Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

requested resource is in use.. cannot run mc Affee or any other antivi

antivirus disabled virus cannot access files can not delete virus

  • Please log in to reply

#46
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,220 posts

Figured it out

Figured what out? I see no attachment if that is what you meant.

I did have an awesome day! Hope you did as well.. :)

Are you still having issues with the User Interface screens for the tools being messed up/unreadable? If so, see if zooming in or out will fix that. To zoom in or out just press and hold the ctrl key on your keyboard then tap either the + (plus sign key) to zoom in or the - (minus sign key) to zoom out. Tweaking the screen resolution might help also.

Farbar Recovery Scan Tool was updated today to meet the needs of this infection. I'll post another image of the user interface screen at the bottom of this post in case you need it.

Uninstall the present version you have on your desktop right clicking the icon you see below and choosing Delete:

FRST64.JPG

Next, download a fresh copy from >>here<<

Make sure to click on the 64-bit version download button found in the above link as shown below:

FRST64 download.JPG

Once you have deleted the previous version and downloaded the updated version, please do as follows:
  • Right click on the FRST64.exe and choose Run as administrator. When the tool opens click Yes to disclaimer.
  • Under Optional Scan make sure there is a checkmark in the box for Addition.txt to ensure it creates that 2nd log.
  • Press the Scan button.
  • Please attach the FRST.txt and Addition.txt logs in your next reply.
FRST user interface screen:

FRST.JPG
  • 0

Advertisements


#47
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Hmmmm do i also delete the original log files?
  • 0

#48
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,220 posts
Yes, please. :)
  • 0

#49
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2017
Ran by April (28-11-2017 13:35:36)
Running from C:\Users\April\Desktop
Windows 10 Home Version 1703 15063.726 (X64) (2017-05-22 11:11:59)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2751042415-2246998964-2558403214-500 - Administrator - Disabled)
April (S-1-5-21-2751042415-2246998964-2558403214-1001 - Administrator - Enabled) => C:\Users\April
DefaultAccount (S-1-5-21-2751042415-2246998964-2558403214-503 - Limited - Disabled)
Guest (S-1-5-21-2751042415-2246998964-2558403214-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2751042415-2246998964-2558403214-1005 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
4 Elements II (HKLM-x32\...\WTA-ef65e410-974d-46a7-bc19-e92d9f4d7e90) (Version: 2.2.0.98 - WildTangent) Hidden
[email protected] Boot Disk 10 (HKLM-x32\...\{9770BCC6-C50D-41D7-AE07-5B796D630052}_is1) (Version: 10 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.20 - Adobe Systems)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.6 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{49F51ACB-7CDD-3728-1E9E-49398FF8BA95}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AVIGenerator 1.8.0.0 (HKLM-x32\...\AVIGenerator) (Version: 1.8.0.0 - )
Bejeweled 3 (HKLM-x32\...\WTA-e35bc750-31fc-4947-b563-7eeaf2884b61) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (HKLM-x32\...\WTA-c6f54e1e-b78f-4eb7-b83f-9dc46e5b44c6) (Version: 2.2.0.98 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.7.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.0.19 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.3.1.4 - Canon Inc.)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.2 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
Canon TS5000 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS5000_series) (Version: 1.01 - Canon Inc.)
Canon TS5000 series On-screen Manual (HKLM-x32\...\Canon TS5000 series On-screen Manual) (Version: 1.1.0 - Canon Inc.)
Canon TS5000 series User Registration (HKLM-x32\...\Canon TS5000 series User Registration) (Version:  - ‭Canon Inc.)
Chuzzle Deluxe (HKLM-x32\...\WTA-742ccb6f-b1bf-49dc-a215-1e958ad66a38) (Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-837a9cfe-991c-46c5-b0bb-e7008be29aad) (Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-89dfc2e3-cf01-4092-9088-1e0a87819cbb) (Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DragonBoost (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\DragonBoost) (Version:  - ) <==== ATTENTION
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (HKLM-x32\...\WTA-073d8289-e4b7-451f-9203-b739d5aeab0c) (Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (HKLM-x32\...\WTA-be44d8a2-c7ed-4257-ad57-67a66b8e946b) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (HKLM-x32\...\WTA-96e9659b-ea02-4dbe-a569-4803e370d1ac) (Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (HKLM-x32\...\WTA-c9eba096-c976-4c75-ad23-db15430a459d) (Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-86cbf3bf-b897-4b80-9d18-e7e1aa6b6e0c) (Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (HKLM-x32\...\WTA-65da518b-433c-448f-8303-616cb8dbc34b) (Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\HPConnectedMusic) (Version: 1.1 (build 106) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.8.37.11 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1434 - HP Inc.)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
IHA_MessageCenter (HKLM-x32\...\{3EECDAD2-50D8-41B2-A8BA-359ED85D2D5F}) (Version: 1.9.1 - Verizon)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.2.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IPCMultiViewSetup (HKLM-x32\...\{1C375B52-884F-40C1-A962-7F20048A7420}) (Version: 1.0.0 - IPCamera)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-db329c41-02b5-4c0d-90c5-0a422c4a4ace) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-fea4321d-d522-4a20-b715-1e89256e3701) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
K-Lite Codec Pack 13.1.6 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.1.6 - KLCP)
KMSpico v9.0.4.20131110 (Beta2) (HKLM\...\KMSpico_is1) (Version: 9.0.4.20131110 - )
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Luxor Evolved (HKLM-x32\...\WTA-40a1e484-65e8-44b4-ac98-65377b9ab27b) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\WTA-61987586-0ab0-4606-9df6-c27b15c18995) (Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4981.1001 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU  (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Provider Services (x86) ENU  (HKLM-x32\...\{77610794-D144-422E-82B2-77BBE9052FDA}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Professional Edition 9.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version:  - MiniTool Solution Ltd.)
Mortimer Beckett and the Crimson Thief Premium Edition (HKLM-x32\...\WTA-e380f873-2320-4813-9a4e-f3148386489e) (Version: 2.2.0.98 - WildTangent) Hidden
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (HKLM-x32\...\{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}) (Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (HKLM\...\{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}) (Version: 5.4.0 - Motorola Inc.) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-385406e8-ac4b-4241-b42a-408bfc920bbe) (Version: 2.2.0.98 - WildTangent) Hidden
Nero 8 Micro 8.3.6.0 (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.6.0 - Updatepack.nl)
NetViewer 2.1.348.0 (HKLM-x32\...\NetViewer) (Version: 2.1.348.0 - )
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-6a634b0f-fe68-4c90-bd5c-7d3226690a21) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-93ddd3cf-ffcf-4017-969d-8cf4a8fc7763) (Version: 2.2.0.98 - WildTangent) Hidden
PlayBack 1.0.1.14 (HKLM-x32\...\PlayBack) (Version: 1.0.1.14 - )
Polar Bowler (HKLM-x32\...\WTA-9bdfb1ba-787f-40f6-8803-2da3af3a1938) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-201ac228-bcd5-4839-95a2-cb5a9f228b17) (Version: 2.2.0.98 - WildTangent) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}) (Version: 9.0.715.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Roads of Rome 3 (HKLM-x32\...\WTA-e7fce72e-fa39-48d9-b326-239dae7772d0) (Version: 2.2.0.98 - WildTangent) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Stellar Phoenix Windows Data Recovery - Professional (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Professional_is1) (Version: 6.0.0.0 - Stellar Information Systems Ltd)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-692ce175-eb92-4d57-a952-b0d69f8f66fc) (Version: 2.2.0.110 - WildTangent) Hidden
Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UserTesting.com Recorder Plugin (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\UserTestingPlugin) (Version:  - UserTesting.com)
Vacation Quest™ - Australia (HKLM-x32\...\WTA-7e5996d0-ae63-495c-8e4c-942a5e5e23f8) (Version: 2.2.0.98 - WildTangent) Hidden
Verizon Cloud (HKLM\...\Verizon Cloud) (Version: 15.3.7.9 - Verizon)
Verizon Online Backup and Sharing for PC (HKLM-x32\...\{00CBEAB1-3FF4-4A94-AA71-237297D75526}) (Version: 5.1.24.11 - Verizon)
Verizon Online Share Drive (HKLM-x32\...\{606DBC4C-CFC8-4437-A2D8-64A88351BB47}) (Version: 2.1.11 - Verizon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.5.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
ZPlayer version 1.0.15.0 (HKLM-x32\...\{A75F6799-58BE-4cfa-AA94-8A9173C6AA7B}_is1) (Version: 1.0.15.0 - )
Zuma's Revenge (HKLM-x32\...\WTA-bb74e17d-6a9d-4992-a1bf-59e639543a0a) (Version: 2.2.0.98 - WildTangent) Hidden
Zviewer version 2.0.0.10 (HKLM-x32\...\{1B00336F-393F-4DC7-9956-42C69ED6565E}_is1) (Version: 2.0.0.10 - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)
ContextMenuHandlers1: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.ContextMenus.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
ContextMenuHandlers4: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.ContextMenus.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.ContextMenus.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)
ContextMenuHandlers6: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.ContextMenus.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0FF914FB-019D-4A3B-B2E2-A42FFF4E2177} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1893CD82-97F3-4F46-9241-A24F6000BF51} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {1EABA3E7-E481-4536-B0F7-8E7998D9D39C} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {1F70A3FF-F9A3-4C92-AE67-75E107E6C729} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {25FD071C-454F-4626-9216-3B3C03522C14} - System32\Tasks\HPCeeScheduleForApril => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {2A23B3FB-93B4-424D-B4B8-3142D95620FC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-16] ()
Task: {2A5C7EE7-67F5-4D07-A6CE-BA80D704CEE1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {2B4BC560-AF1C-4EDE-A075-E1010AFD3CBC} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-05-31] (McAfee, Inc.)
Task: {305D3FF9-FD13-4933-8213-DE556BAC4318} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001UA1d257efe2e63987 => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3795C737-5A09-4980-91E8-DB965BD343CB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {3D641F02-80B9-488E-A6EC-39BC981AB4D3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001Core => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3E5D69AD-FAAE-47E9-9512-ED83D6EB8328} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {41B20BC2-667A-4FF3-8B74-C0CB73F78C8C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001UA => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {453BF074-2835-4457-BD55-567FC4BC13F1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {4C873FCD-2F87-44C3-AE28-2CECF9BB4645} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {516DC611-9D8F-472E-A5FA-E0BC96E04CCB} - System32\Tasks\HPCeeScheduleForAPRILKAY$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {52AF8A46-4A6F-4BBD-B107-12B5D66D8637} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {53ACC885-D0EF-446D-97DB-5B5B9A368ED4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {59E8A881-1394-45E8-9721-AE22227B6186} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {5C3E60E8-2B3C-4A6E-B88A-9488084B00B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {6AC31E10-BBB9-49B7-8820-2EBBE618CCF0} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-05-10] ()
Task: {6BB952AB-9BE0-4CE2-A6BA-B9C486B0F50A} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {7C55B1F4-8F4E-4C5C-9170-FF8A65D3FCF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {88126F71-7126-4B04-AD7D-6D848BEAB97B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {8AB20F1F-B79E-4C1C-B636-AEFCE85B0434} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
Task: {8E98C408-C55D-47EA-AC21-28F7E696F55E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {90DB022D-742E-43C4-B006-2D5679C1DA89} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {94D35FC4-BF49-44F8-A3BC-50282E2A59FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {BD74DDFA-4AB0-4379-B2F4-D558BFE44FCF} - System32\Tasks\{531BBD63-DB5D-4531-A255-17EEC2DEB6F2} => C:\WINDOWS\system32\pcalua.exe -a F:\setup.exe -d F:\
Task: {C6687B24-0D24-49E1-AF81-8CAA842D2F9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CA1A7FB1-DF48-429F-A1B2-67374C921951} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-04-27] (Synaptics Incorporated)
Task: {CD321F0F-AA3B-4033-879F-B9FB731F6C76} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {D917C74E-6C91-4389-B1B9-528600A7069C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001Core1d257efe2a75280 => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {FC108894-32D3-4230-80D4-90824E1AA4E3} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {FC9A8789-6F92-4F92-BD92-1CFCA142A738} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001Core.job => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001UA.job => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForApril.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAPRILKAY$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\April\Desktop\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
ShortcutWithArgument: C:\Users\April\Desktop\Vorsprung.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=henidbeahjgfpjmfakeeimkiikbijiph
ShortcutWithArgument: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
ShortcutWithArgument: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Vorsprung.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=henidbeahjgfpjmfakeeimkiikbijiph
ShortcutWithArgument: C:\Users\April\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b8da4a38624bbb1e\Feedback.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gfdkimpbcpahaombhbimeihdjnejgicl
ShortcutWithArgument: C:\Users\April\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a3a1d6b8109861c5\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nckgahadagoaajjgafhacjanaoiihapd
==================== Loaded Modules (Whitelisted) ==============
2017-03-18 12:57 - 2017-03-18 12:57 - 000377344 _____ () c:\windows\system32\SSDM.dll
2014-05-06 02:37 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-03-18 12:58 - 2017-03-18 12:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-21 02:26 - 2017-01-31 04:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-03-29 18:04 - 2017-03-29 18:04 - 000833024 ____N () C:\windows\system32\tprdpw32.exe
2017-10-27 21:21 - 2017-10-27 21:21 - 000927744 _____ () C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-03-18 12:59 - 2017-03-18 18:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-17 23:01 - 2017-11-17 23:02 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-17 23:01 - 2017-11-17 23:02 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-17 23:01 - 2017-11-17 23:02 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-06 10:40 - 2017-11-06 10:40 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-17 23:01 - 2017-11-17 23:02 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-10-19 12:18 - 2017-10-19 12:18 - 001089536 _____ () C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2013-05-29 09:38 - 2012-06-07 19:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-05-29 09:20 - 2012-06-25 10:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2017-08-02 21:40 - 2017-08-02 21:40 - 053460480 _____ () C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 001976832 _____ () C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 000075264 _____ () C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 017599640 _____ () C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:D5FBE8F9 [362]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\hola.org -> hxxp://hola.org
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2017-11-26 13:32 - 000000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\April\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: Dataup =>
MSCONFIG\Services: srcsrv => 2
HKLM\...\StartupApproved\StartupFolder: => "Verizon Online Backup and Sharing for PC.lnk"
HKLM\...\StartupApproved\Run: => "VerizonCloud"
HKLM\...\StartupApproved\Run: => "hola"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "HP CoolSense"
HKLM\...\StartupApproved\Run32: => "ICF"
HKLM\...\StartupApproved\Run32: => "Vault Explorer Cache Watcher"
HKLM\...\StartupApproved\Run32: => "IJNetworkScanUtility"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "NielsenOnline"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\StartupApproved\Run: => "msnmsgr"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\StartupApproved\Run: => "SynchronossPC"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\StartupApproved\Run: => "AccelerometerSysTrayApplet"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{E2C10728-7DA8-4810-A169-EBB96B066434}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{9F926CA7-725A-40A9-AFAD-39A3ACFC576E}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{470A75AB-3770-48A0-A040-8CB9C5387520}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{A13FAC58-F555-42FA-B628-9DEA767EFF86}] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{399279A7-320C-4C4B-999D-B479947A4DE7}C:\users\april\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\april\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{62B976F3-28CB-48AC-BA01-9B04511C540A}C:\users\april\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\april\appdata\roaming\utorrent\utorrent.exe
==================== Restore Points =========================
05-11-2017 14:48:35 Scheduled Checkpoint
15-11-2017 14:29:22 Windows Update
24-11-2017 22:40:14 Restore Point Created by FRST
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================
Application errors:
==================
Error: (11/28/2017 01:19:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: APRILKAY)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/28/2017 01:18:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: APRILKAY)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.
Error: (11/28/2017 01:06:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: Windows.Services.TargetedContent.dll, version: 10.0.15063.0, time stamp: 0x80d35116
Exception code: 0xc0000005
Fault offset: 0x000000000000803c
Faulting process id: 0x2b24
Faulting application start time: 0x01d3688cbc643733
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\Windows.Services.TargetedContent.dll
Report Id: 28f1c05f-be5d-408f-aad4-26807bbafa14
Faulting package full name: Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (11/28/2017 01:00:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: Windows.Services.TargetedContent.dll, version: 10.0.15063.0, time stamp: 0x80d35116
Exception code: 0xc0000005
Fault offset: 0x000000000000803c
Faulting process id: 0x10f8
Faulting application start time: 0x01d3688be57d01a4
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\Windows.Services.TargetedContent.dll
Report Id: 8eb775cd-4ea9-4863-b515-aabcf85f42d9
Faulting package full name: Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (11/28/2017 12:55:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.15063.0, time stamp: 0x0fa14906
Faulting module name: Windows.Services.TargetedContent.dll, version: 10.0.15063.0, time stamp: 0x80d35116
Exception code: 0xc0000005
Fault offset: 0x000000000000803c
Faulting process id: 0x17bc
Faulting application start time: 0x01d3688a991c8b98
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\Windows\System32\Windows.Services.TargetedContent.dll
Report Id: ae6a2522-dff5-4b7b-81ab-59491edfef02
Faulting package full name: Microsoft.Windows.ContentDeliveryManager_10.0.15063.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
Error: (11/28/2017 12:46:40 PM) (Source: ESENT) (EventID: 474) (User: )
Description: wuaueng.dll (8232) SUS20ClientDataStore: The database page read from the file "C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb" at offset 48594944 (0x0000000002e58000) (database page 2965 (0xB95)) for 16384 (0x00004000) bytes failed verification due to a page checksum mismatch.  The stored checksum was [632e74666f736f72:36302d303130325f:306c72632e33322d:050501062b08065a] and the computed checksum was [00000b95ef841f23:0000000000000000:0000000000000000:0000000000000000].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (11/28/2017 12:37:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_AppHostSvc, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: nativerd.dll, version: 10.0.15063.0, time stamp: 0x14c20ce6
Exception code: 0xc0000005
Fault offset: 0x000000000001e151
Faulting process id: 0x2f3c
Faulting application start time: 0x01d36888c375f59c
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\inetsrv\nativerd.dll
Report Id: 485ad242-4120-4586-a2fc-7f29e6500ab3
Faulting package full name:
Faulting package-relative application ID:
Error: (11/28/2017 12:37:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_AppHostSvc, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: nativerd.dll, version: 10.0.15063.0, time stamp: 0x14c20ce6
Exception code: 0xc0000005
Fault offset: 0x000000000001e151
Faulting process id: 0x2e5c
Faulting application start time: 0x01d36888c32282aa
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\inetsrv\nativerd.dll
Report Id: 40408ba3-6c83-448d-80a7-db32d3bf3af9
Faulting package full name:
Faulting package-relative application ID:
Error: (11/28/2017 12:37:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_AppHostSvc, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: nativerd.dll, version: 10.0.15063.0, time stamp: 0x14c20ce6
Exception code: 0xc0000005
Fault offset: 0x000000000001e151
Faulting process id: 0x2ffc
Faulting application start time: 0x01d36888c2dd5e06
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\inetsrv\nativerd.dll
Report Id: b25e56c5-64f4-449b-9987-0febd3a2a723
Faulting package full name:
Faulting package-relative application ID:
Error: (11/28/2017 12:37:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_AppHostSvc, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: nativerd.dll, version: 10.0.15063.0, time stamp: 0x14c20ce6
Exception code: 0xc0000005
Fault offset: 0x000000000001e151
Faulting process id: 0x2e7c
Faulting application start time: 0x01d36888c2878abb
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\inetsrv\nativerd.dll
Report Id: ef2e564e-4401-46f5-9b0a-6fc49b276065
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (11/28/2017 01:50:24 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/28/2017 01:49:20 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/28/2017 01:37:11 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/28/2017 01:37:08 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/28/2017 01:37:05 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/28/2017 01:37:03 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/28/2017 01:34:59 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/28/2017 01:32:52 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/28/2017 01:31:16 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (11/28/2017 01:31:14 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

CodeIntegrity:
===================================
  Date: 2017-11-28 13:27:57.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-28 13:27:57.784
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-28 13:27:56.903
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-28 13:27:56.899
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-28 13:27:55.533
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-28 13:27:55.530
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-28 13:26:06.614
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-28 13:26:06.609
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-28 13:03:14.372
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-11-28 13:03:14.369
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 6036.27 MB
Available physical RAM: 3142.54 MB
Total Virtual: 7686.27 MB
Available Virtual: 4715.08 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:672.21 GB) (Free:473.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.8 GB) (Free:2.92 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 7F2D3A4D)
Partition: GPT.
==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2017
Ran by April (administrator) on APRILKAY (28-11-2017 13:28:59)
Running from C:\Users\April\Desktop
Loaded Profiles: April (Available Profiles: April)
Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Windows\System32\tprdpw32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
() C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
() C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Farbar) C:\Users\April\Desktop\FRST64 (2).exe
() C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [VerizonCloud] => C:\Program Files\Verizon\VerizonCloud\VerizonCloud.exe [2136728 2015-12-03] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Vault Explorer Cache Watcher] => C:\Program Files (x86)\Verizon\Verizon Online Share Drive\vewatch.exe [17408 2012-07-31] (DigiData Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-04-10] (CyberLink Corp.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-21] (Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2017-03-28] (Adobe Systems Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKLM-x32\...\Run: [cpx] => "C:\Users\April\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [927744 2017-10-27] () <==== ATTENTION
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272624 2013-02-05] (Microsoft Corporation)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [Google Update] => C:\Users\April\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [uTorrent] => C:\Users\April\AppData\Roaming\uTorrent\uTorrent.exe [1982144 2017-10-12] (BitTorrent Inc.)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [SynchronossPC] => C:\Program Files\Verizon\VerizonCloud\VerizonCloud.exe [2136728 2015-12-03] ()
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [B6DBB8B0EDF4FDF67A5BF46CB3DA12E3F5D4E945._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [74144 2012-08-10] (Hewlett-Packard Company)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: F - "F:\setup.exe"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: {39843cd8-3120-11e3-be7b-b8763f38aa42} - "F:\TL_Bootstrap.exe"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: {5595447e-4ef7-11e7-bfe1-b8763f38aa42} - "F:\setup.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.551\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Online Backup and Sharing for PC.lnk [2015-01-24]
ShortcutTarget: Verizon Online Backup and Sharing for PC.lnk -> C:\Program Files (x86)\Verizon\Verizon Online Backup and Sharing for PC\DigiData.Host.exe (DigiData)
Startup: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\beautify.exe.lnk [2017-04-27]
Startup: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-11-19]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{00d87d5b-ced8-43ce-9d2e-c589f797a6c2}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{9889cd4c-6234-4a7c-85ec-fdb5698dbf18}: [DhcpNameServer] 10.12.30.254 10.12.15.254
Tcpip\..\Interfaces\{eaadcf75-4d3f-478c-8478-412273d618fe}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {37745BC3-A4F1-40D2-BED1-CBDE5CDF93DA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {37745BC3-A4F1-40D2-BED1-CBDE5CDF93DA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> {37745BC3-A4F1-40D2-BED1-CBDE5CDF93DA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> {A22EA8C9-539D-45F8-83B1-A8BD7130CE8B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_01a233fd_1201_1401_20160526_US_ie_ds_&tag=bds-p10-serp-us-ie-20&query={searchTerms}
SearchScopes: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP Inc.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
BHO-x32: Solution Real 1.0.0.7 -> {1bb456da-878f-44a5-b013-4bfe0ae02fce} -> C:\Program Files (x86)\Solution Real\SolutionRealBHO.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-25] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-25] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
IE Session Restore: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> is enabled.
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-07-10] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-05-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-05-31] (McAfee, Inc.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-25] [Lagacy]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-07-22] [Lagacy]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-04-27] [Lagacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-25] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2017-03-13] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2751042415-2246998964-2558403214-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\April\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2751042415-2246998964-2558403214-1001: @talk.google.com/O1DPlugin -> C:\Users\April\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2751042415-2246998964-2558403214-1001: @tools.google.com/Google Update;version=3 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2751042415-2246998964-2558403214-1001: @tools.google.com/Google Update;version=9 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2751042415-2246998964-2558403214-1001: hp.com/HPDetect -> C:\Users\April\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin ProgramFiles/Appdata: C:\Users\April\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\April\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://search.imesh.net/?sver=3&appid=73","hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\April\AppData\Local\Google\Chrome\User Data\Default [2017-11-28]
CHR Extension: (Google Translate) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-10-19]
CHR Extension: (Duolingo on the Web) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2017-04-17]
CHR Extension: (Google Voice Extension) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\aladafhcgmligibhilgpfncgdfccepgh [2013-10-02]
CHR Extension: (Docs) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (Fotor Photo Editor) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2017-09-04]
CHR Extension: (YouTube) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Guitarist's Reference) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\cddaabhppoebkmalboinjhgofbhdbcgk [2014-11-30]
CHR Extension: (One Number) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkohgkpafhkpdcnfadadcibfboapggi [2013-10-02]
CHR Extension: (Plugins) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop [2016-10-22]
CHR Extension: (Google Search) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Guitar Tuner) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhglmpmegfnbclojedloihcbkemoiddi [2013-10-02]
CHR Extension: (Polarr Photo Editor) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2017-11-25]
CHR Extension: (Guitar Tab Viewer) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkdmbkpfnfkhalmhebdelpldipheihng [2013-10-02]
CHR Extension: (Fotor Extension) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\eicdknplohdampjgndodmhblklhhnkbn [2017-05-08]
CHR Extension: (Google Docs Offline) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-21]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2017-07-08]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-11-08]
CHR Extension: (Vorsprung) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\henidbeahjgfpjmfakeeimkiikbijiph [2016-10-28]
CHR Extension: (Auto Show Texts in Google Voiceâ„¢) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhbkniagfcnoomhcaaoalkjmdejfmml [2013-10-02]
CHR Extension: (Kindle Cloud Reader) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-02-04]
CHR Extension: (Pixlr Editor) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2017-05-28]
CHR Extension: (SIGNtalk) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbninbhmfefcmefgkapeaflfagppahi [2017-06-25]
CHR Extension: (iPiccy Photo Editor) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2017-05-08]
CHR Extension: (Google Voice (by Google)) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-04-09]
CHR Extension: (Google Hangouts) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-05-04]
CHR Extension: (Google Play) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-10-22]
CHR Extension: (Tweaks for Google Voice™) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\lomidmppcdmojcgfnpfkmhbnakbnmaff [2016-12-07]
CHR Extension: (AdRemover for Google Chrome™) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcefmojpghnaceadnghednjhbmphipkb [2017-04-13]
CHR Extension: (Guitar Chords) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\megglpjmadjmghjegnallnhiknjnnjhh [2013-10-02]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-07-28]
CHR Extension: (Google Hangouts) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-11-01]
CHR Extension: (Google Voice Paginated Texts) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\necmgnhmkphmjpddncmklalagjebbbea [2016-12-07]
CHR Extension: (No Name) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-05-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2013-10-02]
CHR Extension: (Gmail) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj [2014-04-09]
CHR Profile: C:\Users\April\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-11-26]
CHR Profile: C:\Users\April\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
CHR HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-28]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350576 2017-03-13] (WildTangent)
S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-16] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KMSServerService; C:\Program Files\KMSpico\KMSServer.exe [38454 2017-06-20] () [File not signed]
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188264 2017-04-18] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [994312 2017-03-13] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.551\McCHSvc.exe [404376 2017-04-17] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\\McCSPServiceHost.exe [2054080 2017-02-28] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1344472 2017-02-24] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2017-01-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [385112 2017-01-18] (McAfee, Inc.)
S2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [343792 2017-01-18] (McAfee, Inc.)
S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1543248 2017-05-31] (McAfee, Inc.)
S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1042288 2017-05-21] (Intel Security, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
S2 0291631511534851mcinstcleanup; C:\WINDOWS\TEMP\029163~1.EXE -cleanup -nolog [X]
S2 Dataup; C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 364369A6; C:\WINDOWS\system32\drivers\364369A6.sys [255928 2017-11-26] (Malwarebytes)
S3 57B12115; C:\WINDOWS\system32\drivers\57B12115.sys [255928 2017-11-26] (Malwarebytes)
S3 6215017A; C:\WINDOWS\system32\drivers\6215017A.sys [255928 2017-11-27] (Malwarebytes)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88464 2017-01-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-05-04] (LogMeIn Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [192952 2017-11-27] (Malwarebytes)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [87928 2016-08-01] (McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487184 2017-01-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366328 2017-01-20] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-01-23] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518704 2017-01-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [923640 2017-01-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498648 2017-01-18] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109320 2017-01-18] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110256 2017-01-20] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2017-01-20] (McAfee, Inc.)
R1 MpKsl0c16ec0f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{12401E7E-F683-40CD-B61F-3A41C831D487}\MpKsl0c16ec0f.sys [58120 2017-11-28] (Microsoft Corporation)
R1 MpKsl2d57079a; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BF1A1455-52DA-4668-A030-D453380E09E0}\MpKsl2d57079a.sys [58120 2017-11-27] (Microsoft Corporation)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-03-18] (MediaTek Inc.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [252432 2016-03-24] (QUALCOMM Incorporated)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-27] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 usbcir; \SystemRoot\System32\drivers\usbcir.sys [X]
S3 usbprint; \SystemRoot\System32\drivers\usbprint.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
Error(1) reading file: "C:\WINDOWS\system32\Drivers\USBCAMD2.sys"
2017-11-28 13:28 - 2017-11-28 13:32 - 000041630 _____ C:\Users\April\Desktop\FRST.txt
2017-11-28 13:26 - 2017-11-28 13:26 - 002391552 _____ (Farbar) C:\Users\April\Desktop\FRST64 (2).exe
2017-11-28 12:21 - 2017-11-28 12:25 - 000427292 _____ C:\WINDOWS\Minidump\112817-88875-01.dmp
2017-11-27 12:40 - 2017-11-27 12:40 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6215017A.sys
2017-11-27 12:39 - 2017-11-27 12:39 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-11-27 11:19 - 2017-11-27 22:55 - 000000000 ____D C:\Users\April\AppData\Local\ntuserlitelist
2017-11-26 20:45 - 2017-11-26 20:45 - 000000000 ___HD C:\OneDriveTemp
2017-11-26 20:25 - 2017-11-26 20:37 - 000033792 _____ C:\WINDOWS\system32\UserMgrLog.etl
2017-11-26 20:25 - 2017-11-26 20:37 - 000021504 _____ C:\WINDOWS\system32\umstartup.etl
2017-11-26 18:49 - 2017-11-26 18:59 - 000501220 _____ C:\WINDOWS\Minidump\112617-170390-01.dmp
2017-11-26 17:28 - 2017-11-26 20:45 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\57B12115.sys
2017-11-26 17:13 - 2017-11-26 17:16 - 000556940 _____ C:\WINDOWS\Minidump\112617-40890-01.dmp
2017-11-26 13:20 - 2017-11-26 13:20 - 000007852 _____ C:\Users\April\Downloads\fixlist (1).txt
2017-11-25 15:47 - 2017-11-26 16:47 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\364369A6.sys
2017-11-25 15:47 - 2017-11-25 15:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-25 15:46 - 2017-11-27 17:34 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-11-25 15:46 - 2017-11-27 12:39 - 000000000 ____D C:\Users\April\Desktop\mbar
2017-11-25 15:45 - 2017-11-25 15:42 - 014161479 _____ C:\Users\April\Desktop\mbar-1.10.3.1001-nr.exe
2017-11-25 15:42 - 2017-11-25 15:42 - 014161479 _____ C:\Users\April\Downloads\mbar-1.10.3.1001-nr.exe
2017-11-24 21:47 - 2017-11-24 21:47 - 000007852 _____ C:\Users\April\Downloads\fixlist.txt
2017-11-24 18:33 - 2017-11-26 13:22 - 000000000 ____D C:\Users\April\Desktop\FRST-OlderVersion
2017-11-24 18:32 - 2017-11-28 13:28 - 000000000 ____D C:\FRST
2017-11-24 14:53 - 2017-11-24 14:56 - 000557084 _____ C:\WINDOWS\Minidump\112417-100531-01.dmp
2017-11-23 23:33 - 2017-11-23 23:34 - 002393088 _____ (Farbar) C:\Users\April\Downloads\FRST64 (1).exe
2017-11-17 22:31 - 2017-11-17 22:34 - 000557036 _____ C:\WINDOWS\Minidump\111717-49921-01.dmp
2017-11-17 22:19 - 2017-11-17 22:21 - 000419404 _____ C:\WINDOWS\Minidump\111717-64156-01.dmp
2017-11-17 21:31 - 2017-11-17 21:31 - 002392576 _____ (Farbar) C:\Users\April\Downloads\FRST64.exe
2017-11-16 17:31 - 2017-11-16 17:31 - 000116847 _____ C:\Users\April\Downloads\social security online Create a Login Account.pdf
2017-11-16 02:18 - 2017-11-16 02:18 - 000000000 ____D C:\ProgramData\HP
2017-11-16 02:18 - 2017-11-16 02:18 - 000000000 ____D C:\Program Files\HP
2017-11-15 14:05 - 2017-11-01 20:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-15 14:05 - 2017-11-01 20:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-15 14:05 - 2017-11-01 20:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 14:05 - 2017-11-01 20:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-15 14:05 - 2017-10-15 06:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-15 14:04 - 2017-11-01 21:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 14:04 - 2017-11-01 20:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-15 14:04 - 2017-11-01 20:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-15 14:04 - 2017-11-01 20:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-15 14:04 - 2017-11-01 20:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-15 14:04 - 2017-11-01 20:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-15 14:04 - 2017-11-01 20:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-15 14:04 - 2017-11-01 20:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 14:04 - 2017-11-01 20:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-15 14:04 - 2017-11-01 20:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-15 14:04 - 2017-11-01 20:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 14:04 - 2017-11-01 20:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-15 14:04 - 2017-11-01 20:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-15 14:04 - 2017-11-01 20:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-15 14:04 - 2017-11-01 20:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 14:04 - 2017-11-01 20:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 14:04 - 2017-11-01 20:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-15 14:04 - 2017-10-24 23:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 14:04 - 2017-10-15 07:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-15 14:04 - 2017-10-15 06:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-15 14:04 - 2017-10-15 06:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-15 14:04 - 2017-10-15 06:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-15 14:03 - 2017-11-01 20:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-15 14:03 - 2017-11-01 20:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 14:03 - 2017-11-01 20:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 14:03 - 2017-11-01 20:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 14:03 - 2017-11-01 20:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 14:03 - 2017-11-01 20:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 14:03 - 2017-11-01 20:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-15 14:03 - 2017-11-01 20:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-15 14:03 - 2017-11-01 20:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-15 14:03 - 2017-11-01 20:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 14:03 - 2017-11-01 20:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 14:03 - 2017-10-15 06:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-15 14:03 - 2017-10-15 06:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-15 14:03 - 2017-10-15 06:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-15 14:03 - 2017-10-15 06:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-15 14:03 - 2017-10-15 06:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-15 14:00 - 2017-11-01 20:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-15 14:00 - 2017-11-01 20:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-15 14:00 - 2017-11-01 20:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-15 14:00 - 2017-11-01 20:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-15 14:00 - 2017-11-01 20:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-15 14:00 - 2017-11-01 20:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 14:00 - 2017-11-01 20:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 14:00 - 2017-11-01 20:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 14:00 - 2017-11-01 20:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 14:00 - 2017-11-01 20:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 14:00 - 2017-11-01 20:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-15 14:00 - 2017-10-15 06:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-15 13:59 - 2017-11-01 21:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-15 13:59 - 2017-11-01 20:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-15 13:59 - 2017-11-01 20:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-15 13:59 - 2017-11-01 20:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 13:59 - 2017-11-01 20:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-15 13:59 - 2017-11-01 20:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-15 13:59 - 2017-10-15 07:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-15 13:59 - 2017-10-15 07:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-15 13:59 - 2017-10-15 06:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-15 13:45 - 2017-11-01 21:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-15 13:45 - 2017-11-01 20:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-15 13:45 - 2017-11-01 20:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-15 13:45 - 2017-11-01 20:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-15 13:45 - 2017-11-01 20:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-15 13:45 - 2017-11-01 20:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 13:44 - 2017-11-01 20:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-15 13:43 - 2017-11-01 21:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 13:43 - 2017-11-01 21:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-15 13:43 - 2017-11-01 21:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-15 13:43 - 2017-11-01 20:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-15 13:43 - 2017-11-01 20:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-15 13:43 - 2017-11-01 20:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-15 13:43 - 2017-11-01 20:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-15 13:43 - 2017-11-01 20:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-15 13:43 - 2017-11-01 20:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-15 13:43 - 2017-11-01 20:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-15 13:43 - 2017-11-01 20:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-15 13:43 - 2017-11-01 20:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-15 13:43 - 2017-11-01 20:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-15 13:43 - 2017-11-01 20:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 13:43 - 2017-11-01 20:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 13:43 - 2017-11-01 20:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 13:43 - 2017-10-15 06:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-15 13:43 - 2017-10-15 06:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-15 13:43 - 2017-10-15 06:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-15 13:43 - 2017-10-15 06:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-15 13:42 - 2017-11-01 21:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 13:42 - 2017-11-01 20:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-15 13:42 - 2017-11-01 20:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-15 13:42 - 2017-11-01 20:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-15 13:42 - 2017-11-01 20:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-15 13:42 - 2017-11-01 20:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-15 13:42 - 2017-11-01 20:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-15 13:42 - 2017-11-01 20:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-15 13:42 - 2017-11-01 20:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-15 13:42 - 2017-11-01 20:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-15 13:42 - 2017-11-01 20:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-15 13:42 - 2017-11-01 20:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 13:42 - 2017-10-15 06:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-15 13:41 - 2017-11-01 21:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 13:41 - 2017-11-01 21:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-15 13:41 - 2017-11-01 21:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-15 13:41 - 2017-11-01 20:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-15 13:41 - 2017-11-01 20:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-15 13:41 - 2017-11-01 20:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-15 13:41 - 2017-11-01 20:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 13:41 - 2017-11-01 20:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-15 13:41 - 2017-11-01 20:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-15 13:41 - 2017-11-01 20:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 13:41 - 2017-11-01 20:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-15 13:41 - 2017-11-01 20:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-15 13:41 - 2017-11-01 20:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-15 13:41 - 2017-11-01 20:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-15 13:41 - 2017-11-01 20:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 13:41 - 2017-11-01 20:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 13:41 - 2017-10-15 06:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-15 13:41 - 2017-10-15 06:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-15 13:41 - 2017-10-15 06:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-15 13:40 - 2017-11-01 21:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 13:40 - 2017-11-01 20:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-15 13:40 - 2017-11-01 20:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-15 13:40 - 2017-11-01 20:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-15 13:40 - 2017-10-15 06:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-15 13:40 - 2017-10-15 06:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-15 13:39 - 2017-11-01 21:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-15 13:39 - 2017-11-01 21:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 13:39 - 2017-11-01 21:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-15 13:39 - 2017-11-01 21:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-15 13:39 - 2017-11-01 20:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-15 13:39 - 2017-11-01 20:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 13:39 - 2017-11-01 20:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-15 13:39 - 2017-11-01 20:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 13:39 - 2017-10-15 06:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-15 13:39 - 2017-10-15 06:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-15 13:39 - 2017-10-15 06:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-15 13:38 - 2017-11-01 21:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-15 13:38 - 2017-11-01 21:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 13:38 - 2017-11-01 21:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-15 13:38 - 2017-11-01 20:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-15 13:38 - 2017-11-01 20:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 13:38 - 2017-11-01 20:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 13:38 - 2017-11-01 20:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-15 13:38 - 2017-11-01 20:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 13:38 - 2017-11-01 20:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 13:38 - 2017-11-01 20:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-15 13:38 - 2017-11-01 20:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 13:38 - 2017-11-01 20:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 13:38 - 2017-11-01 20:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 13:38 - 2017-11-01 20:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 13:38 - 2017-11-01 20:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-15 13:38 - 2017-11-01 20:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 13:38 - 2017-10-15 06:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-15 13:38 - 2017-10-15 06:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-15 13:38 - 2017-10-15 06:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-15 13:37 - 2017-11-01 21:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-15 13:37 - 2017-11-01 21:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-15 13:37 - 2017-11-01 21:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-15 13:37 - 2017-11-01 21:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-15 13:37 - 2017-11-01 21:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-15 13:37 - 2017-11-01 21:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-15 13:37 - 2017-11-01 21:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-15 13:37 - 2017-11-01 21:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-15 13:37 - 2017-11-01 20:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-15 13:37 - 2017-11-01 20:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-15 13:37 - 2017-11-01 20:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-15 13:37 - 2017-11-01 20:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-15 13:37 - 2017-11-01 20:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-15 13:37 - 2017-11-01 20:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-15 13:37 - 2017-11-01 20:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-15 13:37 - 2017-11-01 20:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-15 13:37 - 2017-11-01 20:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-15 13:37 - 2017-10-15 06:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-15 13:37 - 2017-10-15 06:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-15 13:36 - 2017-11-01 21:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-15 13:36 - 2017-11-01 21:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-15 13:36 - 2017-11-01 21:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-15 13:36 - 2017-11-01 21:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-15 13:36 - 2017-11-01 21:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 13:36 - 2017-10-15 06:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-15 13:36 - 2017-10-15 06:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-15 13:35 - 2017-11-01 21:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 13:35 - 2017-11-01 21:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-15 13:35 - 2017-11-01 21:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-15 13:35 - 2017-11-01 21:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-15 13:35 - 2017-11-01 21:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-15 13:35 - 2017-11-01 21:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-15 13:35 - 2017-11-01 21:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-15 13:35 - 2017-11-01 21:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 13:35 - 2017-11-01 21:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-15 13:35 - 2017-11-01 21:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-15 13:35 - 2017-11-01 21:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-15 13:35 - 2017-11-01 21:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-15 13:35 - 2017-11-01 21:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-15 13:35 - 2017-11-01 21:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-15 13:35 - 2017-11-01 21:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-15 13:35 - 2017-11-01 20:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-15 13:35 - 2017-11-01 20:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-15 13:35 - 2017-11-01 20:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-15 13:35 - 2017-11-01 20:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-15 13:35 - 2017-11-01 20:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-15 13:35 - 2017-10-15 06:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-15 13:35 - 2017-10-15 06:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-12 21:20 - 2017-11-12 21:20 - 000830656 _____ C:\Users\April\Downloads\kilo credit.pdf
2017-11-12 19:56 - 2017-11-12 19:56 - 000137669 _____ C:\Users\April\Downloads\DAVID ARREST.pdf
2017-11-08 04:55 - 2017-11-08 04:57 - 000509980 _____ C:\WINDOWS\Minidump\110817-35312-01.dmp
2017-11-06 19:00 - 2017-11-06 19:00 - 000002029 _____ C:\Users\April\Desktop\Canon IJ Network Tool (2).lnk
2017-11-06 19:00 - 2017-11-06 19:00 - 000001291 _____ C:\Users\April\Desktop\Google Chrome (2).lnk
2017-11-06 19:00 - 2017-11-06 19:00 - 000001099 _____ C:\Users\April\Desktop\Connected Music powered by Meridian.lnk
2017-11-06 19:00 - 2017-11-06 19:00 - 000000903 _____ C:\Users\April\Desktop\Adobe Acrobat XI - Shortcut.lnk
2017-11-05 01:38 - 2017-11-05 01:39 - 000412108 _____ C:\WINDOWS\Minidump\110517-37015-01.dmp
2017-11-04 01:56 - 2017-11-04 01:56 - 000000279 _____ C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2017-10-29 10:32 - 2017-10-29 10:32 - 000000000 ___HD C:\$WINDOWS.~BT
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-28 12:34 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-28 12:33 - 2013-10-31 18:25 - 000000000 __RDO C:\Users\April\SkyDrive
2017-11-28 12:29 - 2016-05-19 00:27 - 000000000 __SHD C:\Users\April\IntelGraphicsProfiles
2017-11-28 12:25 - 2017-05-22 00:28 - 000000000 ____D C:\Users\April
2017-11-28 12:21 - 2017-08-23 23:24 - 000000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForApril.job
2017-11-28 12:21 - 2017-05-22 10:03 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-28 12:21 - 2017-05-22 01:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-28 12:21 - 2014-03-06 20:04 - 928543424 _____ C:\WINDOWS\MEMORY.DMP
2017-11-28 12:11 - 2017-05-22 00:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-28 12:00 - 2017-05-22 01:15 - 000004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1E0E4AD9-125A-46E6-839B-185C01240A94}
2017-11-28 01:30 - 2017-03-18 13:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-27 02:45 - 2017-08-23 23:24 - 000003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForApril
2017-11-26 20:42 - 2015-04-04 14:19 - 000000000 ____D C:\Temp
2017-11-26 20:37 - 2017-05-23 21:46 - 000000000 ____D C:\WINDOWS\pss
2017-11-26 20:37 - 2017-03-18 03:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-11-26 20:26 - 2017-05-23 21:48 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-11-26 19:56 - 2017-05-22 01:02 - 002049860 _____ C:\WINDOWS\system32\perfh007.dat
2017-11-26 19:56 - 2017-05-22 01:02 - 000539282 _____ C:\WINDOWS\system32\perfc007.dat
2017-11-26 19:56 - 2017-05-22 00:27 - 000007208 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-26 18:15 - 2017-07-15 21:50 - 000001291 _____ C:\Users\April\Desktop\Google Chrome.lnk
2017-11-26 17:11 - 2014-04-09 21:25 - 000000000 ____D C:\Users\April\AppData\Roaming\uTorrent
2017-11-26 15:19 - 2017-08-09 14:23 - 000000000 ____D C:\Users\April\AppData\LocalLow\uTorrent
2017-11-26 13:35 - 2016-07-31 01:04 - 000000000 ____D C:\Users\April\AppData\LocalLow\Temp
2017-11-25 11:47 - 2017-03-18 13:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-24 23:12 - 2017-06-20 14:21 - 000000000 ____D C:\Users\April\AppData\Roaming\Hola
2017-11-24 22:45 - 2015-01-21 17:49 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-11-24 22:41 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-11-24 22:41 - 2013-08-22 07:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-11-24 18:46 - 2017-03-18 13:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-24 18:44 - 2013-10-09 11:18 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-11-24 14:53 - 2015-01-31 06:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-11-24 08:52 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-24 06:53 - 2015-01-22 12:33 - 000000000 ____D C:\Program Files\Common Files\McAfee
2017-11-24 06:52 - 2017-05-22 01:15 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-11-24 06:47 - 2015-01-22 12:33 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-11-24 02:45 - 2017-04-27 21:51 - 000000000 ____D C:\Users\April\AppData\Local\BeautifyDesktop
2017-11-23 23:09 - 2015-01-31 06:47 - 000000000 __RSD C:\Users\April\Documents\McAfee Vaults
2017-11-21 20:18 - 2017-10-13 13:59 - 000000000 ____D C:\Users\April\AppData\LocalLow\Canon Easy-WebPrint EX
2017-11-21 09:02 - 2017-03-18 03:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-20 22:08 - 2015-01-22 12:09 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-17 19:49 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-15 18:54 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-15 18:46 - 2013-10-10 21:35 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-11-15 18:45 - 2013-08-22 05:25 - 000000301 _____ C:\WINDOWS\win.ini
2017-11-15 18:32 - 2013-10-02 07:03 - 000000000 ____D C:\Users\April\AppData\Local\ElevatedDiagnostics
2017-11-15 18:05 - 2016-02-13 05:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-15 17:58 - 2017-05-22 00:19 - 000405488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-15 17:56 - 2014-06-12 10:19 - 000000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAPRILKAY$.job
2017-11-15 17:52 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 17:52 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-15 17:52 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-15 17:52 - 2017-03-18 13:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-15 17:52 - 2017-03-18 13:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-15 17:30 - 2017-05-22 01:15 - 000003290 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAPRILKAY$
2017-11-15 15:04 - 2017-03-18 12:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-15 12:49 - 2017-05-22 01:15 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-15 12:46 - 2016-10-21 21:41 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-14 23:56 - 2017-05-22 01:15 - 000003710 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001UA1d257efe2e63987
2017-11-14 23:56 - 2017-05-22 01:15 - 000003442 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001Core1d257efe2a75280
2017-11-14 23:51 - 2017-05-22 01:15 - 000004538 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-14 23:51 - 2017-05-22 01:15 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-14 23:51 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-14 23:51 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-14 13:49 - 2013-10-02 07:27 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-13 23:33 - 2017-05-22 01:15 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-13 23:33 - 2017-05-22 01:15 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-06 19:01 - 2017-07-22 03:08 - 000000000 ____D C:\Users\April\Desktop\Adobe Acrobat XI
2017-11-05 01:58 - 2017-05-24 03:29 - 000000000 ____D C:\Users\DefaultAppPool
2017-11-04 17:40 - 2017-03-18 13:06 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 17:40 - 2017-03-18 13:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-02 14:17 - 2017-07-22 10:07 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2751042415-2246998964-2558403214-1001
2017-11-02 14:16 - 2016-05-19 00:41 - 000002405 _____ C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-29 10:33 - 2017-05-21 21:50 - 000000000 ___DC C:\WINDOWS\Panther
==================== Files in the root of some directories =======
2017-04-13 12:22 - 2017-04-13 12:22 - 007639040 _____ () C:\Program Files (x86)\GUTEA25.tmp
2016-01-26 04:35 - 2017-01-05 01:05 - 000007595 _____ () C:\Users\April\AppData\Local\Resmon.ResmonCfg
2017-04-27 21:40 - 2017-04-27 21:40 - 000002048 _____ () C:\Users\April\AppData\Local\uninstallro.exe
2014-09-30 00:01 - 2014-09-30 00:01 - 000000000 _____ () C:\Users\April\AppData\Local\{26A95307-47D9-44BF-AF14-EABC861C7C64}
2014-09-29 00:01 - 2014-09-29 00:01 - 000000000 _____ () C:\Users\April\AppData\Local\{50328719-06DF-49DB-8B69-7C03A6642321}
2014-09-23 00:01 - 2014-09-23 00:01 - 000000000 _____ () C:\Users\April\AppData\Local\{6C04BF0D-0783-4B63-A191-87208C96AA0B}
2015-09-06 12:34 - 2015-09-06 12:34 - 000000000 _____ () C:\Users\April\AppData\Local\{7D82360C-B7B5-4ECC-B169-205C12967018}
Files to move or delete:
====================
C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\fwcfg.dll
C:\Windows\SysWOW64\Windows.System.Diagnostics.Telemetry.PlatformTelemetryClient.dll
C:\Windows\System32\fwcfg.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\ndistpr64.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
LastRegBack: 2017-11-27 13:27
==================== End of FRST.txt ============================

  • 0

#50
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

P.S now my browser chrome will not open any websites and has disappeared from the taskbar.  don't know if this information is relevant but thought I would mention it. 


  • 0

#51
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,220 posts
Do you have a USB drive we can use? You will need it for the next set of instructions. Preferably one that is blank, if possible.

I'll have a look at the logs now and prepare our next move.
  • 0

#52
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

what size usb do I need?

  I can go and get one really quick


  • 0

#53
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,220 posts
4GB's or larger would be great. :)

I will go ahead and prepare the instructions in your absence and have them posted for you shortly. I know the instructions may look a little daunting to you, so take your time and read the instructions line by line. If you have any questions, don't hesitate to ask. :)
  • 0

#54
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,220 posts
Ok. Here are the instructions that I need for you to follow. As I said, they do look to be a bit daunting but take your time. I know you can do it. :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Preparing the USB Flash Drive
  • Download the 64-bit version of FarbarRecoveryScanTool from >>HERE<<
  • Move the executable FRST64.exe onto your USB Flash Drive
  • Download the attached fixlist.txt, and move it on your USB Flash Drive as well.
Attached File  fixlist.txt   2.01KB   55 downloads

Boot into the Recovery Environment

Restart your infected computer. When you see the spinning circle of dots, press or continuously tap the F8 key. This should open the Choose an option screen as shown below. If it does not, see if you can get to the Choose an option another way:

recovery-options-windows.jpg

Click on Troubleshoot and you should see the Troubleshoot screen as shown below:

509x500ximage33.png.pagespeed.ic.Ka8cTrg

In the Troubleshoot screen, click on Advanced options and you should get the Advanced options screen as shown below:

650x381ximage34.png.pagespeed.ic.J3Dk0Qc

On the Advanced Options screen click Command Prompt.
You might need to choose a user account. Please do so and enter the password if necessary, otherwise leave the password field blank and click to continue. A black Command window will open.

Next:


Once in the command prompt
  • In the command window type notepad and press Enter on your keyboard.
  • Notepad will open. Click File at the top left in the menu bar followed by Open.
  • Click Computer/This PC, write down your USB drive letter on a piece of paper and close Notepad.
  • Next type x:\frst64.exe in the command window.
    • Note: Replace letter x with the drive letter of your USB drive you wrote down earlier.
  • Press Enter on your keyboard. The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Click Fix.
  • A log (Fixlog.txt) will be saved to your USB drive. Reboot your computer.Copy the contents of Fixlog.txt and paste in your next reply

  • 0

#55
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

I grabbed a 32gb because it was the only one they had at the store i stopped into . I hope that will work some kind of san disk cruzer with secure access software?  I probably should have just gotten an 8 gig but i didnt want to drive to walmart. 


  • 0

Advertisements


#56
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,220 posts
The 32Gb is just fine. I am sure that when we are finished here we can find another use for it. Especially if you did not create your recovery media when you bought the computer. We'll discuss that when we are finished cleansing the computer.

Go ahead and follow the instructions above. If you have trouble understanding something, let me know. :)
  • 0

#57
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2017
Ran by SYSTEM (28-11-2017 21:28:07) Run:3
Running from e:\
Boot Mode: Recovery
==============================================
fixlist content:
*****************
unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dataup
reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dataup" /f
unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drmkpro64
reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drmkpro64" /f
C:\Users\April\AppData\Local\ntuserlitelist
HKLM-x32\...\Run: [cpx] => "C:\Users\April\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [927744 2017-10-27] () <==== ATTENTION
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: F - "F:\setup.exe"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: {39843cd8-3120-11e3-be7b-b8763f38aa42} - "F:\TL_Bootstrap.exe"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: {5595447e-4ef7-11e7-bfe1-b8763f38aa42} - "F:\setup.exe"
S2 0291631511534851mcinstcleanup; C:\WINDOWS\TEMP\029163~1.EXE -cleanup -nolog [X]
S2 Dataup; C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
S3 usbcir; \SystemRoot\System32\drivers\usbcir.sys [X]
S3 usbprint; \SystemRoot\System32\drivers\usbprint.sys [X]
C:\Program Files (x86)\GUTEA25.tmp
C:\windows\system32\tprdpw32.exe
C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\libegl.dll
C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
AlternateDataStreams: C:\ProgramData\Temp:D5FBE8F9 [362]
MSCONFIG\Services: Dataup =>
MSCONFIG\Services: srcsrv => 2
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION
*****************
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dataup" => key could not be unlocked
========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dataup" /f =========
ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drmkpro64" => key could not be unlocked
========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drmkpro64" /f =========
ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========
C:\Users\April\AppData\Local\ntuserlitelist => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value removed successfully
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: F - "F:\setup.exe" => Error: The entry should be fixed outside recovery mode.
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: {39843cd8-3120-11e3-be7b-b8763f38aa42} - "F:\TL_Bootstrap.exe" => Error: The entry should be fixed outside recovery mode.
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: {5595447e-4ef7-11e7-bfe1-b8763f38aa42} - "F:\setup.exe" => Error: The entry should be fixed outside recovery mode.
HKLM\System\ControlSet001\Services\0291631511534851mcinstcleanup => key removed successfully
0291631511534851mcinstcleanup => service removed successfully
HKLM\System\ControlSet001\Services\Dataup => key removed successfully
Dataup => service removed successfully
HKLM\System\ControlSet001\Services\drmkpro64 => key removed successfully
drmkpro64 => service removed successfully
HKLM\System\ControlSet001\Services\usbcir => key removed successfully
usbcir => service removed successfully
HKLM\System\ControlSet001\Services\usbprint => key removed successfully
usbprint => service removed successfully
C:\Program Files (x86)\GUTEA25.tmp => moved successfully
C:\windows\system32\tprdpw32.exe => moved successfully
"C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" => not found.
"C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe" => not found.
"C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\libcef.dll" => not found.
"C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll" => not found.
"C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\libegl.dll" => not found.
"C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll" => not found.
C:\ProgramData\Temp => ":D5FBE8F9" ADS removed successfully
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MSCONFIG\Services: Dataup => => key not found.
HKLM\System\CurrentControlSet\Services\MSCONFIG\Services: Dataup => => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\srcsrv => key removed successfully
HKLM\System\CurrentControlSet\Services\srcsrv => key not found.
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION => Error: The entry should be fixed outside recovery mode.
==== End of Fixlog 21:28:09 ====

  • 0

#58
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

The recovery will not be of any use as this computer came with windows 8 and Microsoft automatically updated me to 10 .. 


  • 0

#59
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,220 posts
Ah. You're right.

How is the computer behaving?

Let's do the following in normal mode..

Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.
Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.
Next:

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
65MBhLLb.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt
How is the computer doing?
  • 0

#60
aKay47

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

So, I download the free trial of Malwarebytes?  I got a little confused here I downloaded mb3-setup-adwc.adwc100.3.3.1.2183.exe.. Is that the correct file?  The computer is lagging a little more than usual, when I try to open files.. and chrome is not working at all.  I will probably have to reinstall it.  I only use chrome browser.  So  I am using edge right now to contact you.  This was a little easier during the holiday weekend as I had no children (boys were in new mexico with their dad)and didn't have distractions of school. (my sons only ever talk to me, or need me to do something for them when I am trying to get something accomplished) I love them they are 16 and 22.

 

I don't want to do anything until I get a confirmation as to whether I downloaded the correct file.  Also, can we not use the mbar file we already downloaded previously? the one that kept freezing?  or is this different?  I have school today from noon till 9pm so I will get back with you after that .  And I never did figure out how to post the screen shot from my tablet.  I thought I did, but when I posted it it was not there.  LOL  


  • 0






Similar Topics


Also tagged with one or more of these keywords: antivirus disabled, virus, cannot access files, can not delete virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP