF4} => C:\ProgramData\{D45344F6-63F8-F35D-4CF5-7381C7E54F3F}\339E07CF-8435-B064-C219-6CAD40D013EA.exe [2017-01-24] () <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZ Install Manager\DAZ Install Manager Read Me.lnk -> hxxp:docs.daz3d.com\doku.php\public\read_me\index\1481

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-13 21:05 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-01-15 15:21 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-10 15:54 - 2013-09-10 15:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-06-08 17:04 - 2016-06-08 17:04 - 00117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-12-13 21:05 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2015-03-04 15:07 - 2012-01-29 16:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-09-14 20:46 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 20:18 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 20:18 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 20:18 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 20:18 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 20:18 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 20:18 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-21 21:34 - 2010-10-21 08:38 - 01182576 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 01658320 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2016-12-21 22:54 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-12-21 22:54 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-12-21 22:54 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-12-15 12:17 - 2015-12-15 12:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-10-08 13:48 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-10-08 13:48 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-10-08 13:48 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-10-08 13:48 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-12-20 08:13 - 2013-09-03 19:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1 [5]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2 [5]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3 [4]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4 [5]
AlternateDataStreams: C:\Users\tonya\Desktop\Version_two.mp4:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\tonya\Downloads\05 Love Will Be Enough for Us.m4a:com.dropbox.attributes [252]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2016-10-21 23:08 - 00001809 ___RA C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com       127.0.0.1 activate.adobe.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
162.222.194.13       cocomo.tremorhub.com
162.222.194.13       virustotal.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-291635215-515170609-3999724420-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tonya\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ss_conn_service => 2
HKLM\...\StartupApproved\StartupFolder: => "Constant Guard.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Fast Connect.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ParticleShop Update Helper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\StartupFolder: => "Verizon Wireless Software Utility Application for Android – Samsung.lnk"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "ComcastAntispyClient"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "hubiC"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "Remote Mouse"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [UDP Query User{32A8101A-E081-43AD-93FF-DCB01EA82F02}C:\users\tonya\downloads\yooka-laylee toybox+\toybox64.exe] => C:\users\tonya\downloads\yooka-laylee toybox+\toybox64.exe
FirewallRules: [TCP Query User{513B5887-9F40-48A6-9412-027DCD7995F3}C:\users\tonya\downloads\yooka-laylee toybox+\toybox64.exe] => C:\users\tonya\downloads\yooka-laylee toybox+\toybox64.exe
FirewallRules: [{CBE9BEB7-6EE0-4612-93EC-9B7E197FE828}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{0BAA79E5-9BAC-463D-8F63-A6D7550ABC61}] => C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{B150D4DA-1A91-46B8-BFB7-F1FCBFF060E1}] => C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{21C289F6-E61F-486A-89CB-B1EAB2B6C7D9}] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{6010F5DC-6A79-4FA7-9A9C-61670E5CDF11}] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [UDP Query User{17C151C1-34B5-44CC-A29F-C175977411D5}C:\program files (x86)\tvmc\tvmc.exe] => C:\program files (x86)\tvmc\tvmc.exe
FirewallRules: [TCP Query User{27E7BA1D-9E15-4E46-BB41-F79196436BA3}C:\program files (x86)\tvmc\tvmc.exe] => C:\program files (x86)\tvmc\tvmc.exe
FirewallRules: [UDP Query User{E9832C74-DE31-4DD1-8F1C-B2414245552C}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{1A838FC5-1241-4046-A153-7FC444F0C03C}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{8276E39D-570D-48E6-B5F0-F44804B72F31}C:\users\tonya\appdata\roaming\spotify\spotify.exe] => C:\users\tonya\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{083E1E3A-F1A3-422F-BD67-D905AA5ED347}C:\users\tonya\appdata\roaming\spotify\spotify.exe] => C:\users\tonya\appdata\roaming\spotify\spotify.exe
FirewallRules: [{467C0391-50E7-4AF1-A6FB-A48E082C391A}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7DD7DB96-EC64-4B91-81F3-60A5F0179C95}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{23E507F5-CCF2-4971-8821-2C714A357FA4}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{163903C9-F7DF-410F-B959-A2E1AB93BA22}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{F4C4E406-F032-40E3-9552-CC82E790AB32}C:\program files\sony\vegas pro 13.0\vegas130.exe] => C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [TCP Query User{6202234D-2A08-418D-A157-BC31CA67C952}C:\program files\sony\vegas pro 13.0\vegas130.exe] => C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{00F8983E-59FA-4F80-99A0-2A7FF9DAAA56}C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe] => C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe
FirewallRules: [TCP Query User{F7A87201-611A-40EA-A8B2-EF9A60A181B0}C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe] => C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe
FirewallRules: [UDP Query User{BAA47B75-FDBE-4C18-BAB3-3221029C3ED7}C:\windows\system32\settingsynchost.exe] => C:\windows\system32\settingsynchost.exe
FirewallRules: [TCP Query User{3AE50254-F1C3-4F12-BD8E-63E353DB416D}C:\windows\system32\settingsynchost.exe] => C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{F1E8BEB0-7027-40D7-85AE-DE7963A2C2D4}C:\program files\adobe\adobe premiere pro cc 2014\pproheadless.exe] => C:\program files\adobe\adobe premiere pro cc 2014\pproheadless.exe
FirewallRules: [TCP Query User{3686BFC0-B178-4E5E-9134-0F0D89DB313A}C:\program files\adobe\adobe premiere pro cc 2014\pproheadless.exe] => C:\program files\adobe\adobe premiere pro cc 2014\pproheadless.exe
FirewallRules: [UDP Query User{4E274D4D-207F-4D56-B653-6FC781C352AB}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
FirewallRules: [TCP Query User{4006E628-24B8-4E8D-AF38-959E806D3AAD}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
FirewallRules: [{2DBBD932-E4FE-4459-9A96-89F87851729D}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4DEB31A3-92C0-4C49-A6FB-0D3CC5C01F6E}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{E99702A0-534D-4F5C-890C-01475773AE37}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{0DDB692E-C4E0-47EB-8274-5CCB548A0EE7}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{9FEE6124-FF81-4155-A4A9-92CAE79D6413}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{687C4A58-7D80-44D1-85D1-58E81D092264}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{8B943FF9-4FC7-4424-8881-A0D64BEF518F}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{508B8365-86F7-45AC-AFA9-E1E29257AE80}] => C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{2F544BBE-F796-41DB-B983-F9AECD9FED40}] => C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [UDP Query User{5D4E6AA1-996C-4DBF-940E-9901BBF23CE2}C:\program files\oracle\virtualbox\virtualbox.exe] => C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [TCP Query User{12A3C666-26A3-4D61-A8E3-B0172395A90D}C:\program files\oracle\virtualbox\virtualbox.exe] => C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [UDP Query User{44CA6F60-1DF0-4773-9EB1-9E8DD3835A7C}C:\program files\sony\vegas pro 13.0\vegas130.exe] => C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [TCP Query User{5BF13A1B-999A-4160-93C8-23EE397CF533}C:\program files\sony\vegas pro 13.0\vegas130.exe] => C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{C7E65BA6-71F6-4EA6-9FBB-72DF6BA68314}] => C:\Users\tonya\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE3663BC-B423-4E13-B59E-196FCEAD0CBC}] => C:\Users\tonya\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{54A652F6-BF40-4B59-B1EF-3C8836AAF6FD}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{3081EF79-F792-4AE3-91B1-C7441609E506}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{F796F914-2B6B-4B38-88B1-D12F494C4568}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{40211190-78F9-4288-8EA1-A5FBC8A9526D}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{713EFF07-C88F-4885-A499-76E931D2F7BE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0236D466-9545-48BA-9181-628BEF82D9E8}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BB515514-C3E3-46A0-BB3B-E6F9F18F9D1B}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{084B8B57-906D-4A4C-8042-A6EAABDCE021}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ED152A87-2B59-4AA9-BFFE-D120222CFDD7}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F5816747-3C87-4F3C-8FEE-93D919A98626}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{71A30099-C1B6-43CD-87E7-6C58B4A66224}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8EE4BCF8-166D-4D6C-A99E-7D16AD2CB05D}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F98D7D16-D486-456A-989A-43A0CC131F04}C:\program files\telestream\wirecast\wirecast.exe] => C:\program files\telestream\wirecast\wirecast.exe
FirewallRules: [UDP Query User{EE0053BA-4562-47E7-A6CF-D3FBF7005B76}C:\program files\telestream\wirecast\wirecast.exe] => C:\program files\telestream\wirecast\wirecast.exe
FirewallRules: [{3B1B9A8E-DC31-4DEE-B9D3-7619BEA2EE48}] => C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{554EE7E2-07F5-49ED-9900-8679C87EEA7D}] => C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{459604BD-947D-4A60-B507-13AF60981240}] => LPort=8317
FirewallRules: [TCP Query User{9D8206AB-D36A-447C-ACE9-88ED2C89F6A7}C:\program files\vegas\vegas pro 14.0\vegas140.exe] => C:\program files\vegas\vegas pro 14.0\vegas140.exe
FirewallRules: [UDP Query User{15200338-8145-4ADE-AAB1-0166A656CFFD}C:\program files\vegas\vegas pro 14.0\vegas140.exe] => C:\program files\vegas\vegas pro 14.0\vegas140.exe
FirewallRules: [{43A1979E-34E5-41DF-B8B1-45242AD9C2A9}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{03C231C0-6BEC-4B4D-8556-EA66936AD9C9}] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{4B3F42BF-85D0-4271-9F86-4B65F1597A6B}] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{75480341-446D-42D1-B1E3-91E68B5F9908}] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe
FirewallRules: [{8608EB98-5386-4DCB-8839-6690C6EA2E05}] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe
FirewallRules: [{E9F9D8C2-36D5-4DFF-AFB0-C4CB3A2877F8}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{2C5405EA-77F6-4CCF-9165-6B46F3880BB4}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{41AC39DC-5923-4AEA-991F-68C79C830097}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{34DEBF83-542C-4D64-841D-AFDD0048D780}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{F28F554A-2C7D-4BA1-A973-982A4FC09317}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe
FirewallRules: [{2D56EAF6-A902-4815-8161-B01480F87B5C}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe
FirewallRules: [{35AD686C-21C5-470C-A8CD-23D6FE2F1867}] => K:\ff\firefox.exe
FirewallRules: [{113FDE4D-04A4-4739-B326-2EE1A7F1CA38}] => K:\ff\firefox.exe
FirewallRules: [{5B6AC643-1C39-4AE0-9220-CE16ABE51F7E}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2017 05:28:57 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = K:\ssdtemp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x80070422).

Error: (01/24/2017 04:41:31 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/24/2017 04:41:23 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/24/2017 04:40:16 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "C:\Windows\System32\winspool.drv" service in DLL "Spooler" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Error: (01/24/2017 04:40:16 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (01/24/2017 04:35:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Photoshop.exe version 17.0.0.88 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: c4

Start Time: 01d27530aa1bc2c2

Termination Time: 4294967295

Application Path: C:\Program Files\Adobe\Adobe Photoshop CC 2015.5\Photoshop.exe

Report Id: fb280095-e27c-11e6-839b-00190e18aede

Faulting package full name:

Faulting package-relative application ID:

Error: (01/24/2017 03:40:13 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/24/2017 03:37:27 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file K:\ff\xul.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program firefox.exe because of this error.

Program: firefox.exe
File: K:\ff\xul.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
   - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
   - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000022
Disk type: 3

Error: (01/24/2017 03:37:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 0.0.0.0, time stamp: 0x5849ff9c
Faulting module name: VCRUNTIME140.dll, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000006
Fault offset: 0x0000b82c
Faulting process id: 0x272c
Faulting application start time: 0x01d27528c135b3cd
Faulting application path: K:\ff\firefox.exe
Faulting module path: K:\ff\VCRUNTIME140.dll
Report Id: 3568a1c3-41c4-4d92-84ec-38486a695414
Faulting package full name:
Faulting package-relative application ID:

Error: (01/24/2017 04:03:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2109

System errors:
=============
Error: (01/24/2017 05:29:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TabletServicePen service terminated unexpectedly. It has done this 1 time(s).

Error: (01/24/2017 05:21:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2017 05:21:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2017 05:21:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2017 04:40:44 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (01/24/2017 04:40:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2017 04:40:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DbxSvc service terminated unexpectedly. It has done this 1 time(s).

Error: (01/24/2017 04:40:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueStacks Log Rotator Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/24/2017 04:40:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TMachInfo service terminated unexpectedly. It has done this 1 time(s).

Error: (01/24/2017 04:40:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

==================== Memory info ===========================

Processor: Intel® Pentium® CPU 2020M @ 2.40GHz
Percentage of memory in use: 51%
Total physical RAM: 6023.27 MB
Available physical RAM: 2923.8 MB
Total Virtual: 13191.27 MB
Available Virtual: 9999.47 MB

==================== Drives ================================

Drive c: (TI10673200G) (Fixed) (Total:930.29 GB) (Free:291.45 GB) NTFS
Drive e: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive k: (My Book) (Fixed) (Total:3725.99 GB) (Free:221.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

==================== End of Addition.txt ============================

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
System Idle Process   91.29   0 K   4 K   0
procexp64.exe   2.40   36,984 K   70,676 K   7680   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
Wacom_Tablet.exe   1.76   8,284 K   21,108 K   6580
Interrupts   1.54   0 K   0 K   n/a   Hardware Interrupts and DPCs
firefox.exe   1.10   277,428 K   317,064 K   8728   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
csrss.exe   0.50   2,368 K   9,272 K   556
dwm.exe   0.42   34,068 K   33,852 K   1148
System   0.19   140 K   152 K   4
FRST64.exe   0.17   29,100 K   55,364 K   9304
PSUAMain.exe   0.13   16,328 K   608 K   6972   AV Console   Panda Security, S.L.   (Verified) Panda Security S.L
explorer.exe   0.12   66,652 K   107,208 K   6012   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
SDFSSvc.exe   0.11   35,132 K   19,900 K   3112   Spybot-S&D 2 Scanner Service   Safer-Networking Ltd.   (Verified) Safer-Networking Ltd.
TecoService.exe   0.08   2,776 K   9,252 K   3408   TOSHIBA eco Utility Service   Toshiba Corporation   (Verified) TOSHIBA CORPORATION
SDUpdSvc.exe   0.05   6,108 K   11,376 K   3120   Spybot-S&D 2 Background update service   Safer-Networking Ltd.   (Verified) Safer-Networking Ltd.
WDDriveService.exe   0.02   6,176 K   11,776 K   3260   WD Drive Service   Western Digital Technologies, Inc.   (Verified) WESTERN DIGITAL TECHNOLOGIES
AGSService.exe   0.01   1,960 K   8,388 K   2468   Adobe Genuine Software Integrity Service   Adobe Systems, Incorporated   (Verified) Adobe Systems Incorporated
Wacom_TouchUser.exe   0.01   3,848 K   13,508 K   6196
SDWSCSvc.exe   0.01   5,360 K   10,504 K   4016   Windows Security Center integration.   Safer-Networking Ltd.   (Verified) Safer-Networking Ltd.
services.exe   0.01   3,540 K   7,364 K   696
svchost.exe   0.01   2,168 K   6,536 K   4656   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
csrss.exe   0.01   1,652 K   6,088 K   460
dts_apo_service.exe   0.01   21,276 K   17,712 K   2580   dts_apo_service       (Verified) DTS
Wacom_TabletUser.exe   0.01   2,836 K   15,700 K   7612   Tablet user module for professional driver   Wacom Technology, Corp.   (Verified) Wacom Technology Corporation
svchost.exe   0.01   7,020 K   17,276 K   1332   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
taskhostw.exe   < 0.01   6,852 K   19,256 K   3912   Host Process for Windows Tasks   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   < 0.01   4,688 K   10,036 K   1012   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
AppleMobileDeviceService.exe   < 0.01   3,872 K   13,712 K   2504   MobileDeviceService   Apple Inc.   (Verified) Apple Inc.
officeclicktorun.exe   < 0.01   10,668 K   20,080 K   2496   Microsoft Office Click-to-Run   Microsoft Corporation   (Verified) Microsoft Corporation
SynTPEnh.exe   < 0.01   5,972 K   21,480 K   7544   Synaptics TouchPad 64-bit Enhancements   Synaptics Incorporated   (Verified) Synaptics Incorporated
PSANHost.exe   < 0.01   89,936 K   13,340 K   2764   Application Host Service   Panda Security, S.L.   (Verified) Panda Security S.L
iCloudServices.exe   < 0.01   67,652 K   71,232 K   6364   iCloud Services   Apple Inc.   (Verified) Apple Inc.
IUService.exe   < 0.01   5,880 K   9,468 K   2616   Uninstall Programs   IObit   (Verified) IObit Information Technology
Pen_TouchUser.exe   < 0.01   2,860 K   11,680 K   6192
AgentSvc.exe   < 0.01   4,864 K   17,596 K   2796   Agent Service   Panda Security, S.L.   (Verified) Panda Security S.L
svchost.exe   < 0.01   13,760 K   21,896 K   1240   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
TMachInfo.exe   < 0.01   25,752 K   21,484 K   8880   TSS TMachInfo Service   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
svchost.exe   < 0.01   27,880 K   50,248 K   1196   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
TODDSrv.exe   < 0.01   1,224 K   5,264 K   3152   TDCSrv Application   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
WTabletServicePro.exe       1,520 K   7,284 K   9680   Tablet Service   Wacom Technology, Corp.   (Verified) Wacom Technology Corporation
WmiPrvSE.exe       9,644 K   21,168 K   4300
WmiPrvSE.exe       2,624 K   8,660 K   4388
winlogon.exe       2,096 K   8,984 K   1064
wininit.exe       976 K   4,032 K   544
WDBackupEngine.exe       23,072 K   27,040 K   4604   WD Backup Engine   Western Digital Technologies, Inc.   (Verified) WESTERN DIGITAL TECHNOLOGIES
WacomHost.exe       1,800 K   11,496 K   6696
ToshibaServiceStation.exe       66,160 K   4,880 K   9948   TOSHIBA Service Station   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
TeraCopyService.exe       2,208 K   4,040 K   1592   TeraCopy Service   Code Sector   (No signature was present in the subject) Code Sector
TCrdMain_Win8.exe       4,048 K   16,132 K   2164   TOSHIBA Function Key Main Module   TOSHIBA Corporation   (Verified) TOSHIBA CORPORATION
SynTPEnhService.exe       972 K   4,128 K   3144   64-bit Synaptics Pointing Enhance Service   Synaptics Incorporated   (Verified) Synaptics Incorporated
svchost.exe       5,516 K   16,836 K   3216   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       8,216 K   20,756 K   900   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       8,400 K   30,208 K   1792   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       6,884 K   15,968 K   1988   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,232 K   8,948 K   1772   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       7,888 K   19,260 K   1232   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       17,144 K   27,056 K   1376   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       4,712 K   12,640 K   1472   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       3,212 K   10,940 K   1968   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       1,544 K   6,452 K   3348   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
svchost.exe       2,068 K   7,628 K   3172   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows Publisher
SurSvc.exe       15,316 K   13,660 K   3128   Intel® System Usage Report       (Verified) Intel® Software Development Products
spoolsv.exe       6,280 K   12,064 K   2076   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
smss.exe       360 K   1,056 K   916
sihost.exe       4,560 K   19,020 K   1728   Shell Infrastructure Host   Microsoft Corporation   (Verified) Microsoft Windows
ShellExperienceHost.exe   Suspended   29,160 K   60,472 K   10112   Windows Shell Experience Host   Microsoft Corporation   (Verified) Microsoft Windows
SearchUI.exe   Suspended   79,932 K   132,320 K   7496   Search and Cortana application   Microsoft Corporation   (Verified) Microsoft Windows
SearchIndexer.exe       33,580 K   33,936 K   2012   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
ScpService.exe       17,404 K   17,256 K   2588   ScpService   Scarlet.Crush Productions   (No signature was present in the subject) Scarlet.Crush Productions
SamsungRapidSvc.exe       580 K   2,604 K   3096
RuntimeBroker.exe       10,184 K   28,672 K   9356   Runtime Broker   Microsoft Corporation   (Verified) Microsoft Windows
PSUAService.exe       8,024 K   2,544 K   3088   PSUAService   Panda Security, S.L.   (Verified) Panda Security S.L
PsiService_2.exe       1,032 K   4,600 K   2860   PsiService PsiService   arvato digital services llc   (Verified) Arvato Digital Services Canada Inc
PsiService_2.exe       940 K   4,008 K   3104   PsiService PsiService   arvato digital services llc   (Verified) Arvato Digital Services Canada Inc
procexp.exe       2,764 K   10,380 K   8660   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
PresentationFontCache.exe       27,876 K   18,324 K   5752   PresentationFontCache.exe   Microsoft Corporation   (Verified) Microsoft Corporation
Pen_TouchService.exe       1,560 K   6,724 K   6968   Touch Service   Wacom Technology, Corp.   (Verified) Wacom Technology Corp.
notepad.exe       2,544 K   14,584 K   7572   Notepad   Microsoft Corporation   (Verified) Microsoft Windows
Memory Compression       220 K   31,704 K   1924
mDNSResponder.exe       1,560 K   5,552 K   2512   Bonjour Service   Apple Inc.   (Verified) Apple Inc.
MacriumService.exe       2,652 K   10,228 K   2736   Macrium Reflect Utility Service   Paramount Software UK Ltd   (Verified) Paramount Software UK Ltd
lsass.exe       6,008 K   14,028 K   704   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows Publisher
LMS.exe       2,808 K   9,932 K   752   Intel® Local Management Service   Intel Corporation   (Verified) Intel Corporation - Software and Firmware Products
jhi_service.exe       1,192 K   5,576 K   5928   Intel® Dynamic Application Loader Host Interface   Intel Corporation   (Verified) Intel Corporation - Intel® Management Engine Firmware
IntelMeFWService.exe       952 K   4,628 K   5900   Intel® ME Service   Intel Corporation   (Verified) Intel Corporation - Intel® Management Engine Firmware
igfxCUIService.exe       1,648 K   7,736 K   1676   igfxCUIService Module   Intel Corporation   (Verified) Intel Corporation - pGFX
HeciServer.exe       1,384 K   6,536 K   2564   Intel® Capability Licensing Service Interface   Intel® Corporation   (No signature was present in the subject) Intel® Corporation
HD-LogRotatorService.exe       7,416 K   10,688 K   2476   BlueStacks Log Rotator Service   BlueStack Systems, Inc.   (Verified) BlueStack Systems
dllhost.exe       3,404 K   19,252 K   8288   COM Surrogate   Microsoft Corporation   (Verified) Microsoft Windows
dllhost.exe       1,984 K   9,624 K   6504   COM Surrogate   Microsoft Corporation   (Verified) Microsoft Windows
DbxSvc.exe       2,352 K   5,064 K   2572   Dropbox Service   Dropbox, Inc.   (Verified) Dropbox
dasHost.exe       992 K   4,144 K   1532
BtwRSupportService.exe       1,856 K   6,456 K   2552   Bluetooth Radio Management Support   Broadcom Corporation.   (Verified) Broadcom Corporation

Edited by gmcube, 24 January 2017 - 04:52 PM.

#4
RKinner

Posted 24 January 2017 - 07:53 PM

Malware Expert

Expert
24,625 posts

Download the attached fixlist.txt to the same location as FRST

[attachment=83630:fixlist.txt]

Run FRST and press Fix

A fix log will be generated please post that

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

#5
gmcube

Posted 24 January 2017 - 10:36 PM

Member

Topic Starter
Member
176 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by tonya (administrator) on HOME (24-01-2017 23:33:58)
Running from C:\Users\tonya\Downloads
Loaded Profiles: tonya (Available Profiles: tonya & wiicu)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Code Sector) C:\Program Files\TeraCopy\TeraCopyService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Scarlet.Crush Productions) C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
() C:\ProgramData\{36B3ADFB-8118-1A50-962C-259E1E21BF78}\79CEDD93-CE65-6A38-B06E-10DCBAAE2E52.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Flux Software LLC) C:\Users\tonya\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(RemoteMouse.net) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) K:\ff\firefox.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe
() C:\ProgramData\{1F19E231-A8B2-559A-F3FD-9AB1E929E427}\BBBB935F-0C10-24F4-12B5-F51FA8CAD942.exe
() C:\ProgramData\{43EA74C8-F441-C363-41F9-D1037AB1F13E}\D71D735C-60B6-C4F7-F41E-E2D5D9064742.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [123800 2016-11-18] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-07-31] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-04] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [Remote Mouse] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [868352 2016-03-02] (RemoteMouse.net)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWoW64\userinit.exe,
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [Google Update] => C:\Users\tonya\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [EPSON Stylus Photo R220] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIAIA.EXE [211456 2006-12-25] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [Spotify] => C:\Users\tonya\AppData\Roaming\Spotify\Spotify.exe [6805616 2016-03-20] (Spotify Ltd)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [hubiC] => C:\Program Files\OVH\hubiC\hubiC.exe [3527168 2015-03-03] (OVH)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [f.lux] => C:\Users\tonya\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Run: [WiinUSoft] => C:\Program Files\WiinUSoft\WiinUSoft.exe [3273216 2015-09-07] ()
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [] => 0
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\FileSyncShell64.dll [2016-08-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicBackupRootOverlayHandler] -> {2DF0C6DB-1E85-4894-9D4F-63CB0EAB17EA} => C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicPublishedItemOverlayHandler] -> {7C76B697-27DF-4CFF-9909-863905561298} => C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicSyncItemOverlayHandler] -> {9B497753-D273-4A80-9DE8-72248D7FA595} => C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [HubicUnsyncItemOverlayHandler] -> {D5454A6E-0904-4BA3-9E4A-240A5080259D} => C:\Windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncShell.dll [2016-08-12] (Microsoft Corporation)
Startup: C:\Users\tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-04-29]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\tonya\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{be060f33-9fcd-456f-a7c3-29089e3ee7e6}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\S-1-5-21-291635215-515170609-3999724420-1001 -> {C7B0FD4F-5B13-41BC-AB39-A4295FC6DD0F} URL = hxxp://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-12-22] (Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-22] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: u68ebjyn.default-1394244039659
FF ProfilePath: C:\Users\tonya\AppData\Roaming\Mozilla\Firefox\Profiles\rchc9kh1.default-1485055679079 [2017-01-24]
FF Extension: (Reddit Enhancement Suite) - C:\Users\tonya\AppData\Roaming\Mozilla\Firefox\Profiles\rchc9kh1.default-1485055679079\Extensions\[email protected] [2017-01-24]
FF Extension: (uBlock Origin) - C:\Users\tonya\AppData\Roaming\Mozilla\Firefox\Profiles\rchc9kh1.default-1485055679079\Extensions\[email protected] [2017-01-22]
FF ProfilePath: C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 [2017-01-21]
FF NewTab: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 ->
FF DefaultSearchEngine: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 -> Google
FF DefaultSearchEngine.US: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 -> Google
FF SelectedSearchEngine: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 -> Google
FF Homepage: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 -> chrome://speeddial/content/speeddial.xul
FF Session Restore: Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659 -> is enabled.
FF Extension: (Google Images) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\@google-images.xpi [2015-11-08]
FF Extension: (Customizable Shortcuts) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2015-11-11]
FF Extension: (Exif Viewer) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-03-06]
FF Extension: (facepaste) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-01-08]
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-01-02]
FF Extension: (Hide Menubar) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2015-05-31]
FF Extension: (Hide Navigation Bar) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2015-05-31]
FF Extension: (YouTube mp3) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2015-05-28]
FF Extension: (Reddit Enhancement Suite) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-01-12]
FF Extension: (SmartVideo For YouTube) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-02-10]
FF Extension: (YouTube Plus) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-03-09]
FF Extension: (Turn Off the Lights) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-02-29]
FF Extension: (uBlock Origin) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-03-08]
FF Extension: (VLC Youtube Shortcut) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\[email protected] [2016-02-10]
FF Extension: (Capture & Print) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2015-08-11]
FF Extension: (Image Zoom) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2015-05-31]
FF Extension: (Save Image in Folder) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}.xpi [2015-12-13]
FF Extension: (SmoothWheel (mozdev.org)) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2015-09-01]
FF Extension: (Share Button for Pinterest) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2016-03-09]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2015-12-26]
FF Extension: (Flash and Video Download) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-03-09]
FF Extension: (Scrollbar Auto Show/Hide) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{d3d35bb5-999d-11da-a72b-0800200c9a66}.xpi [2016-01-19]
FF Extension: (Greasemonkey) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-02-21]
FF Extension: (SearchPreview) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2016-03-09]
FF Extension: (Open With Photoshop) - C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\Extensions\{f3f219f9-cbce-467e-b8fe-6e076d29665c}.xpi [2016-03-09]
FF SearchPlugin: C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\searchplugins\google-default.xml [2015-02-20]
FF SearchPlugin: C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\searchplugins\kickassto.xml [2015-10-08]
FF SearchPlugin: C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\searchplugins\youtube-mp3.xml [2015-05-15]
FF SearchPlugin: C:\Users\tonya\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\u68ebjyn.default-1394244039659\searchplugins\youtube-video-search.xml [2015-08-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-18] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [No File]
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-291635215-515170609-3999724420-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\tonya\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-291635215-515170609-3999724420-1001: @talk.google.com/O1DPlugin -> C:\Users\tonya\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-291635215-515170609-3999724420-1001: @tools.google.com/Google Update;version=3 -> C:\Users\tonya\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-291635215-515170609-3999724420-1001: @tools.google.com/Google Update;version=9 -> C:\Users\tonya\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\tonya\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\tonya\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
StartMenuInternet: FIREFOX.EXE - K:\ff\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default [2017-01-24]
CHR Extension: (Google Docs) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-27]
CHR Extension: (Google Drive) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-11]
CHR Extension: (YouTube) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-12]
CHR Extension: (Adblock Plus) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-02]
CHR Extension: (Google Search) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-11]
CHR Extension: (Google Docs Offline) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\tonya\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-09]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2278152 2015-08-04] (Broadcom Corporation.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-07-21] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-07-21] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-07-21] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-12-13] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-22] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-01-04] (Dropbox, Inc.)
R2 Ds3Service; C:\Program Files\WiinUSoft\SCP_Driver\ScpService.exe [381952 2015-09-04] (Scarlet.Crush Productions) [File not signed]
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-05-12] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3877768 2016-12-12] (Paramount Software UK Ltd)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-04] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-04] (Panda Security, S.L.)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [29080 2016-11-18] (Samsung Electronics Co., Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [92160 2015-02-17] (Code Sector) [File not signed]
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672208 2017-01-17] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [186152 2017-01-10] (Broadcom Corporation.)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-07-21] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-07-21] (Bluestack System Inc. )
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-12-21] (REALiX™)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2013-08-06] (Apple Inc.) [File not signed]
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NNSALPC; C:\Windows\system32\DRIVERS\NNSALPC.sys [103856 2015-12-10] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [210864 2015-12-10] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [120240 2015-12-10] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [120240 2015-12-10] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [112560 2015-12-10] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\system32\DRIVERS\NNSPIHSW.sys [82864 2016-03-17] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [133552 2015-12-10] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [309680 2015-12-10] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [179632 2016-02-18] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [122800 2015-12-10] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [267184 2016-02-18] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\system32\DRIVERS\NNSTLSC.sys [115632 2015-12-10] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [174000 2016-08-09] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [129456 2016-08-09] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [207272 2016-08-09] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [133544 2016-08-09] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [146864 2016-08-09] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [117168 2016-08-09] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [72112 2016-08-09] (Panda Security, S.L.)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [418784 2016-12-21] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [5695744 2016-12-21] (Realtek Semiconductor Corporation                           )
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [272792 2016-11-18] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [111512 2016-11-18] (Samsung Electronics Co., Ltd.)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2015-09-04] (Scarlet.Crush Productions)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R3 TSVAD_PCM; C:\Windows\system32\drivers\tsvadpcm.sys [33552 2016-08-11] (Windows ® Win 7 DDK provider)
R3 WacHidRouterPro; C:\Windows\System32\drivers\wachidrouter.sys [120472 2017-01-17] (Wacom Technology)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 23:30 - 2017-01-24 23:30 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2017-01-24 23:30 - 2017-01-24 23:30 - 00002848 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-01-24 23:28 - 2016-08-09 21:10 - 00072112 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2017-01-24 23:26 - 2017-01-24 23:27 - 00027181 _____ C:\Users\tonya\Downloads\Fixlog.txt
2017-01-24 19:24 - 2017-01-24 19:24 - 00000000 ____D C:\ProgramData\ProductData
2017-01-24 17:51 - 2017-01-24 17:51 - 00009990 _____ C:\Users\tonya\Downloads\System Idle Process.txt
2017-01-24 17:41 - 2017-01-24 17:42 - 02720928 _____ (Sysinternals - www.sysinternals.com) C:\Users\tonya\Downloads\procexp.exe
2017-01-24 17:31 - 2017-01-24 17:31 - 00001809 _____ C:\Users\tonya\Desktop\JRT.txt
2017-01-24 17:25 - 2017-01-24 17:28 - 01663040 _____ (Malwarebytes) C:\Users\tonya\Desktop\JRT(1).exe
2017-01-24 16:33 - 2017-01-24 16:33 - 03988944 _____ C:\Users\tonya\Downloads\AdwCleaner(1).exe
2017-01-24 15:39 - 2017-01-24 15:39 - 00003978 _____ C:\Windows\System32\Tasks\{D4343E2F-639F-8984-B0F9-5AC6EFDECEF4}
2017-01-24 15:39 - 2017-01-24 15:39 - 00000000 ____D C:\ProgramData\{D45344F6-63F8-F35D-4CF5-7381C7E54F3F}
2017-01-24 15:38 - 2017-01-24 15:38 - 00003978 _____ C:\Windows\System32\Tasks\{77A35286-C008-E52D-AAF9-1A01589F2BF7}
2017-01-24 15:38 - 2017-01-24 15:38 - 00000000 ____D C:\ProgramData\{9BDF868D-2C74-3126-57BB-3F9DA35C40A6}
2017-01-24 00:55 - 2017-01-24 00:55 - 00000000 ____D C:\Users\tonya\AppData\Roaming\Faasoft Audio Converter
2017-01-24 00:54 - 2017-01-24 00:54 - 13488623 _____ (Faasoft Corporation) C:\Users\tonya\Downloads\f-audio-converter.exe
2017-01-24 00:48 - 2017-01-24 00:48 - 12288370 _____ (Hoo Technologies ) C:\Users\tonya\Downloads\totalamcvt.exe
2017-01-24 00:48 - 2017-01-24 00:48 - 00001238 _____ C:\Users\Public\Desktop\Total Audio MP3 Converter 3.lnk
2017-01-24 00:48 - 2017-01-24 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Audio MP3 Converter 3
2017-01-24 00:48 - 2017-01-24 00:48 - 00000000 ____D C:\Program Files (x86)\Total Audio MP3 Converter 3
2017-01-23 23:22 - 2017-01-23 23:22 - 00003978 _____ C:\Windows\System32\Tasks\{566F6876-E1C4-DFDD-1005-9A9DA525147B}
2017-01-23 23:22 - 2017-01-23 23:22 - 00000000 ____D C:\ProgramData\{83855B80-342E-EC2B-3EAC-8108D3EE7329}
2017-01-23 21:56 - 2017-01-23 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-23 20:05 - 2017-01-23 20:05 - 00003978 _____ C:\Windows\System32\Tasks\{BA7B6938-0DD0-DE93-706B-0DC6ACA1C7D2}
2017-01-23 20:05 - 2017-01-23 20:05 - 00003978 _____ C:\Windows\System32\Tasks\{18B90680-AF12-B12B-7DDC-25F09F933C69}
2017-01-23 20:05 - 2017-01-23 20:05 - 00000000 ____D C:\ProgramData\{803F2B78-3794-9CD3-24BF-6CBA55BD9AC8}
2017-01-23 20:05 - 2017-01-23 20:05 - 00000000 ____D C:\ProgramData\{2FD7D6B9-987C-6112-5D1E-8F9F945E8702}
2017-01-23 14:05 - 2017-01-23 14:05 - 00003978 _____ C:\Windows\System32\Tasks\{77CD6F01-C066-D8AA-189E-51AEF607FD9D}
2017-01-23 14:05 - 2017-01-23 14:05 - 00000000 ____D C:\ProgramData\{1547664B-A2EC-D1E0-A538-18E999DC47B0}
2017-01-22 23:28 - 2017-01-22 23:28 - 00003978 _____ C:\Windows\System32\Tasks\{81BB4220-3610-F58B-9DF1-E975748DA648}
2017-01-22 23:28 - 2017-01-22 23:28 - 00003978 _____ C:\Windows\System32\Tasks\{7BC1AD99-CC6A-1A32-0348-8ECFEFDCB956}
2017-01-22 23:28 - 2017-01-22 23:28 - 00000000 ____D C:\ProgramData\{43EA74C8-F441-C363-41F9-D1037AB1F13E}
2017-01-22 23:28 - 2017-01-22 23:28 - 00000000 ____D C:\ProgramData\{1F19E231-A8B2-559A-F3FD-9AB1E929E427}
2017-01-22 23:24 - 2017-01-22 23:24 - 00003978 _____ C:\Windows\System32\Tasks\{D7653E10-60CE-89BB-1C3F-71EB123E8329}
2017-01-22 23:24 - 2017-01-22 23:24 - 00000000 ____D C:\ProgramData\{36B3ADFB-8118-1A50-962C-259E1E21BF78}
2017-01-22 23:23 - 2017-01-22 23:23 - 00003888 _____ C:\Windows\System32\Tasks\{D031D5AC-BE4D-CE53-E922-EE8600EF673E}
2017-01-22 23:22 - 2017-01-22 23:22 - 00003978 _____ C:\Windows\System32\Tasks\{F8EDE224-4F46-558F-4F36-7C9765D32548}
2017-01-22 23:22 - 2017-01-22 23:22 - 00000000 ____D C:\ProgramData\{91BCA694-2617-113F-4689-1CE239FFBF4F}
2017-01-22 23:00 - 2017-01-24 17:39 - 00071494 _____ C:\Users\tonya\Downloads\Addition.txt
2017-01-22 22:59 - 2017-01-24 23:34 - 00044407 _____ C:\Users\tonya\Downloads\FRST.txt
2017-01-22 22:59 - 2017-01-24 23:33 - 00000000 ____D C:\FRST
2017-01-22 22:58 - 2017-01-22 22:59 - 02420736 _____ (Farbar) C:\Users\tonya\Downloads\FRST64.exe
2017-01-22 22:18 - 2017-01-22 22:20 - 03988944 _____ C:\Users\tonya\Downloads\adwcleaner_6.042.exe
2017-01-22 02:21 - 2017-01-22 02:21 - 00000000 ____D C:\Users\tonya\is-I9QJF.tmp
2017-01-22 02:21 - 2017-01-22 02:21 - 00000000 ____D C:\Users\tonya\is-1CEEK.tmp
2017-01-22 02:08 - 2017-01-22 02:08 - 00000000 ____D C:\Windows\Panther
2017-01-21 22:23 - 2017-01-21 22:23 - 00243552 _____ C:\Users\tonya\Downloads\Firefox Setup Stub 50.1.0(3).exe
2017-01-21 22:19 - 2017-01-21 22:19 - 00243552 _____ C:\Users\tonya\Downloads\Firefox Setup Stub 50.1.0(2).exe
2017-01-21 21:55 - 2017-01-21 21:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2017-01-21 21:54 - 2017-01-17 16:24 - 02274256 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 02267600 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 02173392 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 02111952 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 01787856 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 01781200 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 01673168 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 01632720 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2017-01-21 21:54 - 2017-01-17 15:26 - 00120472 _____ (Wacom Technology) C:\Windows\system32\Drivers\wachidrouter.sys
2017-01-21 17:42 - 2017-01-21 17:42 - 1103113280 _____ C:\Users\tonya\Documents\highlights.mp4
2017-01-21 12:39 - 2017-01-21 12:39 - 1528678829 _____ C:\Users\tonya\Documents\roughesthighday.mp4
2017-01-21 07:54 - 2017-01-21 08:03 - 00132448 _____ C:\Users\tonya\Documents\uhhhhm_yeah.mp4.sfk
2017-01-20 20:18 - 2017-01-20 20:18 - 21314250 _____ C:\Users\tonya\Documents\roughesthighreel.mp4
2017-01-19 21:30 - 2017-01-19 22:23 - 40865571 _____ C:\Users\tonya\Downloads\Satans_Bluetooth_Stack_Installer.exe
2017-01-19 21:04 - 2017-01-19 21:12 - 29800283 _____ C:\Users\tonya\Downloads\Unconfirmed 186042.crdownload
2017-01-19 00:03 - 2017-01-19 00:03 - 00000000 ____D C:\Users\tonya\Downloads\MS_BT_HotFix
2017-01-19 00:02 - 2017-01-19 21:33 - 00000430 _____ C:\Users\tonya\AppData\Roaming\WiinUSoft_prefs.config
2017-01-19 00:02 - 2017-01-19 00:02 - 00084154 _____ C:\Users\tonya\Downloads\MS_BT_HotFix.zip
2017-01-19 00:00 - 2017-01-19 00:00 - 00000876 _____ C:\Users\Public\Desktop\WiinUSoft.lnk
2017-01-19 00:00 - 2017-01-19 00:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiinUSoft
2017-01-19 00:00 - 2017-01-19 00:00 - 00000000 ____D C:\Program Files\WiinUSoft
2017-01-19 00:00 - 2015-09-04 16:55 - 00039168 _____ (Scarlet.Crush Productions) C:\Windows\system32\Drivers\ScpVBus.sys
2017-01-18 23:47 - 2017-01-18 23:59 - 48273181 _____ (Justin Keys ) C:\Users\tonya\Downloads\wiinusoft_2.1.234_setup.exe
2017-01-18 02:04 - 2017-01-18 02:04 - 17628560 _____ (IObit ) C:\Users\tonya\Downloads\driver_booster_setup (1).exe
2017-01-15 16:37 - 2017-01-15 17:52 - 00000000 ____D C:\Users\tonya\AppData\LocalLow\uTorrent
2017-01-15 16:37 - 2017-01-15 16:37 - 00000000 ____D C:\Users\tonya\Downloads\Girl Meets World S03E21 Girl Meets Goodbye 720p HDrip X264 Solar
2017-01-13 03:20 - 2017-01-13 03:20 - 01297040 _____ C:\Users\tonya\Documents\sample.veg
2017-01-12 21:39 - 2017-01-12 21:39 - 01296464 _____ C:\Users\tonya\Documents\sample.veg.bak
2017-01-12 14:14 - 2017-01-12 14:14 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-01-12 14:14 - 2017-01-12 14:14 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-01-12 14:14 - 2017-01-12 14:14 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-01-11 22:23 - 2017-01-11 22:23 - 88264481 _____ C:\Users\tonya\Documents\sample.mp4
2017-01-11 17:03 - 2017-01-11 17:05 - 03356672 _____ C:\Users\tonya\Documents\sample.avi
2017-01-11 01:37 - 2017-01-11 16:56 - 12072960 _____ C:\Users\tonya\Documents\bellsdedede.avi
2017-01-10 21:16 - 2017-01-10 21:16 - 01286784 _____ C:\Users\tonya\Documents\bells.veg
2017-01-10 20:22 - 2016-12-22 18:13 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 20:22 - 2016-12-22 18:13 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 20:18 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2017-01-10 20:18 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-01-10 20:18 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-10 20:18 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-01-10 20:18 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-10 20:18 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-01-10 20:18 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2017-01-10 20:18 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-01-10 20:18 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-01-10 20:18 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-01-10 20:18 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-01-10 20:18 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-01-10 20:18 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-01-10 20:18 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-01-10 20:18 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-01-10 20:18 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-01-10 20:18 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-01-10 20:18 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2017-01-10 20:18 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2017-01-10 20:18 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2017-01-10 20:18 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2017-01-10 20:18 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll
2017-01-10 20:18 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 20:18 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-01-10 20:18 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-01-10 20:18 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-01-10 20:18 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-01-10 20:18 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-01-10 20:18 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-01-10 20:18 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-01-10 20:18 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2017-01-10 20:18 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2017-01-10 20:18 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-01-10 20:18 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2017-01-10 20:18 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-01-10 20:18 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-01-10 20:18 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-01-10 20:18 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll
2017-01-10 20:18 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2017-01-10 20:18 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-01-10 20:18 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-01-10 20:18 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-01-10 20:18 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2017-01-10 20:18 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2017-01-10 20:18 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-01-10 20:18 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 20:18 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-01-10 20:18 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-01-10 20:18 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-01-10 20:18 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 20:18 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-01-10 20:18 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-01-10 20:18 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-01-10 20:18 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-01-10 20:18 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-01-10 20:18 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 20:18 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-01-10 20:18 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-10 20:18 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-01-10 20:18 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 20:18 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 20:18 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 20:18 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-01-10 20:18 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-01-10 20:18 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-01-10 20:18 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-01-10 20:18 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-01-10 20:18 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 20:18 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-01-10 20:18 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-01-10 20:18 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-01-10 20:18 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-01-10 20:18 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-01-10 20:18 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-10 20:18 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-01-10 20:18 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 20:18 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-01-10 20:18 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-01-10 20:18 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-01-10 20:18 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-01-10 20:18 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-01-10 20:18 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-01-10 20:18 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-01-10 20:18 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-01-10 20:18 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-01-10 20:18 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-01-10 20:18 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-01-10 20:18 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-01-10 20:18 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-01-10 20:18 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2017-01-10 20:18 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 20:18 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-01-10 20:18 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-01-10 20:18 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-01-10 20:18 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2017-01-10 20:18 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-01-10 20:18 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2017-01-10 20:18 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-01-10 20:18 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2017-01-10 20:18 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 20:18 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-01-10 20:18 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-01-10 20:18 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-01-10 20:18 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-01-10 20:18 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 20:18 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 20:18 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-10 20:18 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2017-01-10 20:18 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-01-10 20:18 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-01-10 20:18 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-01-10 20:18 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 20:18 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-01-10 20:18 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-01-10 20:18 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-01-10 20:18 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2017-01-10 20:18 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-01-10 20:18 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-01-10 20:18 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 20:18 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2017-01-10 20:18 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-01-10 20:18 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll
2017-01-10 20:18 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-01-10 20:18 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 20:18 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\CloudBackupSettings.dll
2017-01-10 20:18 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 20:18 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-01-10 20:18 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2017-01-10 20:18 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-01-10 20:18 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-01-10 20:18 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 20:18 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-01-10 20:18 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-01-10 20:18 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-01-10 20:18 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2017-01-10 20:18 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2017-01-10 20:18 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 20:18 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-10 20:18 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2017-01-10 20:18 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2017-01-10 20:18 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-01-10 20:18 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-01-10 20:18 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-01-10 20:18 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-01-10 20:18 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-01-10 20:18 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-10 20:18 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-01-10 20:18 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-01-10 20:18 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-01-10 20:18 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-01-10 20:18 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-01-10 20:18 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-01-10 20:18 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 20:18 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-01-10 20:18 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-01-10 20:18 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-01-10 03:28 - 2017-01-10 03:28 - 00001931 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2017-01-10 03:28 - 2017-01-10 03:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-01-10 03:25 - 2017-01-10 03:26 - 41896256 _____ (Apple Inc.) C:\Users\tonya\Downloads\QuickTimeInstaller(2).exe
2017-01-10 03:25 - 2017-01-10 03:25 - 01204344 _____ (Adobe Systems Incorporated) C:\Users\tonya\Downloads\readerdc_en_jd_install.exe
2017-01-10 01:38 - 2017-01-10 01:38 - 00213312 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\btwampfl.sys
2017-01-10 01:38 - 2017-01-10 01:38 - 00186152 _____ (Broadcom Corporation.) C:\Windows\system32\Drivers\bcbtums.sys
2017-01-10 01:38 - 2017-01-10 01:38 - 00071148 _____ C:\Windows\system32\Drivers\BCM20702A1_001.002.014.1502.1764.hex
2017-01-10 01:33 - 2017-01-10 01:33 - 00003526 _____ C:\Users\tonya\Desktop\Greeting.amr
2017-01-10 01:32 - 2017-01-10 01:32 - 00385542 _____ C:\Users\tonya\Desktop\TASCAM_005623.wav
2017-01-10 01:17 - 2017-01-10 01:16 - 00004166 _____ C:\Users\tonya\Downloads\Greeting2.amr
2017-01-10 01:13 - 2015-05-01 17:38 - 00074502 _____ C:\Users\tonya\Downloads\1.amr
2017-01-10 01:09 - 2017-01-10 01:09 - 00003526 _____ C:\Users\tonya\Downloads\Greeting.amr
2017-01-10 01:02 - 2017-01-10 01:02 - 00527423 _____ ( ) C:\Users\tonya\Downloads\Lame_v3.99.3_for_Windows.exe
2017-01-10 01:02 - 2017-01-10 01:02 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2017-01-10 00:59 - 2017-01-10 00:57 - 00004166 _____ C:\Users\tonya\Desktop\Greeting3.amr
2017-01-10 00:50 - 2017-01-10 03:03 - 00000000 ____D C:\Users\tonya\AppData\Roaming\Cyberduck
2017-01-10 00:50 - 2017-01-10 00:50 - 00000000 __SHD C:\Users\tonya\wc
2017-01-10 00:48 - 2017-01-10 00:48 - 00001099 _____ C:\Users\Public\Desktop\Cyberduck.lnk
2017-01-10 00:48 - 2017-01-10 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberduck
2017-01-10 00:47 - 2017-01-10 00:48 - 00000000 ____D C:\Program Files (x86)\Cyberduck
2017-01-10 00:46 - 2017-01-10 00:47 - 16547632 _____ C:\Users\tonya\Downloads\Cyberduck-Installer-4.5.1.exe
2017-01-09 14:06 - 2017-01-09 14:06 - 01286784 _____ C:\Users\tonya\Documents\bells.veg.bak
2017-01-08 16:24 - 2017-01-22 22:35 - 00000000 ____D C:\Program Files\FreeFixer
2017-01-08 16:24 - 2017-01-08 16:24 - 00000000 ____D C:\Users\tonya\AppData\Roaming\FreeFixer
2017-01-08 16:23 - 2017-01-08 16:24 - 02704615 _____ (Kephyr) C:\Users\tonya\Downloads\freefixersetup.exe
2017-01-08 03:28 - 2017-01-08 14:21 - 00000000 ____D C:\Users\tonya\Downloads\Ariana Grande - Dangerous W (2016) [24bit]
2017-01-08 01:00 - 2017-01-08 01:00 - 00000000 ____D C:\Windows\system32\RAPID
2017-01-08 01:00 - 2016-11-18 19:04 - 00272792 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\SamsungRapidDiskFltr.sys
2017-01-08 00:54 - 2017-01-08 00:54 - 00000000 ____D C:\Program Files\Western Digital
2017-01-07 14:03 - 2017-01-07 14:04 - 00173320 _____ C:\Users\tonya\Documents\MVI_6803 - 1.MOV.sfk
2017-01-07 14:03 - 2017-01-07 14:04 - 00132448 _____ C:\Users\tonya\Documents\MVI_6808 - 1.MOV.sfk
2017-01-07 14:03 - 2017-01-07 14:04 - 00115280 _____ C:\Users\tonya\Documents\MVI_6804 - 1.MOV.sfk
2017-01-07 14:03 - 2017-01-07 14:04 - 00103568 _____ C:\Users\tonya\Documents\MVI_6909 - 1.MOV.sfk
2017-01-07 14:03 - 2017-01-07 14:04 - 00063832 _____ C:\Users\tonya\Documents\MVI_6807 - 1.MOV.sfk
2017-01-07 14:03 - 2017-01-07 14:04 - 00042864 _____ C:\Users\tonya\Documents\MVI_6805 - 1.MOV.sfk
2017-01-07 04:00 - 2017-01-21 22:22 - 00000645 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-07 03:58 - 2017-01-07 03:58 - 00243552 _____ C:\Users\tonya\Downloads\Firefox Setup Stub 50.1.0.exe
2017-01-07 03:58 - 2017-01-07 03:58 - 00243552 _____ C:\Users\tonya\Downloads\Firefox Setup Stub 50.1.0(1).exe
2017-01-07 03:40 - 2017-01-07 04:45 - 00000031 _____ C:\Windows\script.txt
2017-01-07 03:36 - 2017-01-07 03:36 - 00001874 _____ C:\Users\Public\Desktop\Data Migration.lnk
2017-01-07 03:36 - 2017-01-07 03:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-01-07 03:35 - 2017-01-07 03:35 - 00000000 ____D C:\Users\tonya\Downloads\Samsung_Data_Migration_Setup_v30
2017-01-07 03:34 - 2017-01-07 03:35 - 36941793 _____ C:\Users\tonya\Downloads\Samsung_Data_Migration_Setup_v30.zip
2017-01-07 03:19 - 2017-01-07 03:20 - 00000000 ____D C:\Users\tonya\Documents\Reflect
2017-01-07 03:03 - 2017-01-07 03:03 - 00002017 _____ C:\Users\Public\Desktop\Reflect.lnk
2017-01-07 03:03 - 2017-01-07 03:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2017-01-07 03:03 - 2017-01-07 03:03 - 00000000 ____D C:\Program Files\Macrium
2017-01-07 02:42 - 2017-01-07 02:57 - 00000000 ____D C:\Users\tonya\Downloads\Macrium
2017-01-07 02:41 - 2017-01-07 03:05 - 00000000 ____D C:\ProgramData\Macrium
2017-01-07 02:38 - 2017-01-07 02:41 - 03545552 _____ (Paramount Software UK Ltd) C:\Users\tonya\Downloads\ReflectDL.exe
2017-01-06 20:37 - 2017-01-06 20:37 - 00003330 _____ C:\Windows\System32\Tasks\SamsungMagician
2017-01-06 20:37 - 2017-01-06 20:37 - 00001318 _____ C:\Users\Public\Desktop\Samsung Magician.lnk
2017-01-06 20:37 - 2017-01-06 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2017-01-06 20:36 - 2017-01-06 20:36 - 00000000 ____D C:\Users\tonya\Downloads\Samsung_Magician_Installer
2017-01-06 20:32 - 2017-01-06 20:34 - 13944028 _____ C:\Users\tonya\Downloads\Samsung_Magician_Installer.zip
2017-01-06 20:28 - 2017-01-06 20:28 - 00000000 ____D C:\Users\tonya\Downloads\Samsung_NVMeDriver_2
2017-01-06 20:24 - 2017-01-06 20:24 - 03566683 _____ C:\Users\tonya\Downloads\Samsung_NVMeDriver_2.zip
2017-01-06 19:56 - 2017-01-06 19:57 - 00000000 ____D C:\Users\tonya\Downloads\9386_Disc_Win_120413
2017-01-06 19:46 - 2017-01-06 19:53 - 462787524 _____ C:\Users\tonya\Downloads\9386_Disc_Win_120413.zip
2017-01-06 19:42 - 2017-01-06 19:42 - 03700104 _____ C:\Users\tonya\Downloads\windows_pl2303_usb_driver.zip
2017-01-04 00:25 - 2017-01-04 00:25 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-01-01 00:55 - 2017-01-01 00:55 - 00000032 _____ C:\Users\tonya\Documents\bellsCE.avi.sfl
2016-12-31 23:50 - 2017-01-01 00:55 - 321125376 _____ C:\Users\tonya\Documents\bellsCE.avi
2016-12-31 23:47 - 2016-12-31 23:47 - 00000032 _____ C:\Users\tonya\Documents\bellsDE.avi.sfl
2016-12-31 23:08 - 2016-12-31 23:47 - 89205760 _____ C:\Users\tonya\Documents\bellsDE.avi
2016-12-31 23:03 - 2016-12-31 23:03 - 00000036 _____ C:\Users\tonya\Documents\bellsSCENE.avi.sfl
2016-12-31 22:36 - 2016-12-31 23:03 - 330736128 _____ C:\Users\tonya\Documents\bellsSCENE.avi
2016-12-31 01:33 - 2016-12-28 14:02 - 03325952 _____ (Silicon Valley Software) C:\Users\tonya\Desktop\Anim8or_1264.exe
2016-12-30 20:21 - 2016-12-30 20:21 - 01491818 _____ C:\Users\tonya\Downloads\animcl1264.zip
2016-12-29 13:53 - 2016-12-29 13:53 - 00001150 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-12-28 23:24 - 2016-12-28 23:25 - 00393552 _____ (Americanino Limited) C:\Users\tonya\Downloads\mrmemoryscanner (1).exe
2016-12-28 02:58 - 2016-12-28 02:59 - 00393552 _____ (Americanino Limited) C:\Users\tonya\Downloads\mrmemoryscanner.exe
2016-12-27 21:16 - 2016-12-27 21:16 - 00000040 _____ C:\Users\tonya\Documents\playbackhighdel.avi.sfl
2016-12-27 03:00 - 2016-12-27 03:00 - 00000044 _____ C:\Users\tonya\Documents\playbackhighbellly.avi.sfl
2016-12-27 02:21 - 2016-12-27 03:00 - 306240512 _____ C:\Users\tonya\Documents\playbackhighbellly.avi
2016-12-27 02:12 - 2016-12-27 02:12 - 01267128 _____ C:\Users\tonya\Documents\playbackhigh.veg
2016-12-26 14:34 - 2016-12-26 14:34 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2016-12-26 14:34 - 2016-12-26 14:34 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2016-12-25 18:30 - 2016-12-25 18:30 - 01263016 _____ C:\Users\tonya\Documents\playbackhigh.veg.bak
2016-12-25 18:22 - 2016-12-25 18:22 - 01263008 _____ C:\Users\tonya\Documents\playback.veg
2016-12-25 02:17 - 2016-12-25 02:17 - 00001024 _____ C:\HD-Plus-Service-Android-0.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-24 23:33 - 2016-07-16 06:36 - 00000000 ____D C:\Windows\CbsTemp
2017-01-24 23:30 - 2016-11-17 23:09 - 00000000 ____D C:\Users\tonya\AppData\LocalLow\Mozilla
2017-01-24 23:29 - 2016-03-02 02:17 - 00000000 ___RD C:\Users\tonya\iCloudDrive
2017-01-24 23:29 - 2015-08-13 05:26 - 00000000 __SHD C:\Users\tonya\IntelGraphicsProfiles
2017-01-24 23:28 - 2016-08-12 03:13 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-24 23:27 - 2016-08-12 03:13 - 00000000 ____D C:\Windows\System32\Tasks\Norton Anti-Theft
2017-01-24 23:27 - 2016-07-16 01:04 - 00786432 _____ C:\Windows\system32\config\BBI
2017-01-24 23:25 - 2016-08-12 02:33 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-01-24 22:13 - 2016-10-22 11:57 - 00004142 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{441C6BE9-AD64-4A16-8C0D-6D2091E1B08F}
2017-01-24 18:30 - 2016-06-23 10:23 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-24 16:40 - 2014-03-07 19:52 - 00000000 ____D C:\AdwCleaner
2017-01-24 16:34 - 2014-04-28 23:14 - 00000000 ____D C:\Users\tonya\AppData\Roaming\Audacity
2017-01-24 16:08 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\AppReadiness
2017-01-24 03:19 - 2015-08-09 18:12 - 00000000 ____D C:\Users\tonya\AppData\Roaming\vlc
2017-01-23 23:40 - 2015-03-04 15:22 - 00000000 ____D C:\Users\tonya\AppData\Roaming\TeraCopy
2017-01-23 21:56 - 2015-06-21 21:14 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-22 22:38 - 2016-12-21 21:41 - 00000000 ____D C:\Program Files (x86)\IObit
2017-01-22 22:33 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-22 21:56 - 2016-10-23 16:44 - 00000000 ____D C:\ProgramData\panda_url_filtering
2017-01-22 21:42 - 2016-07-16 06:45 - 00000000 ____D C:\Windows\INF
2017-01-22 02:29 - 2016-08-12 02:42 - 00000000 ____D C:\Users\tonya
2017-01-22 01:07 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\PLA
2017-01-22 00:41 - 2015-10-09 16:55 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-21 22:28 - 2014-03-07 21:00 - 00000000 ____D C:\Users\tonya\Desktop\Old Firefox Data
2017-01-21 22:22 - 2014-03-07 00:33 - 00000645 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-21 22:19 - 2016-11-16 15:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-21 21:54 - 2016-03-21 21:34 - 00000000 ____D C:\Program Files\Tablet
2017-01-20 23:38 - 2015-10-08 13:48 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-19 22:41 - 2013-09-12 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2017-01-19 22:41 - 2013-09-12 23:41 - 00000000 ____D C:\Program Files (x86)\Toshiba
2017-01-18 02:02 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-18 02:02 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-18 02:00 - 2016-12-21 21:41 - 00000000 ____D C:\ProgramData\IObit
2017-01-18 01:58 - 2015-03-06 02:04 - 00000000 ____D C:\Users\tonya\AppData\Roaming\uTorrent
2017-01-15 15:29 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-15 15:28 - 2014-03-06 21:01 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-01-11 19:08 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\rescache
2017-01-10 21:21 - 2016-08-12 02:33 - 05035464 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-10 21:20 - 2016-07-16 06:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-01-10 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-01-10 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\oobe
2017-01-10 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-01-10 21:20 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\Provisioning
2017-01-10 20:27 - 2014-03-09 13:21 - 00000000 ____D C:\Windows\system32\MRT
2017-01-10 20:22 - 2014-03-09 13:21 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-10 03:28 - 2014-03-07 19:37 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-01-08 00:59 - 2015-04-29 17:22 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-01-08 00:54 - 2015-08-12 21:31 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2017-01-08 00:54 - 2015-08-12 21:21 - 00000000 ____D C:\ProgramData\Western Digital
2017-01-08 00:54 - 2015-08-12 21:21 - 00000000 ____D C:\Program Files (x86)\Western Digital
2017-01-08 00:54 - 2013-12-20 08:31 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-07 19:07 - 2016-03-12 02:11 - 00000000 ____D C:\Users\tonya\AppData\Roaming\Adobe
2017-01-07 19:07 - 2016-03-12 02:08 - 00000000 ____D C:\ProgramData\Adobe
2017-01-07 19:07 - 2016-02-25 01:49 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-01-07 07:29 - 2016-07-16 06:47 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2017-01-07 04:31 - 2014-03-07 00:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-07 03:36 - 2013-09-12 23:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-07 02:10 - 2015-08-13 03:36 - 01193250 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-06 20:36 - 2015-04-29 17:19 - 00000000 ____D C:\ProgramData\Samsung
2016-12-26 14:34 - 2016-07-16 06:47 - 00000000 ____D C:\Users\Default\AppData\Roaming
2016-12-26 14:34 - 2016-07-16 06:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming
2016-12-25 02:24 - 2016-07-30 14:49 - 00000000 ____D C:\ProgramData\BlueStacksSetup

==================== Files in the root of some directories =======

2016-02-24 21:27 - 2016-02-24 21:27 - 0000016 ____H () C:\Program Files (x86)\Common Files\dys1-astg
2016-02-24 19:50 - 2016-02-24 19:50 - 0000016 ____H () C:\Program Files (x86)\Common Files\vs1-astg
2015-03-28 22:08 - 2015-04-30 11:47 - 0000132 _____ () C:\Users\tonya\AppData\Roaming\Adobe PNG Format CC Prefs
2016-08-17 01:14 - 2016-09-29 19:27 - 0001178 _____ () C:\Users\tonya\AppData\Roaming\Coolorus 2
2015-06-03 21:10 - 2015-06-03 21:10 - 0000112 _____ () C:\Users\tonya\AppData\Roaming\JP2K CS6 Prefs
2016-01-23 01:51 - 2016-03-18 22:57 - 0000028 _____ () C:\Users\tonya\AppData\Roaming\kulerdata.json
2016-10-22 12:04 - 2016-11-02 17:42 - 0138296 _____ () C:\Users\tonya\AppData\Roaming\net.telestream.wirecast.xml
2016-10-22 12:04 - 2016-10-22 12:04 - 0067454 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_AKAMAI_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0004755 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_BAMBUSER_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0004935 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_CHURCHSTREAMING_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0003931 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_DAILYMOTION_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0005919 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_LIGHTCAST_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0004356 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_MAKETV_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0003439 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0003825 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_MERIDIX_AFFILIATE_ID_brandingimage_main.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0016357 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_ONSTREAM_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0010088 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0004482 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMINGCHURCH_AFFILIATE_ID_brandingimage_main.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0007122 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMING_MEDIA_HOSTING_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0008261 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMSHARK_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0010619 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMVU_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0005241 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAM_SPOT_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0008986 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_SUNDAY_STREAMS_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0003213 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_THE_CUBE_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0022670 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_TILTEDGLOBE_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0003302 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_TULIX_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0008949 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_VERIZON_AFFILIATE_ID_brandingimage_destination.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0008949 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_VERIZON_AFFILIATE_ID_brandingimage_main.png
2016-10-22 12:04 - 2016-10-22 12:04 - 0008683 _____ () C:\Users\tonya\AppData\Roaming\net_telestream_wirecast_partner_NO_ZIXI_AFFILIATE_ID_brandingimage_destination.png
2015-08-08 00:07 - 2015-10-02 02:39 - 0000866 _____ () C:\Users\tonya\AppData\Roaming\PureRef.ini
2014-03-07 18:31 - 2014-03-07 18:31 - 0000045 _____ () C:\Users\tonya\AppData\Roaming\WB.CFG
2017-01-19 00:02 - 2017-01-19 21:33 - 0000430 _____ () C:\Users\tonya\AppData\Roaming\WiinUSoft_prefs.config
2016-11-02 17:42 - 2016-11-02 17:42 - 0000000 _____ () C:\Users\tonya\AppData\Roaming\wirecast_check_crash.txt
2015-02-27 17:27 - 2017-01-22 23:44 - 0001456 _____ () C:\Users\tonya\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-10-13 10:29 - 2016-10-13 10:29 - 0004608 _____ () C:\Users\tonya\AppData\Local\dnow.exe
2016-02-08 00:21 - 2016-12-27 00:29 - 0007593 _____ () C:\Users\tonya\AppData\Local\Resmon.ResmonCfg
2016-10-21 21:32 - 2016-10-21 21:33 - 0000003 _____ () C:\Users\tonya\AppData\Local\run1.txt
2016-02-24 21:27 - 2016-02-24 21:27 - 0000011 ____H () C:\ProgramData\.dys1sfi
2016-02-24 19:50 - 2016-02-24 19:50 - 0000016 ____H () C:\ProgramData\.vs1sfi
2016-08-12 02:36 - 2016-08-12 02:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-24 16:12

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by tonya (24-01-2017 23:34:50)
Running from C:\Users\tonya\Downloads
Windows 10 Home Version 1607 (X64) (2016-08-12 08:26:00)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-291635215-515170609-3999724420-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-291635215-515170609-3999724420-503 - Limited - Disabled)
Guest (S-1-5-21-291635215-515170609-3999724420-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-291635215-515170609-3999724420-1003 - Limited - Enabled)
tonya (S-1-5-21-291635215-515170609-3999724420-1001 - Administrator - Enabled) => C:\Users\tonya
wiicu (S-1-5-21-291635215-515170609-3999724420-1004 - Limited - Enabled) => C:\Users\wiicu

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Panda Free Antivirus (Disabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Disabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
FW: Panda Firewall (Disabled) {7E957C27-E6CC-E160-34FA-E3201100269B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.1.4 - Intel) Hidden
µTorrent (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 5.0.0 - Atomi Systems, Inc.)
Ad-Aware Web Companion (x32 Version: 1.1.885.1766 - Lavasoft) Hidden
Adobe After Effects CC (HKLM-x32\...\{317243C1-6580-4F43-AED7-37D4438C3DD5}) (Version: 12.2.1 - Adobe Systems Incorporated)
Adobe After Effects CC 2014.1.1 (HKLM-x32\...\Adobe After Effects CC 2014.1.1) (Version: - )
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.7.1 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.272 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.2.1 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0) (Version: 17.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014.0.1 (HKLM-x32\...\Adobe Premiere Pro CC 2014.0.1) (Version: - )
Adobe Reader XI (11.0.07) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.4-6 - Wacom Technology Corp.)
Beyond Good and Evil (HKLM-x32\...\Beyond Good and Evil_is1) (Version: - GOG.com)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.3.41.6024 - BlueStack Systems, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.12(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boris Continuum Complete 10 CE for Adobe CS5, CS6, CC (HKLM\...\{45F7EB88-E0B4-4B57-8C1B-A5D8A61F9A29}) (Version: 10.0.0079 - Boris FX, Inc.)
Boris FX 10 (64 Bit) (HKLM\...\{BAF3FFCF-4BFC-42C9-A5F3-EF5F55615C29}) (Version: 10.0.1 - Boris FX, Inc.)
Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation)
Canon 600D Camera Pack (HKLM-x32\...\{CC3B772B-FBF9-4D16-99E7-2B5C144B7900}) (Version: 2.00.0000 - Rubber Monkey Software)
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version: - )
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.3.0.1 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.2.10.0 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.14.10.0 - Canon Inc.)
CanoScan 4400F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CLIP STUDIO PAINT (HKLM-x32\...\{E4F184C1-E62E-44F0-B142-AB6197490834}) (Version: 1.3.8 - CELSYS)
Corel Painter 13 - IPM (Version: 14.0 - Corel Corporation) Hidden
Corel Painter 13 - IPM Content (Version: 14.0 - Corel Corporation) Hidden
Corel Painter 2017 - Content (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - Core (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - Corex64 (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - CT (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - DE (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - EN (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - FR (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - IPM (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - IPM Content (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 - JP (Version: 16.0 - Corel Corporation) Hidden
Corel Painter 2017 (HKLM\...\_{0EB4382B-8422-4059-8027-3403DE8E8C3F}) (Version: 16.0.0.400 - Corel Corporation)
Corel Update Manager (Version: 2.3.129 - Corel corporation) Hidden
Cyberduck 4.5.1 (14915) (HKLM-x32\...\Cyberduck) (Version: 4.5.1 (14915) - )
DAZ Install Manager (HKLM-x32\...\DAZ Install Manager 1.1.0.41) (Version: 1.1.0.41 - DAZ 3D)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Dropbox (HKLM-x32\...\Dropbox) (Version: 18.4.32 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DynamicSketch v1.6.0 for Adobe™ Illustrator™ CS4-CC (17) (HKLM\...\{D2F0DA0D-6D27-42DA-B53D-C352EC0E7FA7}) (Version: 1.6.0 - Astute Graphics Limited)
Epson Easy Photo Print 2 (HKLM-x32\...\{674E262F-72EA-41C1-AF16-9727311A4553}) (Version: 2.4.1.0 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
f.lux (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Flux) (Version: - )
FastStone Image Viewer 6.0 (HKLM-x32\...\FastStone Image Viewer) (Version: 6.0 - FastStone Soft)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
FilmConvert Pro OFX (HKLM\...\{ED2C998B-E673-4084-A7A2-F156B93C98AF}) (Version: 2.0.7 - Rubber Monkey Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
hubiC - x64 (Version: 2.1.1.145 - OVH) Hidden
hubiC (HKLM-x32\...\{51fea8cc-5bb6-4312-86f5-1802a10e030d}) (Version: 2.1.1.145 - OVH)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden
Imagenomic Portraiture 2.3.3 Plug-in (build 2330) (HKLM\...\ImagenomicPortraiturePlugin) (Version: - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.418 - IObit)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Knoll Light Factory Photo 32 bit (HKLM-x32\...\InstallShield_{671BFBC4-81B0-49B0-958F-765670D7E10A}) (Version: 3.2 - Red Giant Software)
Knoll Light Factory Photo 32 bit (x32 Version: 3.2 - Red Giant Software) Hidden
Knoll Light Factory Photo 64 bit (HKLM-x32\...\InstallShield_{69F849EF-4918-4333-81C1-8D8FC07E62B1}) (Version: 3.2 - Red Giant Software)
Knoll Light Factory Photo 64 bit (Version: 3.2 - Red Giant Software) Hidden
Kodi (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Kodi) (Version: - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LavasoftTcpService (x32 Version: 2.3.2.7 - Lavasoft) Hidden
Lazy Nezumi Pro 15.7.3.1740 (HKLM-x32\...\Lazy Nezumi Pro_is1) (Version: 15.7.3.1740 - Guillaume Stordeur)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.3.1665 - Paramount Software (UK) Ltd.) Hidden
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}) (Version: 11.4.0 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.4.0 - Red Giant Software) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.5 - Smith Micro)
MAYFLASH GameCube Controller Adapter (HKLM-x32\...\{FEF678F8-4BD4-4692-8288-6CAFFDFD7739}) (Version: 3.85 - MAYFLASH)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4893.1002 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
Neat Video v2.6 Pro plug-in for Sony Vegas (64-bit) (HKLM\...\Neat Video for Sony Vegas_is1) (Version: - Neat Video team, ABSoft)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.2 - OBS Project)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.3.24 (HKLM\...\{15E093DF-951E-46CB-B3EC-E1287E7A2319}) (Version: 4.3.24 - Oracle Corporation)
Painter 2015 - Contentx64 (Version: 14.1.4 - Corel Corporation) Hidden
Painter 2015 - Core (Version: 14.1.5 - Corel Corporation) Hidden
Painter 2015 - Corex64 (Version: 14.1.4 - Corel Corporation) Hidden
Painter 2015 - CT (Version: 14.1.4 - Corel Corporation) Hidden
Painter 2015 - DE (Version: 14.1.5 - Corel Corporation) Hidden
Painter 2015 - EN (Version: 14.1.5 - Corel Corporation) Hidden
Painter 2015 - FR (Version: 14.1.4 - Corel Corporation) Hidden
Painter 2015 - Setup Files (Version: 14.1.4 - Corel Corporation) Hidden
Painter 2017 - Setup Files (Version: 16.0 - Corel Corporation) Hidden
Pale Moon 26.1.1 (x86 en-US) (HKLM-x32\...\Pale Moon 26.1.1 (x86 en-US)) (Version: 26.1.1 - Moonchild Productions)
Panda Devices Agent (x32 Version: 1.03.08 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.08.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 17.00.01.0000 - Panda Security)
Panda Free Antivirus (Version: 8.31.00 - Panda Security) Hidden
Panda Safe Web (HKLM-x32\...\pandasecuritytb) (Version: 4.3.1.20 - Panda Security and Visicom Media Inc.)
ParticleShop - Core (Version: 1.0 - Corel Corporation) Hidden
ParticleShop - IPM (Version: 1.0 - Corel Corporation) Hidden
ParticleShop - IPM Content (Version: 1.0 - Corel Corporation) Hidden
ParticleShop (HKLM\...\_{6F224046-E164-4B78-9867-3AE494271D29}) (Version: 1.0.0.516 - Corel Corporation)
ParticleShop (Version: 1.0 - Corel Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Perfectly Clear Plugin 1.7.1 (HKLM-x32\...\Perfectly Clear Plugin) (Version: 1.7.1 - Athentech)
Perfectly Clear Plugin v2 2.0.0.28 (HKLM-x32\...\Perfectly Clear Plugin v2) (Version: 2.0.0.28 - Athentech)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Portrait Professional Studio 10.8 Trial (HKLM-x32\...\PortraitProfessionalStudio10Trial_is1) (Version: 10.8 - Anthropics Technology Ltd.)
PortraitPro 15.4 (HKLM-x32\...\PortraitPro15_is1) (Version: 15.4 - Anthropics Technology Ltd.)
PortraitPro 15.5 Trial (HKLM-x32\...\PortraitPro15Trial_is1) (Version: 15.5 - Anthropics Technology Ltd.)
PureRef (HKLM-x32\...\PureRef) (Version: 1.6.0 - Idyllic Pixel)
qBittorrent 3.1.12 (HKLM-x32\...\qBittorrent) (Version: 3.1.12 - The qBittorrent project)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RAPID Mode (Version: 1.0.0.97 - Samsung Electronics Co., Ltd.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
ReelSmart Motion Blur 4, After Effects-compatible plugin set (HKLM-x32\...\ReelSmart Motion Blur 4, After Effects-compatible plugin set) (Version: - )
Remote Mouse version 2.801 (HKLM-x32\...\{01E4BC6D-3ACC-45E1-8928-C2FF626F63F3}_is1) (Version: 2.801 - Remote Mouse)
Samsung Data Migration (HKLM-x32\...\{3B304604-0BF5-488E-AB95-F2F2E31206F3}) (Version: 3.0 - Samsung)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Sonic Generations (HKLM-x32\...\Sonic Generations_is1) (Version: - )
Spotify (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\Spotify) (Version: 1.0.25.127.g58007b4c - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TeraCopy 3.0 alfa 2 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
Tony Hawks Pro Skater HD (HKLM-x32\...\Tony Hawks Pro Skater HD_is1) (Version: - )
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.38 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Total Audio MP3 Converter v3.2.3 build 1415 (HKLM-x32\...\{0C2BF220-E21C-493D-B2A3-D89848C719F0}_is1) (Version: - Hoo Technologies)
TVMC (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\TVMC) (Version: - TVADDONS.ag)
TVPaint Animation 10 Pro v10.0.16 (HKLM-x32\...\TVPaint Animation 10 Pro v10.0.1610.0.16) (Version: 10.0.16 - Friends in War)
VectorScribe v1.9.2 for Adobe™ Illustrator™ CS4-CC (17) (HKLM\...\{5BD20D46-9055-4A4B-8110-3C1D6472EDEB}) (Version: 1.9.2 - Astute Graphics Limited)
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
VEGAS Pro 14.0 (64-bit) (HKLM\...\{F15270DE-AAA0-11E6-BC48-8EDAE4BED5C9}) (Version: 14.0.201 - VEGAS)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3A78192E-E683-4231-8DB5-F9453910CEF6}) (Version: 2.15.0401 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{BB5A0BB0-657F-48DC-A475-5503F39CED05}) (Version: 2.14.1202 - Samsung Electronics Co., Ltd.)
Visual Studio 2010 SP1 Runtime x64 (HKLM\...\{F6305232-7952-4CCE-BDCD-9B2E66591C4A}) (Version: 1.0.0 - Microsoft Corporation)
Visual Studio 2010 SP1 Runtime x86 (HKLM-x32\...\{AEA163A5-BA2F-4E63-9529-DE8606AC82A4}) (Version: 1.0.0 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.20-5 - Wacom Technology Corp.)
Waterfox 44.0.3 (x64 en-US) (HKLM\...\Waterfox 44.0.3 (x64 en-US)) (Version: 44.0.3 - Mozilla)
WD Drive Utilities (HKLM-x32\...\{22662b08-91e0-4540-bb98-c96f32e09417}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{429a42d7-4c55-44d4-b38a-5872a0d70495}) (Version: 1.3.0.18 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.3.0.18 - Western Digital Technologies, Inc.) Hidden
WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
Web Companion (HKLM-x32\...\{0CCC3DEB-F976-4477-AD38-520A692B9F4D}_WebCompanion) (Version: 1.1.885.1766 - Lavasoft)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.7 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.5 - Wacom Technology Corp.)
WiinUSoft version 2.1 (HKLM\...\{1BFC4F9F-BB85-4CE3-AC22-0CBFF78D5EE4}_is1) (Version: 2.1 - Justin Keys)
WinDirStat 1.1.2 (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\WinDirStat) (Version: - )
Window On Top version 3.8 (HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\{7F2C28D2-EE31-49A5-94F2-67285DAE372B}_is1) (Version: 3.8 - Skybn Software)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wirecast (HKLM\...\{2EDE31E5-8935-4E89-9D47-BCCF70668A09}) (Version: 7.1.0 - Telestream LLC)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version: - )
ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-291635215-515170609-3999724420-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-291635215-515170609-3999724420-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\tonya\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-291635215-515170609-3999724420-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-291635215-515170609-3999724420-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\tonya\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C52E362-A66B-4E4F-87AB-A545CB0D31D6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {140EE89E-A67F-4BB3-A119-49321942E151} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {147B414D-6BFE-48CB-8308-9CF7AF180707} - System32\Tasks\{F8EDE224-4F46-558F-4F36-7C9765D32548} => C:\ProgramData\{91BCA694-2617-113F-4689-1CE239FFBF4F}\17C284B6-A069-331D-D40C-BBA3BDF67AE5.exe [2017-01-22] () <==== ATTENTION
Task: {17B97FA6-74C3-4B17-9C02-2B9C68526B88} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {2CB4FBD7-574F-42A0-9D66-8C76CA1228F5} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {3A741055-8DBC-448A-80BF-699325662D85} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-01-12] (Corel Corporation)
Task: {3B2E50CA-75B4-4031-BFF1-D4841CD776F9} - System32\Tasks\{BA7B6938-0DD0-DE93-706B-0DC6ACA1C7D2} => C:\ProgramData\{803F2B78-3794-9CD3-24BF-6CBA55BD9AC8}\378A3C99-8021-8B32-3AC0-0022E7FEBC71.exe [2017-01-23] () <==== ATTENTION
Task: {3F6A6962-393D-4C76-A506-BEBC2C051747} - System32\Tasks\{77CD6F01-C066-D8AA-189E-51AEF607FD9D} => C:\ProgramData\{1547664B-A2EC-D1E0-A538-18E999DC47B0}\D5F9B1A9-6252-0602-C276-3C7368131503.exe [2017-01-23] () <==== ATTENTION
Task: {3FEFE4E9-9E68-47C5-8366-B0C6F0C77E6B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {47973DF3-4BC3-4E7B-ADC2-3D0C79C63E80} - System32\Tasks\{18B90680-AF12-B12B-7DDC-25F09F933C69} => C:\ProgramData\{2FD7D6B9-987C-6112-5D1E-8F9F945E8702}\0B4B8873-BCE0-3FD8-5084-4F37A7E425D9.exe [2017-01-23] () <==== ATTENTION
Task: {4941EC19-9A92-454F-99E6-505146EC4F3C} - System32\Tasks\{D031D5AC-BE4D-CE53-E922-EE8600EF673E} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\ff9ad289\a1319b15.dll" <==== ATTENTION
Task: {6DF692BC-B6C4-442C-BAC9-715F13851189} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {72179CEE-0C8B-4B69-A8AB-E1E1F079BFCF} - System32\Tasks\{81BB4220-3610-F58B-9DF1-E975748DA648} => C:\ProgramData\{1F19E231-A8B2-559A-F3FD-9AB1E929E427}\BBBB935F-0C10-24F4-12B5-F51FA8CAD942.exe [2017-01-22] () <==== ATTENTION
Task: {7AA827B3-0D83-4967-8532-068BBDFEEF21} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-22] (Dropbox, Inc.)
Task: {7AC2B429-2750-4BFD-91E8-A24FBCB87FD9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {7C2C1B14-723D-4879-85A8-60AA3B005758} - System32\Tasks\{D7653E10-60CE-89BB-1C3F-71EB123E8329} => C:\ProgramData\{36B3ADFB-8118-1A50-962C-259E1E21BF78}\79CEDD93-CE65-6A38-B06E-10DCBAAE2E52.exe [2017-01-22] () <==== ATTENTION
Task: {8D262774-B5AD-4191-982E-3EB86FCC3D07} - System32\Tasks\{7BC1AD99-CC6A-1A32-0348-8ECFEFDCB956} => C:\ProgramData\{43EA74C8-F441-C363-41F9-D1037AB1F13E}\D71D735C-60B6-C4F7-F41E-E2D5D9064742.exe [2017-01-22] () <==== ATTENTION
Task: {9167DF03-62CB-4A2A-997A-4D8637F5F886} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-291635215-515170609-3999724420-1001UA => C:\Users\tonya\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-18] (Google Inc.)
Task: {9507210A-D324-4E7A-85FA-90D5BFEE1A9D} - System32\Tasks\{77A35286-C008-E52D-AAF9-1A01589F2BF7} => C:\ProgramData\{9BDF868D-2C74-3126-57BB-3F9DA35C40A6}\19A6ECA6-AE0D-5B0D-648E-E06336377F1B.exe [2017-01-24] () <==== ATTENTION
Task: {9EEA600B-6778-4A39-93ED-9B637831053E} - System32\Tasks\CorelUpdateHelperTask => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-01-12] (Corel Corporation)
Task: {A16D5264-C0AF-4C61-9854-2585C41430C7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {B224710A-187A-46E7-8F6C-E307F62FE55B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-18] (Adobe Systems Incorporated)
Task: {B3142959-AFFB-4A77-978D-2E1BA4E3F3F7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-11-01] (Microsoft Corporation)
Task: {BA8D47FE-537B-4C60-9925-FBBD31DCBDDE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-291635215-515170609-3999724420-1001Core => C:\Users\tonya\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-18] (Google Inc.)
Task: {C5A469AD-5894-412A-8539-B6DA06422E05} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {D288EFDD-A2EC-48EA-B3B1-B31C728BB83A} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2016-11-23] (Samsung Electronics Co. Ltd.)
Task: {DCBCBC41-A757-4A6C-8453-0E3DEB7EF93A} - System32\Tasks\{566F6876-E1C4-DFDD-1005-9A9DA525147B} => C:\ProgramData\{83855B80-342E-EC2B-3EAC-8108D3EE7329}\003C7365-B797-C4CE-E3D2-88481EC4BB0D.exe [2017-01-23] () <==== ATTENTION
Task: {EB6B4717-C191-49F2-AF0B-219A2B9348E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {F6739571-6C32-4FF0-94FE-82E9AF06B54D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-10] (Microsoft Corporation)
Task: {F7C3E48E-7E04-4CF0-B208-0BEBBF77449B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-11-01] (Microsoft Corporation)
Task: {F9C0EAD0-1000-449F-9438-C1E1B1876330} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-22] (Dropbox, Inc.)
Task: {FE898BBF-3731-415F-A23E-E37D2C8A48D3} - System32\Tasks\{D4343E2F-639F-8984-B0F9-5AC6EFDECEF4} => C:\ProgramData\{D45344F6-63F8-F35D-4CF5-7381C7E54F3F}\339E07CF-8435-B064-C219-6CAD40D013EA.exe [2017-01-24] () <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\tonya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZ Install Manager\DAZ Install Manager Read Me.lnk -> hxxp:docs.daz3d.com\doku.php\public\read_me\index\1481

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-13 21:05 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-01-15 15:21 - 2016-05-24 08:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-10 15:54 - 2013-09-10 15:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-06-08 17:04 - 2016-06-08 17:04 - 00117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-03-21 21:34 - 2010-10-21 08:38 - 01182576 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2017-01-22 23:24 - 2017-01-22 23:24 - 00986624 _____ () C:\ProgramData\{36B3ADFB-8118-1A50-962C-259E1E21BF78}\79CEDD93-CE65-6A38-B06E-10DCBAAE2E52.exe
2016-12-13 21:05 - 2016-12-09 05:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-08-12 07:28 - 2016-08-12 07:28 - 00959168 _____ () C:\Users\tonya\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2017-01-21 21:54 - 2017-01-17 16:24 - 01658320 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2016-09-14 20:46 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 20:18 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 20:18 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 20:18 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 20:18 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 20:18 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 20:18 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2017-01-22 23:28 - 2017-01-22 23:28 - 00986624 _____ () C:\ProgramData\{1F19E231-A8B2-559A-F3FD-9AB1E929E427}\BBBB935F-0C10-24F4-12B5-F51FA8CAD942.exe
2017-01-22 23:28 - 2017-01-22 23:28 - 00986624 _____ () C:\ProgramData\{43EA74C8-F441-C363-41F9-D1037AB1F13E}\D71D735C-60B6-C4F7-F41E-E2D5D9064742.exe
2016-12-21 22:54 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-12-21 22:54 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-12-21 22:54 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2015-12-15 12:17 - 2015-12-15 12:17 - 00618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-10-08 13:48 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-10-08 13:48 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-10-08 13:48 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-10-08 13:48 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-03-02 01:49 - 2015-05-26 19:54 - 00152576 _____ () C:\Program Files (x86)\Remote Mouse\FileS.dll
2013-12-20 08:13 - 2013-09-03 19:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-12-21 22:54 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2016-12-21 22:54 - 2016-11-09 14:35 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1 [5]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2 [5]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3 [4]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4 [5]
AlternateDataStreams: C:\Users\tonya\Desktop\Version_two.mp4:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\tonya\Downloads\05 Love Will Be Enough for Us.m4a:com.dropbox.attributes [252]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2016-10-21 23:08 - 00001809 ___RA C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com       127.0.0.1 activate.adobe.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
162.222.194.13       cocomo.tremorhub.com
162.222.194.13       virustotal.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-291635215-515170609-3999724420-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tonya\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: ss_conn_service => 2
HKLM\...\StartupApproved\StartupFolder: => "Constant Guard.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Fast Connect.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ParticleShop Update Helper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\StartupFolder: => "Verizon Wireless Software Utility Application for Android – Samsung.lnk"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "ComcastAntispyClient"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "OfficeSyncProcess"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "hubiC"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "Remote Mouse"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-291635215-515170609-3999724420-1001\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [UDP Query User{32A8101A-E081-43AD-93FF-DCB01EA82F02}C:\users\tonya\downloads\yooka-laylee toybox+\toybox64.exe] => C:\users\tonya\downloads\yooka-laylee toybox+\toybox64.exe
FirewallRules: [TCP Query User{513B5887-9F40-48A6-9412-027DCD7995F3}C:\users\tonya\downloads\yooka-laylee toybox+\toybox64.exe] => C:\users\tonya\downloads\yooka-laylee toybox+\toybox64.exe
FirewallRules: [{CBE9BEB7-6EE0-4612-93EC-9B7E197FE828}] => C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{0BAA79E5-9BAC-463D-8F63-A6D7550ABC61}] => C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{B150D4DA-1A91-46B8-BFB7-F1FCBFF060E1}] => C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{21C289F6-E61F-486A-89CB-B1EAB2B6C7D9}] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{6010F5DC-6A79-4FA7-9A9C-61670E5CDF11}] => C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [UDP Query User{17C151C1-34B5-44CC-A29F-C175977411D5}C:\program files (x86)\tvmc\tvmc.exe] => C:\program files (x86)\tvmc\tvmc.exe
FirewallRules: [TCP Query User{27E7BA1D-9E15-4E46-BB41-F79196436BA3}C:\program files (x86)\tvmc\tvmc.exe] => C:\program files (x86)\tvmc\tvmc.exe
FirewallRules: [UDP Query User{E9832C74-DE31-4DD1-8F1C-B2414245552C}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{1A838FC5-1241-4046-A153-7FC444F0C03C}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{8276E39D-570D-48E6-B5F0-F44804B72F31}C:\users\tonya\appdata\roaming\spotify\spotify.exe] => C:\users\tonya\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{083E1E3A-F1A3-422F-BD67-D905AA5ED347}C:\users\tonya\appdata\roaming\spotify\spotify.exe] => C:\users\tonya\appdata\roaming\spotify\spotify.exe
FirewallRules: [{467C0391-50E7-4AF1-A6FB-A48E082C391A}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7DD7DB96-EC64-4B91-81F3-60A5F0179C95}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{23E507F5-CCF2-4971-8821-2C714A357FA4}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{163903C9-F7DF-410F-B959-A2E1AB93BA22}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{F4C4E406-F032-40E3-9552-CC82E790AB32}C:\program files\sony\vegas pro 13.0\vegas130.exe] => C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [TCP Query User{6202234D-2A08-418D-A157-BC31CA67C952}C:\program files\sony\vegas pro 13.0\vegas130.exe] => C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{00F8983E-59FA-4F80-99A0-2A7FF9DAAA56}C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe] => C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe
FirewallRules: [TCP Query User{F7A87201-611A-40EA-A8B2-EF9A60A181B0}C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe] => C:\program files\adobe\adobe after effects cc 2015\support files\afterfx.exe
FirewallRules: [UDP Query User{BAA47B75-FDBE-4C18-BAB3-3221029C3ED7}C:\windows\system32\settingsynchost.exe] => C:\windows\system32\settingsynchost.exe
FirewallRules: [TCP Query User{3AE50254-F1C3-4F12-BD8E-63E353DB416D}C:\windows\system32\settingsynchost.exe] => C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{F1E8BEB0-7027-40D7-85AE-DE7963A2C2D4}C:\program files\adobe\adobe premiere pro cc 2014\pproheadless.exe] => C:\program files\adobe\adobe premiere pro cc 2014\pproheadless.exe
FirewallRules: [TCP Query User{3686BFC0-B178-4E5E-9134-0F0D89DB313A}C:\program files\adobe\adobe premiere pro cc 2014\pproheadless.exe] => C:\program files\adobe\adobe premiere pro cc 2014\pproheadless.exe
FirewallRules: [UDP Query User{4E274D4D-207F-4D56-B653-6FC781C352AB}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
FirewallRules: [TCP Query User{4006E628-24B8-4E8D-AF38-959E806D3AAD}C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe] => C:\program files\adobe\adobe premiere pro cc 2014\adobe premiere pro.exe
FirewallRules: [{2DBBD932-E4FE-4459-9A96-89F87851729D}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4DEB31A3-92C0-4C49-A6FB-0D3CC5C01F6E}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{E99702A0-534D-4F5C-890C-01475773AE37}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlupdater.exe
FirewallRules: [{0DDB692E-C4E0-47EB-8274-5CCB548A0EE7}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{9FEE6124-FF81-4155-A4A9-92CAE79D6413}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{687C4A58-7D80-44D1-85D1-58E81D092264}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{8B943FF9-4FC7-4424-8881-A0D64BEF518F}] => C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{508B8365-86F7-45AC-AFA9-E1E29257AE80}] => C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{2F544BBE-F796-41DB-B983-F9AECD9FED40}] => C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [UDP Query User{5D4E6AA1-996C-4DBF-940E-9901BBF23CE2}C:\program files\oracle\virtualbox\virtualbox.exe] => C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [TCP Query User{12A3C666-26A3-4D61-A8E3-B0172395A90D}C:\program files\oracle\virtualbox\virtualbox.exe] => C:\program files\oracle\virtualbox\virtualbox.exe
FirewallRules: [UDP Query User{44CA6F60-1DF0-4773-9EB1-9E8DD3835A7C}C:\program files\sony\vegas pro 13.0\vegas130.exe] => C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [TCP Query User{5BF13A1B-999A-4160-93C8-23EE397CF533}C:\program files\sony\vegas pro 13.0\vegas130.exe] => C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{C7E65BA6-71F6-4EA6-9FBB-72DF6BA68314}] => C:\Users\tonya\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE3663BC-B423-4E13-B59E-196FCEAD0CBC}] => C:\Users\tonya\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{54A652F6-BF40-4B59-B1EF-3C8836AAF6FD}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{3081EF79-F792-4AE3-91B1-C7441609E506}] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{F796F914-2B6B-4B38-88B1-D12F494C4568}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{40211190-78F9-4288-8EA1-A5FBC8A9526D}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{713EFF07-C88F-4885-A499-76E931D2F7BE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0236D466-9545-48BA-9181-628BEF82D9E8}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BB515514-C3E3-46A0-BB3B-E6F9F18F9D1B}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{084B8B57-906D-4A4C-8042-A6EAABDCE021}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ED152A87-2B59-4AA9-BFFE-D120222CFDD7}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F5816747-3C87-4F3C-8FEE-93D919A98626}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{71A30099-C1B6-43CD-87E7-6C58B4A66224}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8EE4BCF8-166D-4D6C-A99E-7D16AD2CB05D}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F98D7D16-D486-456A-989A-43A0CC131F04}C:\program files\telestream\wirecast\wirecast.exe] => C:\program files\telestream\wirecast\wirecast.exe
FirewallRules: [UDP Query User{EE0053BA-4562-47E7-A6CF-D3FBF7005B76}C:\program files\telestream\wirecast\wirecast.exe] => C:\program files\telestream\wirecast\wirecast.exe
FirewallRules: [{3B1B9A8E-DC31-4DEE-B9D3-7619BEA2EE48}] => C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{554EE7E2-07F5-49ED-9900-8679C87EEA7D}] => C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe
FirewallRules: [{459604BD-947D-4A60-B507-13AF60981240}] => LPort=8317
FirewallRules: [TCP Query User{9D8206AB-D36A-447C-ACE9-88ED2C89F6A7}C:\program files\vegas\vegas pro 14.0\vegas140.exe] => C:\program files\vegas\vegas pro 14.0\vegas140.exe
FirewallRules: [UDP Query User{15200338-8145-4ADE-AAB1-0166A656CFFD}C:\program files\vegas\vegas pro 14.0\vegas140.exe] => C:\program files\vegas\vegas pro 14.0\vegas140.exe
FirewallRules: [{43A1979E-34E5-41DF-B8B1-45242AD9C2A9}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{03C231C0-6BEC-4B4D-8556-EA66936AD9C9}] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{4B3F42BF-85D0-4271-9F86-4B65F1597A6B}] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{75480341-446D-42D1-B1E3-91E68B5F9908}] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe
FirewallRules: [{8608EB98-5386-4DCB-8839-6690C6EA2E05}] => C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\AutoUpdate.exe
FirewallRules: [{E9F9D8C2-36D5-4DFF-AFB0-C4CB3A2877F8}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{2C5405EA-77F6-4CCF-9165-6B46F3880BB4}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DriverBooster.exe
FirewallRules: [{41AC39DC-5923-4AEA-991F-68C79C830097}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{34DEBF83-542C-4D64-841D-AFDD0048D780}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\DBDownloader.exe
FirewallRules: [{F28F554A-2C7D-4BA1-A973-982A4FC09317}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe
FirewallRules: [{2D56EAF6-A902-4815-8161-B01480F87B5C}] => C:\Program Files (x86)\IObit\Driver Booster\4.2.0\AutoUpdate.exe
FirewallRules: [{35AD686C-21C5-470C-A8CD-23D6FE2F1867}] => K:\ff\firefox.exe
FirewallRules: [{113FDE4D-04A4-4739-B326-2EE1A7F1CA38}] => K:\ff\firefox.exe
FirewallRules: [{5B6AC643-1C39-4AE0-9220-CE16ABE51F7E}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2017 11:28:29 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

System errors:
=============
Error: (01/24/2017 11:32:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2017 11:29:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2017 11:29:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/24/2017 11:27:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
The pipe has been ended.

Error: (01/24/2017 11:27:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Spybot-S&D 2 Security Center Service service depends on the Security Center service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (01/24/2017 11:27:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error:
A system shutdown is in progress.

Error: (01/24/2017 11:27:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU 2020M @ 2.40GHz
Percentage of memory in use: 63%
Total physical RAM: 6023.27 MB
Available physical RAM: 2214.24 MB
Total Virtual: 13191.27 MB
Available Virtual: 9223.81 MB

==================== Drives ================================

Drive c: (TI10673200G) (Fixed) (Total:930.29 GB) (Free:291.37 GB) NTFS
Drive e: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive k: (My Book) (Fixed) (Total:3725.99 GB) (Free:221.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

==================== End of Addition.txt ============================