I have told her and told her NOT to just click on stuff ... but ...
one thing I know is wrong ... she has somehow gotten pcsupportdesk.co on her laptop and now there are pop-ups galore ... help please
FRST SCAN
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Penny S Farris (administrator) on DESKTOP-7HJLTT7 (15-03-2017 08:29:20)
Running from C:\Users\bubbl\Desktop
Loaded Profiles: Penny S Farris (Available Profiles: Penny S Farris)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AppVerifierService) C:\ProgramData\ASCValidator\ASCValidatorService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
() C:\Program Files\AVAST Software\SecureLine\vpnsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTA579.tmp
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(advancedpctools.com) C:\Program Files\Advance-System Care\asc.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Dropbox, Inc.) C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\bubbl\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(Slimware Utilities Holdings, Inc.) C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
() C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Dropbox, Inc.) C:\Users\bubbl\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Dropbox, Inc.) C:\Users\bubbl\AppData\Roaming\Dropbox\bin\Dropbox.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\SecureLine\secureline.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(PCVARK) C:\Program Files (x86)\Universal Driver Updater\UniversalDriverUpdater.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(The Chromium Authors) C:\Users\bubbl\AppData\Local\chromium\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843784 2017-02-28] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-06-21] (CyberLink Corp.)
HKLM-x32\...\Run: [ClearScreen Player] => C:\Program Files (x86)\ClearScreenPlayer\ClearScreenPlayer.exe [439712 2016-04-20] ()
HKLM-x32\...\RunOnce: [Guhutucesit] => C:\WINDOWS\SysWoW64\wscript.exe /E:vbscript /B "C:\Users\bubbl\AppData\Roaming\Disoperat"
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [Dropbox Update] => C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-16] (Dropbox, Inc.)
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [ClearScreen Player] => C:\Program Files (x86)\ClearScreenPlayer\ClearScreenPlayer.exe [439712 2016-04-20] ()
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [BingSvc] => C:\Users\bubbl\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [Chromium] => c:\users\bubbl\appdata\local\chromium\application\chrome.exe [1053184 2016-03-09] (The Chromium Authors)
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [SlimCleaner Plus] => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [26201280 2016-07-25] (Slimware Utilities Holdings, Inc.)
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [108456 2016-05-05] ()
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\RunOnce: [Uninstall C:\Users\bubbl\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bubbl\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_2\amd64"
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [1269848 2017-02-14] (Adobe Systems Incorporated)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-02-03]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-03-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-05-30]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{72caaa9f-c5f5-4583-9363-1bb4938bbca0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{72caaa9f-c5f5-4583-9363-1bb4938bbca0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{746df8de-bd5f-4f4d-9602-729aa8db16a4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{746df8de-bd5f-4f4d-9602-729aa8db16a4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ee42c699-068b-44b3-870d-c0cd49250b5e}: [DhcpNameServer] 82.163.142.7
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d5dc1718
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d5dc1718
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d5dc1718
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_44_wcb_ir_16_35¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzuyBtDyD0AtD0FtBtByD0DtBtCyB0EyDtBtN0D0Tzu0StCyByCyBtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyEyB0E0BtBzy0D0AtGtCzyyCtDtG0Ezy0BzztGyEyC0B0CtGyEtBtCyByEyEzztC0A0AyByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtA0BtD0CtCyC0DtGtDtC0E0EtGyEyEzz0AtG0B0F0D0DtGtDzy0F0AyEyE0A0F0ByCtC0C2QtN0A0LzuyE%26cr%3D670971015%26a%3Dhdr_s_16_44_wcb_ir_16_35%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c77d62fb&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_44_wcb_ir_16_35¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzuyBtDyD0AtD0FtBtByD0DtBtCyB0EyDtBtN0D0Tzu0StCyByCyBtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyEyB0E0BtBzy0D0AtGtCzyyCtDtG0Ezy0BzztGyEyC0B0CtGyEtBtCyByEyEzztC0A0AyByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtA0BtD0CtCyC0DtGtDtC0E0EtGyEyEzz0AtG0B0F0D0DtGtDzy0F0AyEyE0A0F0ByCtC0C2QtN0A0LzuyE%26cr%3D670971015%26a%3Dhdr_s_16_44_wcb_ir_16_35%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c77d62fb&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d5dc1718&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_44_wcb_ir_16_35¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzuyBtDyD0AtD0FtBtByD0DtBtCyB0EyDtBtN0D0Tzu0StCyByCyBtN1L2XzutAtFtByEtFtCtBtFyDtBtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2SyEyB0E0BtBzy0D0AtGtCzyyCtDtG0Ezy0BzztGyEyC0B0CtGyEtBtCyByEyEzztC0A0AyByB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtA0BtD0CtCyC0DtGtDtC0E0EtGyEyEzz0AtG0B0F0D0DtGtDzy0F0AyEyE0A0F0ByCtC0C2QtN0A0LzuyE%26cr%3D670971015%26a%3Dhdr_s_16_44_wcb_ir_16_35%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-02-07] (Intel Security)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
FF Plugin HKU\S-1-5-21-2430580443-1646431325-2133495863-1001: @citrixonline.com/appdetectorplugin -> C:\Users\bubbl\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-12-09] (Citrix Online)
Chrome:
=======
CHR DefaultProfile: Default
CHR NewTab: Default -> Not-active:"chrome-extension://kgpcmjeckonpfoaacknfdaaehpjbflhl/stubby.html", Active:"chrome-extension://icgmhdpmdghobfppgncpanbehbecdhpb/stubby.html", Active:"chrome-extension://kmeplklncpfkhbkdogjognkoafdnpmha/newtab/newtab.html", Active:"chrome-extension://ianibjjlmopilahjckdaimnghbdlngkh/stubby.html", Active:"chrome-extension://kgdipifddaiedehdphnflapcinbndgmb/stubby.html", Not-active:"chrome-extension://ijjnmdphpnlnelhbhefnfmimenjgbfcn/stubby.html", Not-active:"chrome-extension://hjfmdccpchjbocfcmenkfmkcbmoldfee/stubby.html"
CHR DefaultSearchURL: Default -> hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&redirect=CPC
CHR DefaultSearchKeyword: Default -> askwebsearch
CHR DefaultSuggestURL: Default -> hxxp://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms}
CHR Profile: C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default [2017-03-15]
CHR Extension: (Google Slides) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-11]
CHR Extension: (Google Docs) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-11]
CHR Extension: (Google Drive) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-11]
CHR Extension: (YouTube) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-11]
CHR Extension: (ArcadeFiesta Ads) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\dceehkmnchcmeefgindfjiggfncpfckf [2017-02-10]
CHR Extension: (Advertisement offers by GameZooks) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnhgkolepibaegjheeeblkgfmpankac [2016-11-25]
CHR Extension: (Google Docs Offline) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-11]
CHR Extension: (ArcadeSauce) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgebohojipdmejkbbnjlfhcpfehhnepn [2016-09-25]
CHR Extension: (FindYourMaps) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjfmdccpchjbocfcmenkfmkcbmoldfee [2017-02-08]
CHR Extension: (GamingWonderland) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ianibjjlmopilahjckdaimnghbdlngkh [2017-01-10]
CHR Extension: (PDFConverterHQ) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\icgmhdpmdghobfppgncpanbehbecdhpb [2017-01-16]
CHR Extension: (MapsGalaxy) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijjnmdphpnlnelhbhefnfmimenjgbfcn [2016-11-18]
CHR Extension: (Ask Web Search) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmengapaekgmapkcophhdmppmjinpogo [2017-01-10]
CHR Extension: (FindMeFreebies) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgdipifddaiedehdphnflapcinbndgmb [2016-11-19]
CHR Extension: (EasyMailLogin) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgpcmjeckonpfoaacknfdaaehpjbflhl [2017-02-27]
CHR Extension: (Login Faster) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmeplklncpfkhbkdogjognkoafdnpmha [2017-01-10]
CHR Extension: (iWin New Tab) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\leomkkljcdgegflamofjilaekhgiiake [2016-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Gmail) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-11]
CHR Extension: (Chrome Media Router) - C:\Users\bubbl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM-x32\...\Chrome\Extension: [leomkkljcdgegflamofjilaekhgiiake] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 0231371488514182mcinstcleanup; C:\WINDOWS\TEMP\023137~1.EXE [922152 2016-03-02] (McAfee, Inc.)
R2 ASCValidator; C:\ProgramData\ASCValidator\ASCValidatorService.exe [29696 2016-09-13] (AppVerifierService) [File not signed]
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-16] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe [133480 2016-03-20] (Zhuhai Kingsoft Office Software Co.,Ltd)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-18] (McAfee, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [314624 2017-02-28] (Realtek Semiconductor)
R2 SecureLine; C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe [592392 2016-05-30] ()
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [252096 2016-07-25] (SlimWare Utilities, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [258152 2017-02-28] (Synaptics Incorporated)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [996824 2017-02-06] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-02-06] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-02-06] (McAfee, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2017-02-28] (Realtek )
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [418784 2017-02-28] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6294016 2017-02-01] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-07] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2016-05-16] (Synaptics Incorporated)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2017-03-15] ()
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-15 08:23 - 2017-03-15 08:28 - 02424832 _____ (Farbar) C:\Users\bubbl\Desktop\FRST64.exe
2017-03-09 18:00 - 2017-03-09 18:00 - 00000000 ____D C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-06 16:59 - 2017-03-06 17:05 - 00000000 ____D C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0000_0c039344d2f910be
2017-03-06 16:58 - 2017-03-06 16:58 - 00000000 ____D C:\Users\bubbl\AppData\Local\Deployment
2017-03-06 16:58 - 2017-03-06 16:58 - 00000000 ____D C:\Users\bubbl\AppData\Local\Apps\2.0
2017-02-28 23:17 - 2017-02-28 23:16 - 00428648 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2017-02-28 23:17 - 2017-02-28 23:16 - 00329832 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo54.dll
2017-02-28 23:17 - 2017-02-28 23:16 - 00064104 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2017-02-28 23:17 - 2017-02-28 23:16 - 00060008 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2017-02-28 23:17 - 2017-02-28 23:16 - 00057448 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys
2017-02-28 23:13 - 2017-02-28 23:12 - 00082544 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2017-02-28 23:10 - 2017-02-28 23:10 - 00001851 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS Audio Control.lnk
2017-02-28 23:09 - 2017-02-28 23:07 - 72520720 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-02-28 23:09 - 2017-02-28 23:07 - 06764662 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-02-28 23:09 - 2017-02-28 23:07 - 03203592 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 02895104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-02-28 23:09 - 2017-02-28 23:07 - 02706864 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 02203752 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 02073096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 01435144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 01360520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 01041744 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 01001800 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00864352 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00858208 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00854032 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00725944 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00689888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00498648 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00467160 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00341152 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00341152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00258864 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00110984 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-02-28 23:09 - 2017-02-28 23:07 - 00088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 01529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00574760 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00438704 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00112496 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Caf64api.dll
2017-02-28 23:08 - 2017-02-28 23:06 - 00005604 _____ C:\WINDOWS\system32\cxapo.lncs
2017-02-28 23:08 - 2017-02-28 23:06 - 00000736 _____ C:\WINDOWS\system32\cxapo.prop
2017-02-28 23:02 - 2017-02-28 23:01 - 00418784 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2017-02-28 22:56 - 2017-02-28 23:18 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-28 22:56 - 2017-02-28 22:56 - 00003224 _____ C:\WINDOWS\System32\Tasks\YCMServiceAgent
2017-02-28 22:55 - 2015-08-31 00:26 - 00041400 _____ (CyberLink Corporation) C:\WINDOWS\system32\Drivers\clwvd6.sys
2017-02-27 16:51 - 2017-02-27 16:52 - 00108559 _____ C:\Users\bubbl\Downloads\Application 2017.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-15 08:31 - 2016-07-16 16:00 - 00024590 _____ C:\Users\bubbl\Desktop\FRST.txt
2017-03-15 08:29 - 2016-07-11 14:24 - 00000000 ____D C:\FRST
2017-03-15 08:24 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-15 08:24 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-15 08:20 - 2015-07-10 04:04 - 00000187 _____ C:\WINDOWS\win.ini
2017-03-15 08:18 - 2016-05-16 20:33 - 00000000 ____D C:\Users\bubbl\Documents\YouCam
2017-03-15 08:17 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-15 08:15 - 2016-10-26 17:29 - 00003174 _____ C:\WINDOWS\System32\Tasks\Advance-System Care_Logon
2017-03-15 08:15 - 2016-05-16 20:53 - 00000000 ___RD C:\Users\bubbl\Dropbox
2017-03-15 08:13 - 2016-08-27 11:43 - 00000468 _____ C:\WINDOWS\Tasks\DriverUpdate Startup.job
2017-03-15 08:13 - 2016-06-24 17:33 - 00000000 ____D C:\Users\bubbl\AppData\Roaming\Skype
2017-03-15 08:12 - 2016-08-27 11:43 - 00013920 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
2017-03-12 10:14 - 2016-08-12 04:07 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-10 23:18 - 2016-10-26 16:21 - 00000000 ____D C:\Users\bubbl\AppData\Roaming\MahJong Suite
2017-03-10 10:02 - 2016-08-27 10:37 - 00000000 ____D C:\ProgramData\{C5DA00B9-4F98-8A7F-C95E-143D531C9FF3}
2017-03-09 18:01 - 2016-05-16 20:49 - 00000000 ____D C:\Users\bubbl\AppData\Roaming\Dropbox
2017-03-09 18:01 - 2016-05-16 20:42 - 00000000 ____D C:\Users\bubbl\AppData\Local\Dropbox
2017-03-08 11:38 - 2017-01-14 19:58 - 00000000 ____D C:\Program Files\TrueKey
2017-03-08 11:37 - 2016-08-30 18:40 - 00003178 _____ C:\WINDOWS\System32\Tasks\Advanced System Care_Logon
2017-03-08 11:35 - 2016-11-02 01:50 - 00000000 ____D C:\Users\bubbl\AppData\Roaming\{5E6668DD-7B34-05AB-1002-2279CCD0DF47}
2017-03-08 11:35 - 2016-08-31 01:38 - 00000294 _____ C:\Users\bubbl\AppData\Roaming\WB.CFG
2017-03-04 19:08 - 2016-05-16 20:32 - 00000000 ____D C:\Users\bubbl\AppData\Local\Packages
2017-03-02 21:14 - 2016-08-12 04:15 - 01366386 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-02 21:09 - 2017-01-14 20:07 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-03-02 21:09 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-02 21:08 - 2016-09-03 17:51 - 00003010 _____ C:\appverifier.txt
2017-03-02 21:07 - 2016-08-12 04:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-02 21:07 - 2016-03-20 02:55 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2017-02-28 23:17 - 2015-07-13 09:28 - 00000000 ____D C:\SWSetup
2017-02-28 23:16 - 2016-05-17 21:57 - 00902248 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2017-02-28 23:16 - 2016-05-17 21:57 - 00803944 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2017-02-28 23:16 - 2016-05-17 21:57 - 00278632 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2017-02-28 23:16 - 2016-05-16 20:24 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-02-28 23:13 - 2016-03-20 01:54 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-02-28 23:12 - 2016-03-20 01:58 - 00943112 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2017-02-28 23:10 - 2016-08-12 04:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-02-28 23:10 - 2016-08-12 04:10 - 00011070 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-02-28 23:10 - 2016-08-12 04:10 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-02-28 23:10 - 2016-03-20 01:54 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-02-28 23:07 - 2016-03-20 01:54 - 05251592 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-02-28 23:07 - 2016-03-20 01:54 - 03283248 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-02-28 23:07 - 2016-03-20 01:54 - 03133152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-02-28 23:07 - 2016-03-20 01:54 - 00192992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-02-28 23:07 - 2016-03-20 01:54 - 00023696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-02-28 23:06 - 2016-03-20 01:54 - 01608128 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-02-28 23:05 - 2016-03-20 01:54 - 02838232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2017-02-28 23:02 - 2016-08-12 04:09 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-02-28 22:56 - 2016-03-20 02:22 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2017-02-28 22:55 - 2016-03-20 02:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-02-28 22:55 - 2016-03-20 01:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-28 22:51 - 2016-03-20 02:23 - 00000000 ____D C:\Program Files (x86)\CyberLink
2017-02-28 22:51 - 2016-03-20 02:22 - 00000000 ____D C:\ProgramData\Temp
2017-02-28 22:27 - 2016-11-22 21:33 - 00000000 ____D C:\Users\bubbl\AppData\Local\ElevatedDiagnostics
2017-02-28 22:26 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-24 22:00 - 2016-08-12 04:16 - 00000000 ____D C:\Users\bubbl
2017-02-24 20:10 - 2017-01-25 02:28 - 00000400 _____ C:\WINDOWS\Tasks\HPCeeScheduleForPenny S Farris.job
2017-02-24 20:10 - 2017-01-14 19:58 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-24 20:10 - 2017-01-14 19:58 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-24 20:09 - 2016-07-15 23:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-02-24 19:22 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-24 19:21 - 2016-05-18 18:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-24 19:14 - 2016-05-18 18:01 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 20:08 - 2017-01-25 02:28 - 00003328 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForPenny S Farris
2017-02-22 19:37 - 2016-12-09 18:08 - 00003308 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-22 19:37 - 2016-05-16 20:37 - 00002374 _____ C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-22 19:37 - 2016-05-16 20:37 - 00000000 ___RD C:\Users\bubbl\OneDrive
2017-02-18 21:28 - 2017-01-14 20:12 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-02-14 23:57 - 2017-01-14 19:58 - 00004000 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-14 23:57 - 2017-01-14 19:58 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-02-14 23:57 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-14 23:57 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
==================== Files in the root of some directories =======
2016-11-02 01:50 - 2016-11-02 01:50 - 0020008 _____ () C:\Users\bubbl\AppData\Roaming\Disoperat
2016-08-31 01:38 - 2017-03-08 11:35 - 0000294 _____ () C:\Users\bubbl\AppData\Roaming\WB.CFG
Files to move or delete:
====================
C:\Windows\Tasks\{162CBFFF-FBB6-0460-4EB2-502E03141E52}.job
C:\Windows\Tasks\{1FC15B2D-3674-CA95-514E-5241279BA123}.job
Some files in TEMP:
====================
2016-08-24 16:21 - 2016-08-24 16:21 - 2458672 _____ (The OpenSSL Project,
http://www.openssl.org/)C:\Users\bubbl\AppData\Local\Temp\libeay32.dll
2016-08-24 16:21 - 2016-08-24 16:21 - 0970912 _____ (Microsoft Corporation) C:\Users\bubbl\AppData\Local\Temp\msvcr120.dll
2016-08-27 10:36 - 2017-01-16 12:29 - 0086968 _____ (iWin inc.) C:\Users\bubbl\AppData\Local\Temp\preinstall-options.exe
2016-08-27 11:43 - 2016-08-27 11:43 - 0205656 _____ (SlimWare Utilities, Inc.) C:\Users\bubbl\AppData\Local\Temp\scp22BD.tmp.exe
2016-08-24 16:21 - 2016-08-24 16:21 - 0772672 _____ () C:\Users\bubbl\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-26 18:57
==================== End of FRST.txt ============================
ADDITION SCAN
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Penny S Farris (15-03-2017 08:35:20)
Running from C:\Users\bubbl\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-12 11:40:55)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2430580443-1646431325-2133495863-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2430580443-1646431325-2133495863-503 - Limited - Disabled)
Guest (S-1-5-21-2430580443-1646431325-2133495863-501 - Limited - Disabled)
Penny S Farris (S-1-5-21-2430580443-1646431325-2133495863-1001 - Administrator - Enabled) => C:\Users\bubbl
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2D Mahjong Temple (HKLM-x32\...\2D Mahjong Temple) (Version: - iWin.com)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Advanced System Care (HKLM\...\{F751A81C-AAF7-4E24-8E40-231FD881A20B}_is1) (Version: 1.0.0.12966 - advancedpctools.com)
Advance-System Care (HKLM\...\{F851A81C-AAF7-4E24-8E40-231FD881A20B}_is1) (Version: 1.0.0.16074 - advancedpctools.com)
Avast SecureLine (HKLM\...\{2CD3C92F-EDC5-4B02-9B0A-9C1D37C58EF5}_is1) (Version: 1.0.239.2 - AVAST Software)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bing Powered Search (HKLM-x32\...\BingPoweredSearch) (Version: - )
BingProvidedSearch (HKLM-x32\...\{89E56125-D965-B0A5-68E5-C025B86513A5}) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
callofwar (HKLM-x32\...\{CE2320B6-5A53-41A3-A549-14CC1FBCE06A}_is1) (Version: 2.2.1.9 - callofwar)
Chromium (HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Chromium) (Version: 51.0.2672.0 - Chromium)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{CC8F903A-9698-4245-9A38-22412DEF1029}) (Version: 1.0.446 - Citrix)
ClearScreen Player (HKLM-x32\...\{344E6832-0DAE-43F5-841C-7EDBFB7EF235}) (Version: 1.6.2.2 - ClearScreen Player)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink PhotoDirector (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.5418 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4627 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DriverUpdate (HKLM-x32\...\DriverUpdate) (Version: 2.6.5 - Slimware Utilities Holdings, Inc.)
DriverUpdate (x32 Version: 2.6.5 - Slimware Utilities Holdings, Inc.) Hidden
Dropbox (HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Fantasy Mosaics 17: New Palette (HKLM-x32\...\Fantasy Mosaics 17: New Palette) (Version: 1.0.0.0 - iWin.com)
Games Manager (HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\GamesManager) (Version: 2.13.5.801 - iWin Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HP Documentation (HKLM\...\HP_Documentation) (Version: - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8293.5264 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.3.50.9 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.5.32.203 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.13.125.1 - Intel Security)
Intel® Chipset Device Software (x32 Version: 10.1.1.8 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4358 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Jewel Match: Twilight (HKLM-x32\...\BFG-Jewel Match - Twilight) (Version: - )
MahJong Suite 2016 v13.0 (HKLM-x32\...\MahJong Suite_is1) (Version: 13.0 - TreeCardGames)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7898 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
Search the Web (Yahoo) (HKLM-x32\...\a92e2408) (Version: - )
Sir Match-a-Lot (HKLM-x32\...\BFG-Sir Match-a-Lot) (Version: - )
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
SlimCleaner Plus (HKLM\...\SlimCleaner Plus) (Version: 2.5.8 - Slimware Utilities Holdings, Inc.)
SlimCleaner Plus (Version: 2.5.8 - Slimware Utilities Holdings, Inc.) Hidden
Space Mahjong (x32 Version: 1.1.2.4 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated)
Universal Driver Updater (HKLM-x32\...\{03E33667-F180-4D3C-9A88-10020AB6AEEF}_is1) (Version: 1.1.0.0 - universaldriverupdator.com)
WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WPS Office (9.1.0.5113) (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5113 - Kingsoft Corp.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2430580443-1646431325-2133495863-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\bubbl\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02E1058B-4512-41F1-B027-07CFBFF3C667} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2430580443-1646431325-2133495863-1001Core1d23cb0df49b8aa => C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-16] (Dropbox, Inc.)
Task: {0B48002D-0302-4951-A887-24FBAC07A016} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-10-29] (CyberLink Corp.)
Task: {0C57387C-9D69-4083-BADA-24D6B2ADA18A} - System32\Tasks\{162CBFFF-FBB6-0460-4EB2-502E03141E52} => C:\Users\bubbl\AppData\Roaming\{5E666~1\SYNHEL~1.EXE [2013-04-11] () <==== ATTENTION
Task: {0EA003A3-8873-4358-BA4D-34AA2CCFD32A} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe [2016-05-30] (AVAST Software)
Task: {0F9A7B03-1B79-43F3-AFF4-26D089C92890} - System32\Tasks\Universal\Driver Updater\Start Driver Updater оn logon => C:\Program Files (x86)\Universal Driver Updater\UniversalDriverUpdater.exe [2016-09-26] (PCVARK)
Task: {292752D1-FF62-4D37-A394-105159A8BD4B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {2A461DF9-7F32-48AE-AC6C-EEB3B6C44632} - System32\Tasks\Advanced System Care_Logon => C:\Program Files\Advanced System Care\asc.exe [2016-08-23] (advancedpctools.com)
Task: {2FAF2A4A-5057-4DDF-95AA-36A76BC1430F} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe [2016-03-20] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {37DA90C2-8D55-492F-82D8-EA5694E2766E} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Penny S Farris) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe [2016-07-25] (Slimware Utilities Holdings, Inc.)
Task: {44C40CDD-A054-401D-81C7-552E2FE974EE} - System32\Tasks\Advance-System Care_Logon => C:\Program Files\Advance-System Care\asc.exe [2016-10-21] (advancedpctools.com)
Task: {4F38FF77-8221-4272-9C60-4923072C75C1} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {561B738F-9CF9-41B9-BC2D-BEBCED6EA998} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-02-08] (HP Inc.)
Task: {5C3C2A87-78A7-4891-B196-E4AE3B6F2FEA} - System32\Tasks\{1FC15B2D-3674-CA95-514E-5241279BA123} => C:\Users\bubbl\AppData\Local\{8D97B~1\Helper.exe [2013-04-11] () <==== ATTENTION
Task: {79BB5360-FA5D-4472-8B6B-4EA6AE8CB3AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {7DEFC3F2-E4CF-4E39-B182-06AA04C596F2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {8994D8B1-6C39-444E-8410-E30735F35F04} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe [2016-03-20] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {8ADAAC3E-ADB6-44A9-AE15-E3A1DFAD66AF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2430580443-1646431325-2133495863-1001UA1d23cb0e061f8cc => C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-16] (Dropbox, Inc.)
Task: {8E4085FC-8C3A-4FFC-9F76-56C62C72D5BA} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2016-08-15] (SlimWare Utilities, Inc.)
Task: {987EC89B-6441-4E10-8747-0012C67AE1AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-02-08] (HP Inc.)
Task: {A51914EB-AA7F-46FA-A127-881C8AC5197C} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-14] (Adobe Systems Incorporated)
Task: {AA6C8269-2D8E-48F2-AF09-48F1E1393D7A} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2016-08-15] (SlimWare Utilities, Inc.)
Task: {C1E146EB-EADF-4429-A24E-25AD9CDFFD06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-11] (Google Inc.)
Task: {C864FF4C-7D0F-42D7-AA85-C871D2E570AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-02-10] (HP Inc.)
Task: {CE78FECC-058A-4767-AB55-03B208A04860} - System32\Tasks\Bing Powered Search ridid => Wscript.exe "C:\ProgramData\{C5DA00B9-4F98-8A7F-C95E-143D531C9FF3}\sita.txt" "687474703a2f2f79786870612e636f6d" "433a5c50726f6772616d446174615c7b43354441303042392d344639382d384137462d433935452d3134334435333143394646337d5c6e6f6369646f" "433a5c50726f6772616d446174615c7b43354441303042392d344639382d384137462d433935 (the data entry has 78 more characters).
Task: {E3E3C738-7BB9-4F03-AF13-1E278A288662} - System32\Tasks\Universal\Driver Updater\Start Driver Updater automatic scanning => C:\Program Files (x86)\Universal Driver Updater\UniversalDriverUpdater.exe [2016-09-26] (PCVARK)
Task: {E7800190-BF7B-4BF7-83E0-84E93D5B0EA8} - System32\Tasks\HPCeeScheduleForPenny S Farris => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {E9434032-F33F-4AE6-9260-7E5A35505232} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {EC400A52-0BA1-4702-B6C6-AE1658F0B571} - System32\Tasks\{59AB081C-DA7D-4C8D-9748-19E34FE17A99} => launchwinapp.exe hxxp://ui.skype.com/ui/0/7.23.0.105/en/abandoninstall?source=lightinstaller&page=tsMain
Task: {F32E8553-76CF-454E-8E55-66CE4CB5A694} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {F3D07AB5-2CE3-4458-93E7-184DEB28A746} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-06-19] ()
Task: {F8862245-8BE5-4927-92B8-2B8C013E4D6D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-11] (Google Inc.)
Task: {FB4F97AA-C78D-4AD2-B204-B862769B4084} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe [2016-05-16] (AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Bing Powered Search ridid.job => Wscript.exe C:\ProgramData\{C5DA00B9-4F98-8A7F-C95E-143D531C9FF3}\sita.txt <==== ATTENTION
Task: C:\WINDOWS\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2430580443-1646431325-2133495863-1001Core1d23cb0df49b8aa.job => C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2430580443-1646431325-2133495863-1001UA1d23cb0e061f8cc.job => C:\Users\bubbl\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForPenny S Farris.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Penny S Farris).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdate.exe
Task: C:\WINDOWS\Tasks\{162CBFFF-FBB6-0460-4EB2-502E03141E52}.job =>
Task: C:\WINDOWS\Tasks\{1FC15B2D-3674-CA95-514E-5241279BA123}.job => C:\Users\bubbl\AppData\Local\{8D97B~1\Helper.exe <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iWin Games\Play iWin Games.lnk -> C:\Users\bubbl\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=00000000 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\Users\bubbl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iWin Games\Games\Launch - 2D Mahjong Temple.lnk -> C:\Users\bubbl\AppData\Local\GamesManager\GamesManager.exe (iWin Inc) -> -config.channel=00000000 -config.sku=6898624509206276256 -config.uri=hxxp://gm/iwin/index.html
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
ShortcutWithArgument: C:\Users\Public\Desktop\VUDU - Streaming Movies.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.vudu.com/
==================== Loaded Modules (Whitelisted) ==============
2016-03-20 02:45 - 2014-04-14 18:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-05-30 14:22 - 2016-05-30 14:22 - 00592392 _____ () C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe
2016-07-25 17:35 - 2016-07-25 17:35 - 00763072 _____ () C:\Program Files\SlimService\MyDefragDll.dll
2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 17:22 - 2016-12-09 03:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 17:22 - 2016-12-09 03:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-30 20:06 - 2016-09-06 21:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-15 18:45 - 2016-12-21 00:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-15 18:44 - 2016-12-20 23:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-15 18:44 - 2016-12-20 23:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-15 18:44 - 2016-12-20 23:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-15 18:44 - 2016-12-20 23:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-15 18:44 - 2016-12-20 23:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-15 18:44 - 2016-12-20 23:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-18 23:18 - 2016-05-05 08:41 - 00108456 ____N () C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
2017-02-07 17:31 - 2017-02-01 02:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 17:31 - 2017-02-01 02:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-03-09 18:00 - 2017-03-06 13:59 - 00807232 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-03-09 18:00 - 2017-02-08 19:19 - 00035792 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00100296 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00018888 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\select.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00019776 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00694224 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00020824 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-03-09 18:00 - 2017-02-08 19:20 - 00123856 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 01682768 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00020816 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00145864 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-03-09 18:00 - 2017-02-08 19:20 - 00019408 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00116688 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-03-09 18:00 - 2017-02-08 19:22 - 00105928 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00022864 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00038712 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00060736 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00024528 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00175560 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-03-09 18:00 - 2017-02-08 19:19 - 00392144 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-03-09 18:00 - 2017-02-08 19:22 - 00020936 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00116176 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00381760 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00124880 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00026456 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00024016 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00030160 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00043472 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00048592 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00057808 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00024016 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00246608 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00027488 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-03-09 18:00 - 2017-02-08 19:21 - 00241104 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00022336 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00025432 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00028616 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 01826104 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-03-09 18:00 - 2017-02-08 19:20 - 00083912 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\sip.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 01972536 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 03928896 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00531264 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00053072 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00133432 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00224064 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00207680 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00022864 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00069968 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00022872 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00021848 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00022872 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00350152 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00103232 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00023896 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00025936 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-03-09 18:00 - 2017-02-08 19:17 - 00036296 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\librsync.dll
2017-03-09 18:00 - 2017-03-06 14:01 - 00033112 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2017-03-09 18:00 - 2016-12-02 14:44 - 00293392 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2017-03-09 18:00 - 2017-03-06 14:01 - 00084288 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-03-09 18:00 - 2017-02-08 19:27 - 00017864 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-03-09 18:00 - 2017-02-08 19:27 - 01631184 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-03-09 18:00 - 2017-03-06 14:01 - 00042816 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00171336 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00357688 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-03-09 18:00 - 2017-02-08 19:22 - 00060880 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00026456 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-03-09 18:00 - 2017-03-06 14:01 - 00546104 _____ () C:\Users\bubbl\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-04-30 13:17 - 2015-04-30 13:17 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-04-30 13:17 - 2015-04-30 13:17 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2016-08-27 10:38 - 2016-03-09 01:40 - 02204160 _____ () C:\Users\bubbl\AppData\Local\chromium\Application\51.0.2672.0\libglesv2.dll
2016-08-27 10:38 - 2016-03-09 01:40 - 00075776 _____ () C:\Users\bubbl\AppData\Local\chromium\Application\51.0.2672.0\libegl.dll
2016-05-30 14:22 - 2016-05-30 14:22 - 38907672 _____ () C:\Program Files\AVAST Software\SecureLine\libcef.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:27C9AEEC [152]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:3310F70A [374]
AlternateDataStreams: C:\ProgramData\Temp:6F1F66C0 [106]
AlternateDataStreams: C:\ProgramData\Temp:7929462F [144]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 04:04 - 2017-02-03 20:04 - 00000857 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2430580443-1646431325-2133495863-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{6A0260BE-0CB7-408D-8946-1F2DD87DCC67}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BA1D7740-43F4-4D93-A317-EC0319446F17}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A087CAB0-4EE1-44BB-89F3-40BB61158453}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FB242D16-013A-4AC6-A707-270AB2C85118}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3915A0F-F3BF-49EE-9442-4F3D55357E5D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C2DBDF80-924A-4559-9CCB-1BD1FAE53868}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{BCDEEEE7-04F1-471C-B869-11D76FDB1188}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{D5C1FAED-DCBE-4EE8-AC34-B03BD14A80DD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{6A370A8F-CE1A-4AE9-8A2E-377333D0021B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{A7490464-3A5A-410A-9D46-2EE6E4F8D241}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{5AEC090C-9723-4872-99D9-9F43EB750C98}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{C4B52D8B-4F29-4E98-AAFC-F7E4639BD39B}] => (Allow) C:\Users\bubbl\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{A2E241DA-40A1-4CCF-B0C6-3A939564E67D}] => (Allow) C:\Users\bubbl\AppData\Local\Temp\ShowMyPC\-ShowMyPC3501\SMPCSetup.exe
FirewallRules: [{0EB27E84-912B-4755-B9D6-F7DEB246C2DE}] => (Allow) C:\Users\bubbl\AppData\Local\Temp\ShowMyPC\-ShowMyPC3501\SMPCSetup.exe
FirewallRules: [{26C9F323-9509-4630-9F96-CE7BE4FA3CCC}] => (Allow) C:\Users\bubbl\AppData\Local\Temp\ShowMyPC\-ShowMyPC3501\SMPCSetup.exe
FirewallRules: [{2E11E209-57A5-4C8A-8171-6411A27F92E4}] => (Allow) C:\Users\bubbl\AppData\Local\Temp\ShowMyPC\-ShowMyPC3501\tvnserver.exe
FirewallRules: [{4D734000-8444-46DB-B776-7B5680EF32B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
11-02-2017 18:06:21 Scheduled Checkpoint
21-02-2017 01:48:41 Scheduled Checkpoint
24-02-2017 19:12:29 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/10/2017 10:26:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20906
Error: (03/10/2017 10:26:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20906
Error: (03/10/2017 10:26:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/10/2017 10:26:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19844
Error: (03/10/2017 10:26:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19844
Error: (03/10/2017 10:26:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/10/2017 10:26:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18406
Error: (03/10/2017 10:26:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18406
Error: (03/10/2017 10:26:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/10/2017 10:26:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8359
System errors:
=============
Error: (03/15/2017 08:23:26 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
Error: (03/10/2017 11:18:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/10/2017 05:33:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/10/2017 12:27:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/08/2017 02:57:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/08/2017 12:25:44 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
Error: (03/08/2017 11:37:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.
Error: (03/06/2017 09:43:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/06/2017 11:15:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/06/2017 12:53:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2017-01-16 22:57:15.725
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-16 22:57:15.721
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-14 18:57:40.247
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-14 18:57:40.243
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-09 17:20:58.357
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-09 17:20:58.354
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-09 16:52:06.736
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-09 16:52:06.725
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-09 16:51:29.371
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-09 16:51:29.358
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Pentium® CPU N3540 @ 2.16GHz
Percentage of memory in use: 61%
Total physical RAM: 3985.95 MB
Available physical RAM: 1554.15 MB
Total Virtual: 7267.07 MB
Available Virtual: 3703.62 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:445.88 GB) (Free:384.25 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.66 GB) (Free:2.18 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E40E8831)
Partition: GPT.
==================== End of Addition.txt ============================