Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2


  • This topic is locked This topic is locked

#1
gregsone1

gregsone1

    New Member

  • Member
  • Pip
  • 1 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Greg (administrator) on ENVY (05-04-2017 22:26:40)
Running from C:\Users\Greg\Desktop
Loaded Profiles: Greg (Available Profiles: Greg)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start10\Start10_64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(WiseCleaner.com) C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Spotify Ltd) C:\Users\Greg\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(WildTangent, Inc.) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files\WindowsApps\Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-04-04] (AVAST Software)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-06] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\...\Run: [Spotify Web Helper] => C:\Users\Greg\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-22] (Spotify Ltd)
HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-02-25] (Siber Systems)
HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\...\MountPoints2: {421448ae-d107-11e6-beb9-68172992e581} - "G:\AutoRun.exe" 
HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-04-04] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-01-27] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{159e888b-78d5-4d59-ba58-9f5d470ac8c4}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4621e2bb-4d4f-4486-9b90-616769e0a260}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL13/14
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL13/14
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
SearchScopes: HKLM -> DefaultScope {F154C596-75A9-4028-90E8-9752BD7CA05B} URL = 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2701978342-3959735868-3175919056-1002 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2701978342-3959735868-3175919056-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-21-2701978342-3959735868-3175919056-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2701978342-3959735868-3175919056-1002 -> {F154C596-75A9-4028-90E8-9752BD7CA05B} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-25] (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-23] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-23] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-23] (HP Inc.)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-25] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-23] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-23] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-25] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-02-25] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2701978342-3959735868-3175919056-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2701978342-3959735868-3175919056-1002 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-02-25] (Siber Systems Inc.)
 
FireFox:
========
FF DefaultProfile: yd760ifb.default
FF ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\yd760ifb.default [2017-02-28]
FF NetworkProxy: Mozilla\Firefox\Profiles\yd760ifb.default -> type", 
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-22]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2017-02-25]
FF HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-21] (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-13] ()
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxps://www.google.com.au/webhp?tab=iw&ei=zGHMV_aoBYHL0gTQyLWwDQ&ved=0EKkuCAQoAQ
CHR StartupUrls: Profile 1 -> "hxxps://www.facebook.com/","hxxps://outlook.live.com/owa/?id=64855&path=/mail/inbox/rp","hxxps://twitter.com/gregewan","hxxps://www.instagram.com/"
CHR DefaultSearchKeyword: Profile 1 -> bm
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-04-05]
CHR Extension: (Google Translate) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-01-11]
CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2017-01-11]
CHR Extension: (Torrent Search) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2017-01-11]
CHR Extension: (Google Docs) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-11]
CHR Extension: (Google Drive) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-11]
CHR Extension: (UJAM - Make your music.) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdiogojbmdncjdpljocafnigiokgmci [2017-01-11]
CHR Extension: (YOUZEEK Free Music) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce [2017-01-11]
CHR Extension: (iCloud) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bjhodfififgcgedifpkenofdhlaafokk [2017-01-11]
CHR Extension: (YouTube) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-11]
CHR Extension: (Nimbus Screenshot & Screen Video Recorder) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2017-03-10]
CHR Extension: (Weebly - Website Builder) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2017-01-11]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe [2017-01-11]
CHR Extension: (Fair AdBlocker App (by STANDS)) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-01-11]
CHR Extension: (YOU.DJ app) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\defekohaofmambflfpfoojkmfdpcbgko [2017-01-11]
CHR Extension: (Webcam) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dfpjcegkjhdnnempidlgmeoaiilpidep [2017-01-11]
CHR Extension: (Word Search) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2017-01-11]
CHR Extension: (Torrent Turbo Search App) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eegbffmjdkflkcfncpfjjbggbdlnbdif [2017-01-11]
CHR Extension: (PicMonkey) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2017-01-11]
CHR Extension: (Fair Ads (by STANDS)) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2017-01-11]
CHR Extension: (Google Docs Offline) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-11]
CHR Extension: (Google Photos) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2017-01-11]
CHR Extension: (VoiceNote II - Speech to text) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hfknjgplnkgjihghcidajejfmldhibfm [2017-01-11]
CHR Extension: (Flixster) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2017-01-11]
CHR Extension: (Fashion Arena) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjeihoebllhjahohmmbledgkgapldmlf [2017-01-11]
CHR Extension: (TiltShiftMaker) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo [2017-01-11]
CHR Extension: (What do your dreams mean) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hpmambngimkfaddbeebieghlkbdifaje [2017-01-11]
CHR Extension: (Voice Recognition) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2017-01-11]
CHR Extension: (iPiccy Photo Editor) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2017-01-11]
CHR Extension: (Dropbox) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2017-01-11]
CHR Extension: (SoundCloud) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2017-01-11]
CHR Extension: (My Browser Page) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jghfknlgajlcihkhkhnlcoffhbohnlbg [2017-01-11]
CHR Extension: (Autodesk Homestyler) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2017-01-11]
CHR Extension: (Coupons at Checkout) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kegphgaihkjoophpabchkmpaknehfamb [2017-02-06]
CHR Extension: (Webcam Toy) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lfbgimoladefibpklnfmkpknadbklade [2017-01-11]
CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-04-05]
CHR Extension: (Album & Photo Manager For Facebook) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2017-03-18]
CHR Extension: (Peanut Gallery) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lhbgfmofpkinopfbafkklckgbkojgknp [2017-01-11]
CHR Extension: (Video Converter) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mcjjnhgakghmggnimjkldjmmpabhnhne [2017-01-11]
CHR Extension: (Minimal Bookmarks Tree) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mohenkbngkbmdlkiemonbgdfgdjacaeb [2017-03-20]
CHR Extension: (My Cloud Player) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nbfjhlpinelhnncgfpgfekddidnbnaab [2017-01-11]
CHR Extension: (OneDrive) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2017-01-11]
CHR Extension: (Downloads) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngbcgifdaopbfflfhbcfeomijfbbcadi [2017-03-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Meaning of Names) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nninaahoaamcnfhioafhfnaaegmkfmed [2017-01-11]
CHR Extension: (piZap Photo Editor) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\occpjibghkbopohbefbejkklnfdkdmok [2017-01-11]
CHR Extension: (Audio Converter) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ojfphighcpfimfhblaigjckljcoeipga [2017-01-11]
CHR Extension: (Picasa) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2017-01-11]
CHR Extension: (Click&Clean App) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2017-04-04]
CHR Extension: (Outlook.com) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2017-01-11]
CHR Extension: (Gmail) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-11]
CHR Extension: (Chrome Media Router) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR Extension: (RoboForm Password Manager) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-03-25]
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-02-11]
CHR Extension: (Google Slides) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-16]
CHR Extension: (Google Docs) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-16]
CHR Extension: (Google Drive) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-16]
CHR Extension: (YouTube) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-16]
CHR Extension: (Google Sheets) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-16]
CHR Extension: (Google Docs Offline) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-16]
CHR Extension: (Avast Online Security) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-01-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-16]
CHR Extension: (Gmail) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-16]
CHR Extension: (Chrome Media Router) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-16]
CHR Extension: (RoboForm Password Manager) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-01-16]
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-20]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-08-20]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-08-20]
 
Opera: 
=======
OPR Extension: (RoboForm Password Manager) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome [2017-01-10]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7398336 2017-04-04] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [261712 2017-04-04] (AVAST Software)
S3 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-17] (Intel)
S3 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241264 2013-01-29] (CyberLink)
S3 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [392168 2016-08-31] (Digital Wave Ltd.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-06-03] (CHENGDU YIWO Tech Development Co., Ltd)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [569608 2014-10-09] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19424 2015-11-17] (Intel Corporation)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-06-18] (Intel Corporation)
R3 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
S3 Intel® Bluetooth Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [160712 2013-03-11] (Intel Corporation)
R2 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [976848 2016-01-14] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-02-11] (Intel Corporation)
S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
S2 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-12-02] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-09-30] (NVIDIA Corporation)
S3 Optus 4G Modem HL; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2014-11-20] ()
R2 Start10; C:\Program Files (x86)\Stardock\Start10\Start10Srv.exe [219664 2015-02-03] (Stardock Software, Inc)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2016-10-04] (Synaptics Incorporated)
R2 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)
S3 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [100384 2016-03-09] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [1343736 2016-07-26] (WiseCleaner.com)
R2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3832224 2015-12-02] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ampa; C:\WINDOWS\system32\ampa.sys [19568 2015-11-10] () [File not signed]
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [19568 2015-11-10] () [File not signed]
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [307736 2017-04-04] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-04-04] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334088 2017-04-04] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-04-04] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-04-04] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-04-04] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [127112 2017-04-04] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-04-04] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-04-04] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1005048 2017-04-04] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [556784 2017-04-04] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [164064 2017-04-04] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-04-04] (AVAST Software)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [100624 2015-06-08] (CyberLink)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [48168 2015-12-10] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-09-06] (REALiX™)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3354384 2015-05-04] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmi.inf_amd64_cf6d426fe4c0cd3a\nvlddmkm.sys [14216760 2016-08-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-09-17] (NVIDIA Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-04-29] (Realtek                                            )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [758488 2016-09-06] (Realsil Semiconductor Corporation)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [79960 2016-10-04] (Synaptics Incorporated)
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-08-23] (Anchorfree Inc.)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [207768 2013-04-17] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
S3 WiseHDInfo; C:\WINDOWS\WiseHDInfo64.dll [14800 2016-09-03] (wisecleaner.com)
S3 WiseRegNotify; C:\WINDOWS\WiseRegNotify.sys [29616 2016-09-03] (WiseCleaner.com)
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-05 22:26 - 2017-04-05 22:27 - 00038692 _____ C:\Users\Greg\Desktop\FRST.txt
2017-04-05 22:22 - 2017-04-05 22:26 - 00000000 ____D C:\FRST
2017-04-05 22:22 - 2017-04-05 22:22 - 02424832 _____ (Farbar) C:\Users\Greg\Desktop\FRST64.exe
2017-04-05 15:40 - 2017-04-05 15:40 - 00000000 ____D C:\Users\Greg\Downloads\Blue.Bloods.S07E04.HDTV.x264-LOL[ettv]
2017-04-05 15:30 - 2017-04-05 15:30 - 00000000 ____D C:\Users\Greg\Downloads\Blue.Bloods.S07E03.HDTV.x264-LOL[ettv]
2017-04-05 15:30 - 2017-04-05 15:30 - 00000000 ____D C:\Users\Greg\Downloads\Blue.Bloods.S07E02.REAL.HDTV.x264-LOL[ettv]
2017-04-05 15:29 - 2017-04-05 15:29 - 00000000 ____D C:\Users\Greg\Downloads\Blue.Bloods.S07E01.HDTV.x264-LOL[ettv]
2017-04-05 15:27 - 2017-04-05 15:28 - 00000000 ____D C:\Users\Greg\Downloads\13.Reasons.Why.S01E01.WEB.X264-DEFLATE[ettv]
2017-04-05 09:59 - 2017-04-05 10:21 - 00000000 ____D C:\Users\Greg\Downloads\Diamond Cartel 2017 720p WEBRip 700 MB - iExTV
2017-04-05 09:55 - 2017-04-05 09:56 - 00000000 ____D C:\Users\Greg\Downloads\Sleepless.2017.480p.HDRip.XViD.AC3-ETRG
2017-04-04 15:05 - 2017-04-04 15:05 - 00000661 _____ C:\Users\Greg\Desktop\audio10.diagcab
2017-04-04 11:27 - 2017-04-04 11:27 - 00004000 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1474121400
2017-04-04 11:20 - 2017-04-04 11:20 - 00000000 ____D C:\Users\TEMP.ENVY\AppData\Roaming\AVAST Software
2017-04-04 11:19 - 2017-04-04 11:25 - 00000000 ____D C:\Users\TEMP.ENVY
2017-04-04 11:17 - 2017-04-04 11:17 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\AVAST Software
2017-04-04 11:15 - 2017-04-04 11:25 - 00000000 ____D C:\Users\TEMP
2017-04-04 11:05 - 2017-04-04 11:05 - 00399944 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-03-25 22:14 - 2017-03-25 22:14 - 00653203 _____ C:\Users\Greg\Desktop\CRUISE SHIP screenshot-www.placesyoullsee.com-2017-03-25-23-14-06.jpeg
2017-03-25 00:04 - 2017-03-25 00:04 - 00152623 _____ C:\Users\Greg\Desktop\DOMINOS PIZZA.jpeg
2017-03-23 03:21 - 2017-03-23 03:21 - 00097449 _____ C:\Users\Greg\Desktop\IPHONE 7P CASE DRINK EFFECT CASE.jpeg
2017-03-23 03:20 - 2017-03-23 03:20 - 00112657 _____ C:\Users\Greg\Desktop\IPHONE 7P CASE STAND.jpeg
2017-03-20 00:58 - 2017-03-20 00:58 - 00030846 _____ C:\Users\Greg\Desktop\FREE OZSALE RETURN 19MAR parcelreturns_label_S2D4585561.pdf
2017-03-19 06:18 - 2017-03-19 06:18 - 00215664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-19 05:20 - 2017-03-19 05:20 - 00004926 _____ C:\Users\Greg\Desktop\C83AB3CE0C23F92BD3E8FE99149B869AECD9C141.torrent
2017-03-17 12:06 - 2017-03-17 12:06 - 00026003 _____ C:\Users\Greg\Desktop\REAL OR FAKE MARCH 19 TH 2017 twitter.com-2017-03-17-13-06-03.jpeg
2017-03-17 12:02 - 2017-03-17 12:02 - 00056336 _____ C:\Users\Greg\Desktop\REAL OR FAKE screenshot-twitter.com-2017-03-17-13-02-26.jpeg
2017-03-17 10:49 - 2017-03-17 10:49 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-03-17 10:49 - 2017-03-17 10:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-09 01:02 - 2017-04-05 09:46 - 00000000 ____D C:\Users\Greg\AppData\LocalLow\uTorrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-05 21:29 - 2016-08-24 03:01 - 00000000 ____D C:\Users\Greg\AppData\Roaming\uTorrent
2017-04-05 21:05 - 2016-08-22 10:06 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-05 14:49 - 2016-08-20 15:42 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-05 14:49 - 2016-08-20 15:42 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-05 13:35 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-05 11:41 - 2013-08-04 05:08 - 00000000 ____D C:\ProgramData\Synaptics
2017-04-05 08:10 - 2016-07-16 21:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-04 16:01 - 2016-09-11 03:55 - 00003226 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForGreg
2017-04-04 16:01 - 2016-09-11 03:55 - 00000338 _____ C:\WINDOWS\Tasks\HPCeeScheduleForGreg.job
2017-04-04 15:08 - 2017-01-23 05:05 - 00000000 ____D C:\Users\Greg\AppData\Local\ElevatedDiagnostics
2017-04-04 11:54 - 2016-09-10 23:54 - 00003266 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForENVY$
2017-04-04 11:54 - 2016-09-10 23:54 - 00000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForENVY$.job
2017-04-04 11:34 - 2016-08-20 15:10 - 00000000 ____D C:\Users\Greg\AppData\Local\Packages
2017-04-04 11:30 - 2016-08-22 10:12 - 00941754 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-04 11:26 - 2016-09-18 00:10 - 00001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-04-04 11:26 - 2016-09-03 10:05 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Wise Care 365
2017-04-04 11:26 - 2016-08-28 08:48 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-04-04 11:26 - 2016-08-22 11:46 - 00000000 __SHD C:\Users\Greg\IntelGraphicsProfiles
2017-04-04 11:25 - 2016-09-23 02:11 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-04 11:25 - 2016-08-22 10:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-04 11:25 - 2016-08-20 15:10 - 00000000 ____D C:\Users\Greg\AppData\LocalLow\AuthenTec
2017-04-04 11:25 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\Registration
2017-04-04 11:24 - 2016-07-16 16:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-04-04 11:22 - 2016-12-17 16:31 - 00003266 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-04 11:19 - 2016-08-21 07:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-04 11:05 - 2017-02-22 16:26 - 00003994 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-04-04 11:05 - 2016-08-22 16:15 - 00556784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-04-04 11:05 - 2016-08-22 16:15 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-04-04 11:05 - 2016-08-22 16:15 - 00164064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-04-04 11:05 - 2016-08-22 16:15 - 00127112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-04-04 11:05 - 2016-08-22 16:15 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-04-04 11:05 - 2016-08-22 16:15 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-04-04 11:05 - 2016-08-22 16:15 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-04-04 11:04 - 2017-02-22 16:26 - 00334088 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-04-04 11:04 - 2017-02-22 16:26 - 00307736 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-04-04 11:04 - 2017-02-22 16:26 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-04-04 11:04 - 2017-02-22 16:26 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-04-04 11:04 - 2016-09-18 00:09 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-04-04 11:04 - 2016-08-22 16:15 - 01005048 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-04-01 17:44 - 2016-08-25 08:29 - 00000000 ____D C:\Users\Greg\AppData\Roaming\vlc
2017-03-31 20:31 - 2016-08-30 20:42 - 00000000 ____D C:\Users\Greg\AppData\Local\CrashDumps
2017-03-29 02:34 - 2016-08-22 06:42 - 00018662 _____ C:\Users\Greg\Desktop\G-G-GREGS PROFILE STUFF.txt
2017-03-19 06:20 - 2016-07-16 16:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-18 22:37 - 2016-08-22 16:15 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.148984068542104
2017-03-18 22:37 - 2016-08-22 16:15 - 00337592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.148984068635906
2017-03-18 10:02 - 2016-10-15 06:19 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-03-18 10:02 - 2016-09-25 01:35 - 00004528 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-18 10:02 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-18 10:02 - 2016-07-16 21:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-17 10:49 - 2017-01-16 20:35 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2017-03-17 10:49 - 2016-08-21 18:43 - 00000000 ____D C:\ProgramData\Skype
2017-03-17 10:48 - 2013-08-04 04:58 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-13 03:46 - 2016-11-05 00:01 - 00000000 ____D C:\Program Files (x86)\Club Player Casino
2017-03-09 00:30 - 2016-09-14 12:17 - 00000000 ____D C:\Users\Greg\Documents\Youcam
 
==================== Files in the root of some directories =======
 
2016-08-21 23:53 - 2016-09-09 03:28 - 0007605 _____ () C:\Users\Greg\AppData\Local\resmon.resmoncfg
2016-08-22 16:35 - 2016-08-22 16:35 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
2017-03-17 10:47 - 2017-03-17 10:47 - 14456872 _____ (Microsoft Corporation) C:\Users\Greg\AppData\Local\Temp\vc_redist.x86.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-04 11:13
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Greg (05-04-2017 22:27:31)
Running from C:\Users\Greg\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-22 01:40:20)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2701978342-3959735868-3175919056-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2701978342-3959735868-3175919056-503 - Limited - Disabled)
Greg (S-1-5-21-2701978342-3959735868-3175919056-1002 - Administrator - Enabled) => C:\Users\Greg
Guest (S-1-5-21-2701978342-3959735868-3175919056-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 16.00 (HKLM-x32\...\7-Zip) (Version: 16.00 - Igor Pavlov)
7-Zip 16.04 (HKLM-x32\...\{23170F69-40C1-2701-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ansel (Version: 373.06 - NVIDIA Corporation) Hidden
AOMEI Partition Assistant Standard Edition 6.0 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Club Player Casino (HKLM-x32\...\{cd18be10-99c1-4a70-ad3a-3ca88606edb8}) (Version: 16.10.0-RTG - RealTimeGaming Software)
Cool Cat Casino (HKLM-x32\...\{0f6a4080-a890-4d08-873f-ca211f828a6c}) (Version: 16.12.0-RTG - RealTimeGaming Software)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.10.5422 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5004 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6117 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DCoder Image Source (remove only) (HKLM-x32\...\DCoder Image Source) (Version:  - )
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DirectVobSub (remove only) (HKLM-x32\...\DirectVobSub) (Version:  - )
EaseUS Partition Master 11.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EaseUS Todo Backup Free 9.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FastStone Image Viewer 5.9 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.9 - FastStone Soft)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.28.831 - Digital Wave Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{7F265322-43A2-4C06-925B-F32F938B102C}) (Version: 1.3.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E7F7C2F3-0BEF-471A-A6F3-4B43002034F4}) (Version: 12.5.32.203 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{C39A7F0F-89A6-44BB-B1BF-5F96569B5345}) (Version: 1.2.9 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6454.0 - IDT)
iFreeUp 1.0 (HKLM-x32\...\iFreeUp_is1) (Version: 1.0.12 - IObit)
ImTOO iPhone Transfer Plus (HKLM-x32\...\ImTOO iPhone Transfer Plus) (Version: 5.7.12.20160322 - ImTOO)
Intel® Chipset Device Software (x32 Version: 10.1.1.14 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.2.1183 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{2b192f1e-b8b6-4ea8-9eb0-31dae50e7dbd}) (Version: 18.32.0000.3816 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{302600C1-6BDF-4FD1-1303-148929CC1385}) (Version: 3.0.1303.0326 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.6.0.56 - Intel Corporation) Hidden
Intel® WiDi (HKLM\...\{C605440F-2748-435F-9F29-EB1C8134856F}) (Version: 4.1.17.0 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{C2A72E57-2CC7-4C02-BE19-0A12D74C5D63}) (Version: 18.1.1525.1445 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{8e41467d-297e-496d-8b0f-e771b6c87c06}) (Version: 16.11.0 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
MadVR (remove only) (HKLM-x32\...\MadVR) (Version:  - )
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Maple Casino (HKLM-x32\...\maplecasino) (Version: 16.11.1.4250 - )
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)
Optus 4G Modem HL (HKLM-x32\...\Optus 4G Modem HL) (Version: 22.001.26.00.74 - Huawei Technologies Co.,Ltd)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10240.21281 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.8.311.2016 - Realtek)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
RoboForm 7-9-28-8 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-28-8 - Siber Systems)
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
SHIELD Streaming (Version: 7.1.0320 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\...\Spotify) (Version: 1.0.49.125.g72ee7853 - Spotify AB)
Stardock Start10 (HKLM-x32\...\Start10_is1) (Version: 1.11 - Stardock Software, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
Synaptics WBF DDK (HKLM\...\{244C6825-00E4-4AC1-8A1C-96B8911399C6}) (Version: 4.5.327.0 - Synaptics)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.3 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VirtualDJ 8 (HKLM-x32\...\{ADA5045C-8192-4982-B21F-5C36157CC7F7}) (Version: 8.0.2265.0 - Atomix Productions)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1-2) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.11.1 (Version: 1.0.11.1 - LunarG, Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wise Care 365 4.23 (HKLM-x32\...\Wise Care 365_is1) (Version: 4.23 - WiseCleaner.com, Inc.)
Wise Memory Optimizer 3.46 (HKLM-x32\...\Wise Memory Optimizer_is1) (Version: 3.46 - WiseCleaner.com, Inc.)
Wise Program Uninstaller 1.97 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 1.97 - WiseCleaner.com, Inc.)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
YTD Video Downloader 5.7.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.7.1 - GreenTree Applications SRL) <==== ATTENTION
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06B11D2D-3C8F-4A2D-BA7E-C5C7925E91A1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-01-18] (CyberLink)
Task: {08976458-C485-4C4F-A0B5-403307411FE1} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {111A988D-E119-41FA-8498-69E783870B18} - \WPD\SqmUpload_S-1-5-21-2701978342-3959735868-3175919056-1002 -> No File <==== ATTENTION
Task: {1BB2CFEC-F67A-43BA-BC08-5D8F92F392C0} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMOMKMLJPMKJMJOMPMCNHMIMJJJMCNLMKMKJLJCNNJOMMMLMCNGMOJOJKJNMIMLJKMNMPMMJGMJNJICMIMCNGMCNNMHMFMOMOMCNKMIMJMCNOMLMMMGMMMFMPMCNPMCNOMLMMMGMMMCNNMJNPICMPMFMEKMICNJJCKFMOMHMHMJNHICMEKMICNJJCKJNBJCMILNIKJIJJNKJCMJNNICMJNDJCMKJBJJNM (the data entry has 50 more characters).
Task: {208A9B3F-CDE8-4215-9E89-BA06FBBC7254} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {2F53934F-0B8F-4C2F-9FDB-1850A8A203FA} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {34D8413D-4CE7-4389-8D13-7CA5D21F9175} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-18] (Adobe Systems Incorporated)
Task: {35E0DD93-6B14-4A8D-82B9-1FB06C244A12} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {3DD9311F-0214-4EB0-8C7B-4E07EF2F7882} - System32\Tasks\Opera scheduled Autoupdate 1475039065 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {46CA9889-3EB5-4F99-8C93-19FA73F64DFE} - System32\Tasks\SafeZone scheduled Autoupdate 1474121400 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
Task: {49BE0520-105D-489C-851B-6615F24D2C2A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {4EC887CA-1493-4E65-9A40-46A15E36AFEC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-26] (Google Inc.)
Task: {68D972A6-94EA-481C-9A25-B0BB9B07923D} - System32\Tasks\HPCeeScheduleForGreg => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {7CCB3176-9CE8-497D-B029-29BF9D2D312E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {7F8618D7-81AB-4F5B-9596-D76110E55D43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-03-10] (HP Inc.)
Task: {8F036CDB-BF7A-4CBA-91F3-C57E2D9780F4} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-01-14] (Intel® Corporation)
Task: {9993D10D-05F2-4634-B55E-F10522E1C50C} - System32\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe [2016-07-26] (WiseCleaner.COM)
Task: {9B83BAEF-11C8-465F-AA23-B6056D54C8A1} - System32\Tasks\WiseCleaner\WMOSkipUAC => C:\Program Files (x86)\Wise\Wise Memory Optimizer\WiseMemoryOptimzer.exe [2016-06-02] (WiseCleaner.com)
Task: {A483FA27-2D9B-42FF-A1EF-CD7AB19AE0F8} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-04] (AVAST Software)
Task: {A645ED47-3625-4E4B-A74C-CF5FAD853230} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-18] (Adobe Systems Incorporated)
Task: {ACC4FDA8-C715-41B4-A666-63A6934B69EB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {B628725A-C77B-4B6C-AC3D-48630ED33956} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-03-02] (HP Inc.)
Task: {BC8B2F3F-7CB4-45B2-99A8-18DDDBF27E58} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {BD5B4983-2650-42C6-AFC5-B885286D4C6A} - System32\Tasks\iFreeUp_SkipUac_Greg => C:\Program Files (x86)\IObit\iFreeUp\iFreeUp.exe [2016-04-05] (IObit)
Task: {BE777A1A-6279-40A4-A2A5-1A4BBB5F213A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-26] (Google Inc.)
Task: {C7B8D5F9-7110-44B1-AFE8-E4FA46F04B09} - System32\Tasks\HPCeeScheduleForENVY$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {C96EBDA8-B043-4274-B377-ECBC01F918E6} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-02-25] (Siber Systems)
Task: {D9AAAFA3-08DE-4F56-98E7-E54D4978CE8B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-22] (Piriform Ltd)
Task: {E6ECFB68-A7CD-42FD-8313-2A8DBF81EC44} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
Task: {EB6E69A3-C515-4AEC-8A3B-A3FF67777E07} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {F86528DC-A8DA-46A0-BEA2-F6F92F04A2CC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {FCB5573C-AEFE-4A4B-9A81-6AC697655AF3} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-30] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForENVY$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForGreg.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com
 
ShortcutWithArgument: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App (by STANDS).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=dcnofaichneijfbkdkghmhjjbepjmble
ShortcutWithArgument: C:\Users\Greg\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 21:42 - 2016-07-16 21:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-01-23 05:58 - 2016-12-09 20:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 12:56 - 2017-01-13 12:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-23 02:32 - 2016-09-30 14:24 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-23 02:32 - 2016-09-30 14:24 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-23 02:32 - 2016-09-30 14:24 - 00418240 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2017-01-23 05:58 - 2016-12-09 20:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-14 17:06 - 2016-06-03 12:15 - 00278720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2016-10-09 07:59 - 2016-09-07 14:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-23 05:57 - 2016-12-21 17:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2013-06-07 05:16 - 2013-06-07 05:16 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2017-01-23 05:57 - 2016-12-21 16:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-23 05:57 - 2016-12-21 16:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-23 05:57 - 2016-12-21 16:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-23 05:57 - 2016-12-21 16:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-23 05:57 - 2016-12-21 16:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-23 05:57 - 2016-12-21 16:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-04-04 11:36 - 2017-04-04 11:36 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe
2017-04-04 11:36 - 2017-04-04 11:36 - 06557696 _____ () C:\Program Files\WindowsApps\Microsoft.Getstarted_5.0.13.0_x64__8wekyb3d8bbwe\WhatsNew.Store.dll
2012-10-31 18:05 - 2012-10-31 18:05 - 00607744 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\JobCapsA.DLL
2017-02-08 02:09 - 2017-02-01 19:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-08 02:09 - 2017-02-01 19:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2013-08-04 05:02 - 2011-12-06 10:27 - 00158536 _____ () C:\WINDOWS\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\slcc3d64.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00080936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2016-09-14 17:06 - 2016-06-03 12:12 - 00024768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2016-09-14 17:06 - 2016-06-03 12:12 - 00188608 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2016-09-14 17:06 - 2016-06-03 12:12 - 00173760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2016-09-14 17:06 - 2016-06-03 12:13 - 00056512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2016-09-14 17:06 - 2016-06-03 12:12 - 00018112 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2016-09-14 17:06 - 2016-06-03 12:12 - 00128192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2016-09-14 17:06 - 2016-06-03 12:13 - 00085184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00030760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2016-09-14 17:06 - 2016-06-03 12:12 - 00040128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00769064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00443944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2016-09-14 17:06 - 2016-06-03 12:13 - 00114880 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00169512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00501800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2016-09-14 17:06 - 2016-06-03 12:12 - 00026816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00059944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2016-09-14 17:06 - 2016-06-03 12:12 - 00220864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2016-09-14 17:06 - 2016-06-03 12:12 - 00021184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00136232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00138792 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00050216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00061992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00089640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00056360 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2013-06-07 05:16 - 2013-06-07 05:16 - 00019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2016-09-14 17:06 - 2015-12-10 06:04 - 00224808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2016-09-23 02:32 - 2016-09-30 14:24 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-04-04 11:04 - 2017-04-04 11:04 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-22 16:14 - 2016-08-22 16:14 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-04-04 11:04 - 2017-04-04 11:04 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-04-04 11:04 - 2017-04-04 11:04 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-04-04 11:04 - 2017-04-04 11:04 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-11 17:47 - 2016-02-11 17:47 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-09-23 02:32 - 2016-09-30 03:20 - 00500792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-23 02:32 - 2016-09-30 03:20 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-23 02:32 - 2016-09-30 03:20 - 02801208 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-23 02:32 - 2016-09-30 03:20 - 00244672 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-23 02:32 - 2016-09-30 03:20 - 00430648 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-23 02:32 - 2016-09-30 03:20 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-23 02:32 - 2016-09-30 03:20 - 00373696 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 15:26 - 2016-09-21 22:23 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\Control Panel\Desktop\\Wallpaper -> c:\users\greg\appdata\roaming\microsoft\windows photo viewer\windows photo viewer wallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: ISCTAgent => 3
MSCONFIG\Services: lfsvc => 2
MSCONFIG\Services: SkypeUpdate => 2
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "WindowsDefender"
HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\...\StartupApproved\Run: => "Spotify Web Helper"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{00B6B564-4C2A-4A9F-A248-68CF2CC21854}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{A839E6D2-9569-4BF9-BEAF-DEB2633B7B58}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [TCP Query User{6B874A84-C4ED-40A1-9A96-D39496F24093}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{93D1781B-FCD4-4414-A5FF-375B405053F5}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{A68D824A-9571-4012-B340-2231F1DE3FFC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4C30486C-D701-445A-8498-17F8E7835B2D}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{B1749B56-75A7-4888-B3F2-03F85373539B}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [TCP Query User{63596950-8DD6-426E-B6F9-86D7EEEFDFC7}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{F4D4DA80-756C-4DDD-B6A1-F9F3A876669D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{B6DB3262-8551-475A-AD1C-6893BCD35778}C:\users\greg\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\greg\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{8DF12C81-15AF-49A7-AE8F-9866882ADE80}C:\users\greg\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\greg\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{EA610CBF-9A1C-4EDF-BC0C-9AF269D23B5A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{113BCA5F-5840-4251-90C5-CED39D3296F8}C:\users\greg\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\greg\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{3AE5CA52-9FCC-4672-82B1-71A6E923A60F}C:\users\greg\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\greg\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C54FAF35-D26F-4123-AC26-1C43403204A2}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
FirewallRules: [{3196B37C-88C6-4762-BB84-5FB1504D3042}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [{2BB8D1CC-46FB-4320-808E-3C63B65D8DAC}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590_0\SZBrowser.exe
FirewallRules: [{78A1BF32-2161-4E92-901E-6A4985550115}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{8ED1F657-1FD2-4A42-AABE-B8E73CCB9B3B}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7FBCCEFB-F2D6-429B-BB10-D3CD3D8A0356}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
24-03-2017 18:10:37 Scheduled Checkpoint
04-04-2017 12:49:40 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/05/2017 05:49:46 PM) (Source: WiseBootAssistant) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (04/05/2017 05:49:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (04/05/2017 05:49:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (04/04/2017 11:23:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "c:\windows\System32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (04/04/2017 11:23:48 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (04/04/2017 11:23:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (04/04/2017 11:23:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (04/04/2017 11:23:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (04/04/2017 11:36:29 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (04/04/2017 11:36:29 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (04/05/2017 05:49:46 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: The Wise Boot Assistant service has reported an invalid current state 13.
 
Error: (04/05/2017 03:38:09 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.
 
Error: (04/05/2017 08:10:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007064a: HP All-in-One Printer Remote.
 
Error: (04/04/2017 03:45:30 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.
 
Error: (04/04/2017 11:36:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007064a: HP All-in-One Printer Remote.
 
Error: (04/04/2017 11:35:03 AM) (Source: DCOM) (EventID: 10016) (User: ENVY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user ENVY\Greg SID (S-1-5-21-2701978342-3959735868-3175919056-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/04/2017 11:27:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Wireless PAN DHCP Server service terminated unexpectedly. It has done this 1 time(s).
 
Error: (04/04/2017 11:26:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Wireless PAN DHCP Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (04/04/2017 11:26:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (04/04/2017 11:26:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2017-02-23 09:58:17.889
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_cf6d426fe4c0cd3a\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-12 09:38:35.908
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_cf6d426fe4c0cd3a\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-02-04 10:31:42.563
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_cf6d426fe4c0cd3a\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-23 12:05:35.448
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_cf6d426fe4c0cd3a\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-03 10:04:40.163
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_cf6d426fe4c0cd3a\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-18 15:23:15.949
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_cf6d426fe4c0cd3a\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-17 09:48:04.319
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_cf6d426fe4c0cd3a\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-08 10:56:51.843
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_cf6d426fe4c0cd3a\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-26 13:01:11.059
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_cf6d426fe4c0cd3a\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-18 09:54:27.046
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_cf6d426fe4c0cd3a\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 36%
Total physical RAM: 16316.02 MB
Available physical RAM: 10296.64 MB
Total Virtual: 18748.02 MB
Available Virtual: 11277.31 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:903.37 GB) (Free:669.14 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.55 GB) (Free:2.51 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Storage) (Fixed) (Total:931.51 GB) (Free:890.1 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7A8FFEF3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
Attached File  Addition.txt   53.4KB   52 downloadsAttached File  FRST.txt   47.93KB   19 downloads

  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Programs to uninstall
YTD Video Downloader 5.7.1

What problems are you having ? Can you describe them please.

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\...\MountPoints2: {421448ae-d107-11e6-beb9-68172992e581} - "G:\AutoRun.exe" 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2701978342-3959735868-3175919056-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?bcutc=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {F154C596-75A9-4028-90E8-9752BD7CA05B} URL = 
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2701978342-3959735868-3175919056-1002 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2701978342-3959735868-3175919056-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-21-2701978342-3959735868-3175919056-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-006&q={searchTerms}
Toolbar: HKU\S-1-5-21-2701978342-3959735868-3175919056-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - <no Path/update_url>
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
2017-03-17 10:47 - 2017-03-17 10:47 - 14456872 _____ (Microsoft Corporation) C:\Users\Greg\AppData\Local\Temp\vc_redist.x86.exe
Task: {08976458-C485-4C4F-A0B5-403307411FE1} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {111A988D-E119-41FA-8498-69E783870B18} - \WPD\SqmUpload_S-1-5-21-2701978342-3959735868-3175919056-1002 -> No File <==== ATTENTION  
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#3
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,804 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP