laptop suddenly slow, possible malware

Hello, a friend advised that I post on here.

I'm running windows 10 on an HP pavillion 64 it ( I expect that info is in the documents tho)

I ran a full AVG scan but it didn't find anything.

My computer has been freezing on log in - started to hang just before or after entering password.

Sometimes I can log in then things are slow.

Copying folders is almost impossible, I'll select a folder, hit 'copy this file' at the top of the screen and nothing will happen.

I tried opening task manager to see what was going on and often it would freeze there too.

The most noticeable thing is that type appears at much lower quality online. Really jagged.

I tried to do a reset and keep my personal files but it told me some kernel files were missing or damaged ( no idea how that happened as I do not muck about with that stuff and this is why I thought it might be malware). I managed to download the iso of windows 10 onto a usb and the computer is now back to how it was before the reset with all the slowness and log in problems.

As I was pasting the txt files a good example of the slowness and unresponsiveness - took about 5 minutes to get the notepad window to recognise that I was clicking on EDIT and to select the text and again to copy it. I am still trying to paste the additions in now. EDIT is unresponsive and right clicking on the selected text does nothing. Hoping it will eventually copy.

UPDATE - I cannot copy the text from the additions file. File edit etc will not work. Ok I opened the file in libreoffice writer and have pasted it after the FRST one. I'm baffled that the text editor had problems and the word one didn't.

Any advice would be wonderful - I'm tempted to wipe everything and reinstall windows but I'm sure that won't be as simple as it sounds.

Here are the txt files:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2017 01

Ran by Xoe (administrator) on CATILION (19-04-2017 13:26:32)

Running from C:\Users\Xoe\Desktop

Loaded Profiles: Xoe (Available Profiles: Xoe & Guest)

Platform: Windows 10 Home Version 1607 (X64) Language: English (United Kingdom)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

(Intel Corporation) C:\WINDOWS\System32\igfxCUIService.exe

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe

(Hewlett-Packard Company) C:\WINDOWS\System32\hpservice.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe

() C:\Program Files (x86)\Backblaze\bzserv.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe

() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe

(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\WINDOWS\System32\igfxEM.exe

(Intel Corporation) C:\WINDOWS\System32\igfxHK.exe

() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(SoftPerfect) C:\Program Files\NetWorx\networx.exe

(Dropbox, Inc.) C:\Users\Xoe\AppData\Local\Dropbox\Update\DropboxUpdate.exe

(Spotify Ltd) C:\Users\Xoe\AppData\Roaming\Spotify\SpotifyWebHelper.exe

(Flux Software LLC) C:\Users\Xoe\AppData\Local\FluxSoftware\Flux\flux.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

() C:\Program Files (x86)\Backblaze\bzbui.exe

(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe

(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe

() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Microsoft Corporation) C:\WINDOWS\System32\InstallAgent.exe

(Microsoft Corporation) C:\WINDOWS\System32\InstallAgentUserBroker.exe

() C:\Program Files (x86)\Backblaze\x64\bztransmit64.exe

(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe

(Google Inc.) C:\Users\Xoe\AppData\Local\Google\Chrome SxS\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Xoe\AppData\Local\Google\Chrome SxS\Application\chrome.exe

(Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe

(WebMinds, Inc.) C:\Program Files\Duplicate Photo Cleaner\DuplicatePhotoCleaner.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor)

HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)

HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)

HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)

HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [7939912 2016-02-29] (SoftPerfect)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)

HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [4883216 2016-05-04] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2183752 2017-02-06] ()

HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [570880 2013-12-27] (Nikon Corporation)

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-22] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-12-09] (Apple Inc.)

HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)

HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)

HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-08-12] ()

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)

HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\Run: [GoogleChromeAutoLaunch_9FB6F71DDDB7A5BB2591700729459C29] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941912 2017-03-29] (Google Inc.)

HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\Run: [SolidCapture] => C:\Program Files (x86)\SolidDocuments\SolidCapture\solidcapture.exe [5644288 2007-04-17] (Solid Documents, LLC)

HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\Run: [AVG-Secure-Search-Update_0215tb] => "C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe" /PROMPT /CMPID=0215tb

HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\Run: [Dropbox Update] => C:\Users\Xoe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)

HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\Run: [Spotify Web Helper] => C:\Users\Xoe\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2017-03-01] (Spotify Ltd)

HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\Run: [GoogleChromeAutoLaunch_26BD5E01A8E32BE058D9A9AFA222BFE9] => C:\Users\Xoe\AppData\Local\Chromium\Application\chrome.exe [664576 2015-07-21] (The Chromium Authors)

HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\Run: [f.lux] => C:\Users\Xoe\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)

HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)

HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)

HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [595176 2017-04-17] ()

HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\Run: [Google Update] => C:\Users\Xoe\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe [599632 2017-04-12] (Google Inc.)

HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\MountPoints2: {2ec1872c-e8e5-11e6-82f4-2c337a068f32} - "F:\startme.exe"

HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [572416 2017-03-04] (Microsoft Corporation)

HKU\S-1-5-18\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [595176 2017-04-17] ()

ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)

ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll [2017-04-14] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Xoe\AppData\Local\MEGAsync\ShellExtX64.dll [2016-09-10] ()

ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Xoe\AppData\Local\MEGAsync\ShellExtX64.dll [2016-09-10] ()

ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Xoe\AppData\Local\MEGAsync\ShellExtX64.dll [2016-09-10] ()

ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Xoe\AppData\Local\MEGAsync\ShellExtX32.dll [2016-09-10] ()

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Xoe\AppData\Local\MEGAsync\ShellExtX32.dll [2016-09-10] ()

ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Xoe\AppData\Local\MEGAsync\ShellExtX32.dll [2016-09-10] ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-10-10]

ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-14]

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.523\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-10-10]

ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)

Startup: C:\Users\Xoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-08-26]

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Users\Xoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-06-25]

ShortcutTarget: Dropbox.lnk -> C:\Users\Xoe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{737ed588-00f9-4c7d-a67a-8050e5c3b27f}: [DhcpNameServer] 40.24.1.16

Tcpip\..\Interfaces\{ed9004c3-7d88-459f-bf01-a572cfd06370}: [DhcpNameServer] 192.168.1.1

Internet Explorer:

==================

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT14/2

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2

HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={0CCFECC3-191D-46C7-BD6C-D90084BF5E99}&mid=12094ff29d2847cda1d8fd7a3ce266c1-aa80ba2cb6e0b67f0dafcca98d85dab63a8c10e1&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2015-02-02 20:36:06&v=4.2.9.726&pid=wtu&sg=&sap=hp

HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2

HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://uk.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_frg01_15_30&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAzzyCtA0B0B0AyDtAyC0EtDzytC0F0CtN0D0Tzu0StCtBzyzytN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzy0EyB0B0BtGyEzz0EzytGtBtC0B0EtGtB0ByB0AtGtDyDyEyDtC0AyEyD0FtDyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBtCyEtByByByDtGzy0E0AzztGyEzy0E0BtGzyyDzz0DtG0E0CyBtByE0A0CyBtDyBtAyE2QtN0A0LzutBtN1B2Z1V1T1S1NzuzzzytC%26cr%3D319725739%26a%3Dwncy_frg01_15_30%26os%3DWindows%2B8.1

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_frg01_15_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAzzyCtA0B0B0AyDtAyC0EtDzytC0F0CtN0D0Tzu0StCtBzyzytN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzy0EyB0B0BtGyEzz0EzytGtBtC0B0EtGtB0ByB0AtGtDyDyEyDtC0AyEyD0FtDyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBtCyEtByByByDtGzy0E0AzztGyEzy0E0BtGzyyDzz0DtG0E0CyBtByE0A0CyBtDyBtAyE2QtN0A0LzutBtN1B2Z1V1T1S1NzuzzzytC%26cr%3D319725739%26a%3Dwncy_frg01_15_30%26os%3DWindows%2B8.1&p={searchTerms}

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_frg01_15_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAzzyCtA0B0B0AyDtAyC0EtDzytC0F0CtN0D0Tzu0StCtBzyzytN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzy0EyB0B0BtGyEzz0EzytGtBtC0B0EtGtB0ByB0AtGtDyDyEyDtC0AyEyD0FtDyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBtCyEtByByByDtGzy0E0AzztGyEzy0E0BtGzyyDzz0DtG0E0CyBtByE0A0CyBtDyBtAyE2QtN0A0LzutBtN1B2Z1V1T1S1NzuzzzytC%26cr%3D319725739%26a%3Dwncy_frg01_15_30%26os%3DWindows%2B8.1&p={searchTerms}

SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =

SearchScopes: HKLM-x32 -> {076BB003-862F-4343-B8E9-6CD8A84F1582} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0CCFECC3-191D-46C7-BD6C-D90084BF5E99}&mid=12094ff29d2847cda1d8fd7a3ce266c1-aa80ba2cb6e0b67f0dafcca98d85dab63a8c10e1&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2015-02-02 20:36:06&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_frg01_15_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutAzzyCtA0B0B0AyDtAyC0EtDzytC0F0CtN0D0Tzu0StCtBzyzytN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDtCtBzy0EyB0B0BtGyEzz0EzytGtBtC0B0EtGtB0ByB0AtGtDyDyEyDtC0AyEyD0FtDyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBtCyEtByByByDtGzy0E0AzztGyEzy0E0BtGzyyDzz0DtG0E0CyBtByE0A0CyBtDyBtAyE2QtN0A0LzutBtN1B2Z1V1T1S1NzuzzzytC%26cr%3D319725739%26a%3Dwncy_frg01_15_30%26os%3DWindows%2B8.1&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001 -> {076BB003-862F-4343-B8E9-6CD8A84F1582} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001 -> {27869FDB-B3B3-482B-8737-224EFE7EFA3E} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=159941&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001 -> {4AF624BE-A0B8-4663-9926-1B5DE02CF751} URL = hxxps://uk.search.yahoo.com/search?fr=nectar-tb-v3&type=61465&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={0CCFECC3-191D-46C7-BD6C-D90084BF5E99}&mid=12094ff29d2847cda1d8fd7a3ce266c1-aa80ba2cb6e0b67f0dafcca98d85dab63a8c10e1&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2015-02-02 20:36:06&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001 -> {A601E509-209A-4208-9E69-266DDB713143} URL = hxxps://uk.search.yahoo.com/search?fr=nectar-tb-v3&type=61465&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001 -> {E595D69B-D5FF-4635-B77A-338386844E83} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)

BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-02-06] (AVG)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)

BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-08-12] (Wondershare)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-08] (Oracle Corporation)

BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.7.452\AVG Web TuneUp.dll [2017-02-06] (AVG)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-08] (Oracle Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File

BHO-x32: Nectar Toolbar -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\Nectar Toolbar\tbcore3.dll [2015-07-23] ()

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)

Toolbar: HKLM-x32 - Nectar Toolbar - {8CB26F89-C950-4CC2-9100-69635A8E721D} - C:\Program Files (x86)\Nectar Toolbar\tbcore3.dll [2015-07-23] ()

Toolbar: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001 -> No Name - {8CB26F89-C950-4CC2-9100-69635A8E721D} - No File

IE Session Restore: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001 -> is enabled.

Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-02-02] (AVG Secure Search)

Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

FireFox:

========

FF ProfilePath: C:\Users\Xoe\AppData\Roaming\Pencil\Profiles\v0c0okdx.default [2015-08-13]

FF ProfilePath: C:\Users\Xoe\AppData\Roaming\Mozilla\Firefox\Profiles\e8shou0l.default-1462210819527 [2017-04-14]

FF Homepage: Mozilla\Firefox\Profiles\e8shou0l.default-1462210819527 -> about:home

FF Session Restore: Mozilla\Firefox\Profiles\e8shou0l.default-1462210819527 -> is enabled.

FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Xoe\AppData\Roaming\Mozilla\Firefox\Profiles\e8shou0l.default-1462210819527\Extensions\[email protected] [2016-05-02]

FF Extension: (AdBlocker Ultimate) - C:\Users\Xoe\AppData\Roaming\Mozilla\Firefox\Profiles\e8shou0l.default-1462210819527\Extensions\[email protected] [2017-04-09]

FF Extension: (Bookmark on Delicious) - C:\Users\Xoe\AppData\Roaming\Mozilla\Firefox\Profiles\e8shou0l.default-1462210819527\Extensions\[email protected] [2016-05-02]

FF Extension: (F.B. Purity - Cleans Up Facebook) - C:\Users\Xoe\AppData\Roaming\Mozilla\Firefox\Profiles\e8shou0l.default-1462210819527\Extensions\[email protected] [2016-05-02]

FF Extension: (feedly) - C:\Users\Xoe\AppData\Roaming\Mozilla\Firefox\Profiles\e8shou0l.default-1462210819527\Extensions\[email protected] [2016-05-02]

FF Extension: (Webmail Ad Blocker) - C:\Users\Xoe\AppData\Roaming\Mozilla\Firefox\Profiles\e8shou0l.default-1462210819527\Extensions\[email protected] [2016-05-02]

FF Extension: (Push to Kindle) - C:\Users\Xoe\AppData\Roaming\Mozilla\Firefox\Profiles\e8shou0l.default-1462210819527\Extensions\[email protected] [2016-05-02]

FF Extension: (Proxmate) - C:\Users\Xoe\AppData\Roaming\Mozilla\Firefox\Profiles\e8shou0l.default-1462210819527\Extensions\[email protected] [2016-05-02]

FF Extension: (LastPass) - C:\Users\Xoe\AppData\Roaming\Mozilla\Firefox\Profiles\e8shou0l.default-1462210819527\Extensions\[email protected] [2017-04-09]

FF Extension: (Web Developer) - C:\Users\Xoe\AppData\Roaming\Mozilla\Firefox\Profiles\e8shou0l.default-1462210819527\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-04-09]

FF Extension: (Adblock Plus) - C:\Users\Xoe\AppData\Roaming\Mozilla\Firefox\Profiles\e8shou0l.default-1462210819527\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-19]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected]_xpi

FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\[email protected]_xpi [2016-08-25]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2017-01-29]

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-11] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-11] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.7\\npsitesafety.dll [No File]

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2011-04-20] (CANON INC.)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-08] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-08] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin HKU\S-1-5-21-2512842997-4247233269-2972442051-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Xoe\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)

FF Plugin HKU\S-1-5-21-2512842997-4247233269-2972442051-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Xoe\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)

FF Plugin HKU\S-1-5-21-2512842997-4247233269-2972442051-1001: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-11-20] (Sony Network Entertainment International LLC)

Chrome:

=======

CHR DefaultProfile: Default

CHR HomePage: Default -> mysearch.avg.com/?rvt=1

CHR StartupUrls: Default -> "hxxp://www.eaglespace.com/spirit/gayatri.php","hxxp://hindspiration.com/moola-mantra/","hxxps://www.instructables.com/id/Spooky-Tesla-Spirit-Radio/","hxxps://www.netflix.com/watch/80094468?trackId=14277281&tctx=0%2C0%2C2ff78b6a-5d57-48df-9740-3eeabac06cac-43126709","hxxps://www.prsformusic.com/joinus/writer/Pages/writer-application.aspx","hxxp://www.interestingelectronics.com/old/henrys_interesting_electronics/frequency_shifter/frequency_shifter.htm","hxxp://reaper.fm/","hxxp://www.15questions.net/interview/fifteen-questions-interview-robbie-judkins/page-1/","hxxps://www.random.org/lists/","hxxp://makezine.com/projects/weekend-project-sample-weird-sounds-electromagnetic-fields/","hxxps://thebuddhistcentre.com/text/four-noble-truths","hxxps://www.coursera.org/learn/exposure-photography/lecture/bUhHL/a-basic-vocabulary-of-capabilities","hxxp://www.premiertaxisfolkestone.co.uk/fares.php","hxxps://www.google.co.uk/maps/place/Sunny+Sands/@51.0787927,1.1854487,16z/data=!4m21!1m15!4m14!1m6!1m2!1s0x47deb815138b2c8f:0xa514d67a986aff93!2sFolkestone!2m2!1d1.169456!2d51.081397!1m6!1m2!1s0x47dee8f08fe3905f:0xc0c06b242fc6f4d2!2sGreatstone,+New+Romney+TN28+8RN!2m2!1d0.9633697!2d50.9594652!3m4!1s0x0:0xa11fd07be73e4540!8m2!3d51.0816525!4d1.190654","hxxps://www.ruled.me/30-day-ketogenic-diet-plan/","hxxps://www.reddit.com/r/keto/comments/2dzcpm/has_anyone_here_done_the_ruledme_diet/","hxxps://play.spotify.com/user/summeranne/playlist/0jvLWZlm6rjy0EBKndJ9hk","hxxps://advice.thisoldhouse.com/showthread.php?117042-Can-strand-mix-with-solid-of-same-gage-in-circuit"

CHR DefaultSearchKeyword: Default -> google.co.uk

CHR Session Restore: Default -> is enabled.

CHR Profile: C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default [2017-04-19]

CHR Extension: (Google Slides) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-05]

CHR Extension: (Duolingo on the Web) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2016-09-11]

CHR Extension: (Delicious) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\alajnhkahdgpjhcfklbbpklbaklhpamf [2016-01-30]

CHR Extension: (Google Docs) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-05]

CHR Extension: (Google Drive) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]

CHR Extension: (YouTube) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]

CHR Extension: (AVG Secure Search) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-01-30]

CHR Extension: (Ecosia - The search engine that plants trees) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\clellnciejhoedgepbdilbkdkaoecgpc [2017-01-30]

CHR Extension: (Google Search) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]

CHR Extension: (SoundCloud Scrobbler) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\egbaojncijacajndhncghmjeielgocjd [2017-01-19]

CHR Extension: (Google Sheets) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-05]

CHR Extension: (Google Docs Offline) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-28]

CHR Extension: (AdBlock) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-14]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-12-09]

CHR Extension: (Delicious Bookmarks Extension) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnaelnkmidnndgikjbiifihgklnocljd [2016-01-30]

CHR Extension: (F.B. Purity For Facebook) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2016-07-22]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]

CHR Extension: (Nectar Toolbar) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\oapigpcefgclegodepglkbhimbpakdpf [2015-06-19]

CHR Extension: (Gmail) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

CHR Extension: (Chrome Media Router) - C:\Users\Xoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]

CHR HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" <not found>

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ACProtector; C:\Program Files\AxiomCoders\ACProtector\ACProtector.exe [138752 2012-08-15] (AxiomCoders) [File not signed]

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-08-26] (Adobe Systems) [File not signed]

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638968 2016-05-04] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5155904 2016-05-04] (AVG Technologies CZ, s.r.o.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1078544 2016-04-22] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [710232 2016-05-04] (AVG Technologies CZ, s.r.o.)

R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [94936 2014-07-04] ()

R2 bzserv; C:\Program Files (x86)\Backblaze\bzserv.exe [443112 2017-04-17] ()

S2 CTService; C:\Program Files (x86)\Cold Turkey\\CTService.exe [323072 2014-11-25] (Felix Belzile) [File not signed]

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)

R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)

R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-02] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.523\McCHSvc.exe [404376 2017-03-20] (McAfee, Inc.)

S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)

R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor)

S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)

R2 vToolbarUpdater40.3.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.7\ToolbarUpdater.exe [1354312 2017-02-06] (AVG Secure Search)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-03-04] (Microsoft Corporation)

S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.2.4.1\WsAppService.exe [417792 2016-07-12] (Wondershare) [File not signed]

R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [981576 2017-02-06] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)

R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [307456 2016-04-20] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [248576 2016-03-29] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [51968 2016-04-14] (AVG Technologies CZ, s.r.o.)

R0 Avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [71936 2016-05-04] (AVG Technologies CZ, s.r.o.)

R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)

R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)

S3 FTDIBUS; C:\WINDOWS\system32\drivers\ftdibus.sys [118160 2016-10-04] (Future Technology Devices International Ltd.)

S3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [88752 2016-10-04] ()

R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()

R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()

R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()

R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)

S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()

R1 networx; C:\WINDOWS\System32\drivers\networx.sys [72120 2016-02-15] (NetFilterSDK.com)

R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)

R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [624424 2015-12-03] (Realtek Semiconductor Corporation)

S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)

R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6294016 2017-02-01] (Realtek Semiconductor Corporation )

S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-17] (Synaptics Incorporated)

R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated)

S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2014-10-14] (The OpenVPN Project)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

U3 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-19 13:26 - 2017-04-19 13:29 - 00044080 _____ C:\Users\Xoe\Desktop\FRST.txt

2017-04-19 13:25 - 2017-04-19 13:26 - 00000000 ____D C:\FRST

2017-04-19 13:19 - 2017-04-19 13:22 - 02424832 _____ (Farbar) C:\Users\Xoe\Desktop\FRST64.exe

2017-04-19 13:06 - 2017-04-19 13:06 - 00000000 ____D C:\Users\Xoe\AppData\Roaming\Ashisoft

2017-04-19 13:06 - 2017-04-19 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate File Finder

2017-04-19 13:06 - 2017-04-19 13:06 - 00000000 ____D C:\Program Files (x86)\Duplicate File Finder

2017-04-19 13:04 - 2017-04-19 13:05 - 00860376 _____ (Ashisoft ) C:\Users\Xoe\Downloads\dfsetup.exe

2017-04-19 12:27 - 2017-04-19 12:27 - 00000735 _____ C:\Users\Public\Desktop\Duplicate Photo Cleaner.lnk

2017-04-19 12:27 - 2017-04-19 12:27 - 00000000 ____D C:\Users\Xoe\AppData\Roaming\DuplicatePhotoCleaner

2017-04-19 12:27 - 2017-04-19 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Photo Cleaner

2017-04-19 12:27 - 2017-04-19 12:27 - 00000000 ____D C:\ProgramData\Duplicate Photo Cleaner

2017-04-19 12:27 - 2017-04-19 12:27 - 00000000 ____D C:\Program Files\Duplicate Photo Cleaner

2017-04-17 15:44 - 2017-04-17 15:44 - 00011350 _____ C:\Users\Xoe\Desktop\grid.ods

2017-04-15 16:59 - 2017-04-15 16:59 - 00000000 ____D C:\Users\Xoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2017-04-14 17:33 - 2017-04-14 17:33 - 00002016 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2017-04-14 17:33 - 2017-04-14 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

2017-04-12 21:01 - 2017-04-12 21:01 - 08388608 ___SH C:\tmpgfile.sys

2017-04-12 20:11 - 2017-04-12 20:58 - 00000000 ____D C:\$WINDOWS.~BT

2017-04-12 18:40 - 2017-04-12 21:02 - 00000000 ___HD C:\$SysReset

2017-04-10 12:13 - 2017-04-10 12:13 - 59272008 _____ (Malwarebytes ) C:\Users\Xoe\Downloads\mb3-setup-35891.35891-3.0.6.1469-1096.exe

2017-04-09 10:11 - 2017-04-17 12:53 - 00002520 _____ C:\Users\Xoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk

2017-04-09 10:11 - 2017-04-17 12:53 - 00002512 _____ C:\Users\Xoe\Desktop\Google Chrome Canary.lnk

2017-04-09 10:10 - 2017-04-12 02:54 - 00003676 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2512842997-4247233269-2972442051-1001UA

2017-04-09 10:10 - 2017-04-12 02:54 - 00003408 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2512842997-4247233269-2972442051-1001Core

2017-04-09 10:09 - 2017-04-09 10:09 - 01129376 _____ (Google Inc.) C:\Users\Xoe\Downloads\ChromeSetup.exe

2017-04-08 17:32 - 2017-04-08 17:32 - 00000000 ____D C:\Users\Xoe\New folder

2017-04-08 15:43 - 2017-04-08 15:43 - 00003348 _____ C:\WINDOWS\System32\Tasks\{FB677C32-23B3-4D5D-989C-DDFE941B1423}

2017-04-06 18:12 - 2017-03-16 06:17 - 01617760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2017-04-06 18:12 - 2017-03-16 06:17 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2017-04-06 18:12 - 2017-03-16 05:47 - 00038768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll

2017-04-06 18:12 - 2017-03-16 05:46 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

2017-04-06 18:12 - 2017-03-16 05:38 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll

2017-04-06 18:12 - 2017-03-16 05:19 - 22565376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2017-04-06 18:12 - 2017-03-16 05:05 - 18362368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2017-04-06 18:12 - 2017-03-16 05:03 - 23676416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2017-03-30 12:04 - 2017-03-30 12:04 - 00000000 ____D C:\ProgramData\Electronic Arts

2017-03-30 10:55 - 2017-03-30 10:55 - 00000000 ____D C:\Users\Xoe\.QtWebEngineProcess

2017-03-30 10:55 - 2017-03-30 10:55 - 00000000 ____D C:\Users\Xoe\.Origin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-19 12:08 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps

2017-04-19 12:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness

2017-04-19 12:06 - 2015-09-04 01:09 - 00000000 ____D C:\Users\Xoe\.p2

2017-04-19 12:05 - 2015-09-04 01:09 - 00000000 ____D C:\Users\Xoe\.eclipse

2017-04-19 12:04 - 2017-03-16 13:04 - 00000000 ____D C:\Users\Xoe\Documents\LIFE

2017-04-19 11:56 - 2015-03-21 00:29 - 00000000 ____D C:\Users\Xoe\AppData\Roaming\.minecraft

2017-04-19 11:32 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp

2017-04-19 11:07 - 2015-11-19 15:54 - 00000000 ___RD C:\Users\Xoe\Google Drive

2017-04-19 10:51 - 2016-08-16 03:48 - 00000000 ____D C:\Users\Xoe

2017-04-19 10:51 - 2016-08-16 03:43 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2017-04-19 10:51 - 2015-01-02 19:20 - 00000000 __SHD C:\Users\Xoe\IntelGraphicsProfiles

2017-04-19 10:49 - 2016-08-16 04:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-04-19 10:49 - 2016-08-16 03:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2017-04-19 10:43 - 2015-02-02 21:26 - 00000000 ____D C:\ProgramData\MFAData

2017-04-18 22:29 - 2015-02-14 03:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2017-04-18 22:29 - 2015-02-14 03:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2017-04-18 12:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF

2017-04-17 14:49 - 2015-01-08 20:38 - 00000000 ____D C:\WINDOWS\system32\MRT

2017-04-17 14:38 - 2015-01-08 20:38 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2017-04-17 14:37 - 2015-02-14 03:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2017-04-17 14:16 - 2015-12-27 23:32 - 00000000 ____D C:\Program Files (x86)\Backblaze

2017-04-17 12:50 - 2015-01-05 21:42 - 00000000 ____D C:\Program Files (x86)\Minecraft

2017-04-17 12:48 - 2016-07-16 07:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM

2017-04-15 17:05 - 2015-10-18 17:30 - 00000000 ____D C:\Users\Xoe\AppData\Roaming\Audacity

2017-04-15 17:00 - 2015-01-05 21:40 - 00000000 ____D C:\Users\Xoe\AppData\Roaming\Dropbox

2017-04-14 17:33 - 2015-11-21 11:57 - 00000000 ____D C:\Program Files\McAfee Security Scan

2017-04-12 19:10 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI

2017-04-12 17:53 - 2016-03-12 14:03 - 00000000 ____D C:\Users\Xoe\Documents\Sound

2017-04-12 17:50 - 2016-08-16 04:10 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2017-04-12 17:50 - 2016-08-16 04:10 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2017-04-11 10:50 - 2016-08-16 04:10 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2017-04-11 10:50 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed

2017-04-11 10:50 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed

2017-04-10 23:56 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp

2017-04-10 13:48 - 2015-02-14 20:26 - 00000000 ____D C:\Users\Xoe\AppData\Roaming\vlc

2017-04-10 13:01 - 2016-09-30 13:05 - 01366524 _____ C:\WINDOWS\system32\perfh008.dat

2017-04-10 13:01 - 2016-09-30 13:05 - 00498838 _____ C:\WINDOWS\system32\perfc008.dat

2017-04-10 13:01 - 2015-12-19 11:41 - 02848710 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-04-10 12:05 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF

2017-04-09 10:11 - 2015-03-05 10:54 - 00000000 ____D C:\Users\Xoe\AppData\Local\Google

2017-04-08 18:11 - 2016-01-18 12:20 - 00000000 ____D C:\Program Files\iTunes

2017-04-08 18:10 - 2015-01-09 17:31 - 00000000 ____D C:\Program Files\Common Files\Apple

2017-04-08 18:10 - 2015-01-09 13:59 - 00000000 ____D C:\Program Files (x86)\iTunes

2017-04-08 16:03 - 2015-10-10 13:28 - 00000000 ____D C:\Users\Xoe\Documents\Electronic Arts

2017-04-08 16:03 - 2015-10-10 12:03 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics

2017-04-08 15:50 - 2015-04-02 11:22 - 00000000 ____D C:\ProgramData\Skype

2017-04-08 14:13 - 2015-03-20 22:51 - 00000000 ____D C:\ProgramData\Oracle

2017-04-08 14:11 - 2016-01-12 18:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2017-04-08 14:11 - 2015-03-20 22:51 - 00000000 ____D C:\Program Files (x86)\Java

2017-04-08 14:09 - 2016-01-12 18:24 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2017-04-08 13:07 - 2015-05-28 12:25 - 00001305 _____ C:\Users\Xoe\Desktop\TreeSize Free.lnk

2017-04-07 16:18 - 2016-03-08 21:51 - 00000000 ____D C:\Users\Xoe\AppData\Roaming\foobar2000

2017-04-06 18:43 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\appraiser

2017-04-06 12:20 - 2015-03-05 10:55 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-04-01 21:11 - 2016-02-01 18:01 - 00000000 ____D C:\ProgramData\Origin

2017-04-01 19:52 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2017-04-01 19:52 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2017-03-31 19:09 - 2016-02-01 18:04 - 00000000 ____D C:\Users\Xoe\AppData\Roaming\Origin

2017-03-31 01:25 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache

2017-03-30 12:34 - 2016-07-16 12:43 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll

2017-03-30 12:34 - 2016-07-16 12:43 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll

2017-03-30 12:34 - 2016-07-16 12:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll

2017-03-30 12:34 - 2016-07-16 12:43 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll

2017-03-30 12:34 - 2016-07-16 12:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll

2017-03-30 12:34 - 2016-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll

2017-03-30 12:34 - 2016-07-16 12:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe

2017-03-30 12:34 - 2016-07-16 12:43 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll

2017-03-30 12:34 - 2016-07-16 12:43 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe

2017-03-30 12:34 - 2016-07-16 12:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll

2017-03-30 12:34 - 2016-07-16 12:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll

2017-03-30 12:34 - 2016-07-16 12:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll

2017-03-30 12:34 - 2016-07-16 12:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll

2017-03-30 12:34 - 2016-07-16 12:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll

2017-03-30 12:34 - 2016-07-16 12:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll

2017-03-30 12:34 - 2016-07-16 12:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll

2017-03-30 12:34 - 2016-07-16 12:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll

2017-03-30 11:00 - 2014-08-26 02:27 - 00000000 ____D C:\ProgramData\Package Cache

2017-03-29 23:07 - 2015-11-19 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2017-03-26 21:08 - 2016-05-22 14:39 - 00000000 ____D C:\Users\Xoe\AppData\Local\VirtualStore

==================== Files in the root of some directories =======

2015-09-13 15:34 - 2015-09-13 15:34 - 2822620 _____ () C:\Program Files\AMIDST-3.7.exe

2015-03-19 11:43 - 2015-03-19 12:55 - 3485128139 _____ () C:\Program Files\Dragon 13 Educational- Premium (WINDOWS).zip

2015-11-26 23:37 - 2015-11-26 23:37 - 28620792 _____ (Python Software Foundation) C:\Program Files\python-3.5.0.exe

2015-03-19 13:42 - 2015-11-10 19:09 - 0001799 _____ () C:\Users\Xoe\AppData\Roaming\SAS7_000.DAT

2015-08-08 21:26 - 2015-08-08 21:26 - 0000268 ___RH () C:\Users\Xoe\AppData\Roaming\Sync Services

2015-08-08 21:27 - 2015-08-08 21:27 - 0000268 ___RH () C:\Users\Xoe\AppData\Roaming\Synth Basics

2015-08-08 21:26 - 2015-08-08 21:26 - 0000268 ___RH () C:\Users\Xoe\AppData\Roaming\Synth Leads

2015-08-08 21:25 - 2015-08-08 21:25 - 0000268 ___RH () C:\Users\Xoe\AppData\Roaming\Trance Pad

2016-01-17 13:56 - 2016-01-17 13:56 - 0015799 _____ () C:\Users\Xoe\AppData\Local\recently-used.xbel

2016-03-11 19:28 - 2016-03-11 19:28 - 0000016 _____ () C:\ProgramData\mntemp

2015-08-08 21:25 - 2015-08-08 21:25 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT

2015-08-08 21:27 - 2016-06-20 12:22 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT

2015-08-08 21:26 - 2016-06-20 12:14 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT

2015-08-08 21:26 - 2015-10-08 22:23 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

2016-03-11 19:28 - 2016-03-11 19:28 - 0004107 _____ () C:\ProgramData\rxsmznjf.zcp

2015-08-08 21:26 - 2015-08-08 21:26 - 0000268 ___RH () C:\ProgramData\Synth Textures

2015-08-08 21:27 - 2015-08-08 21:27 - 0000268 ___RH () C:\ProgramData\System Image Utility

2015-08-08 21:26 - 2015-08-08 21:26 - 0000268 ___RH () C:\ProgramData\SystemConfiguration

2015-08-08 21:25 - 2015-08-08 21:25 - 0000268 ___RH () C:\ProgramData\Tribal Masks

Some files in TEMP:

====================

2016-12-29 21:03 - 2016-12-01 10:31 - 0050720 _____ (HP Inc.) C:\Users\Xoe\AppData\Local\Temp\ACLMInstaller.exe

2017-02-11 17:07 - 2017-01-19 11:19 - 211236256 _____ ( ) C:\Users\Xoe\AppData\Local\Temp\filmora_64bit_full846.exe

2017-04-10 10:20 - 2017-04-10 10:21 - 29079264 _____ (Gretech Corporation) C:\Users\Xoe\AppData\Local\Temp\GrLauncherTempSetup.exe

2017-01-13 20:53 - 2017-01-13 20:53 - 0737856 _____ (Oracle Corporation) C:\Users\Xoe\AppData\Local\Temp\jre-8u111-windows-au.exe

2017-04-08 13:25 - 2017-04-08 13:25 - 0739904 _____ (Oracle Corporation) C:\Users\Xoe\AppData\Local\Temp\jre-8u121-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-12 12:27

==================== End of FRST.txt ============================

ADDITIONS

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2017 01
Ran by Xoe (19-04-2017 13:31:51)
Running from C:\Users\Xoe\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-16 03:27:34)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2512842997-4247233269-2972442051-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2512842997-4247233269-2972442051-503 - Limited - Disabled)
Guest (S-1-5-21-2512842997-4247233269-2972442051-501 - Limited - Disabled) => C:\Users\Guest
Xoe (S-1-5-21-2512842997-4247233269-2972442051-1001 - Administrator - Enabled) => C:\Users\Xoe

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.243 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 3.3867232.1996558569.0 - Audible, Inc.)
AVG (Version: 16.71.7597 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4769 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.71.7597 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.7.452 - AVG Technologies)
AxiomCoders FB Limiter version 1.6.0 (HKLM\...\AxiomCoders FB Limiter_is1) (Version: 1.6.0 - AxiomCoders)
Backblaze (HKLM-x32\...\Backblaze) (Version: - Backblaze, Inc)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - Canon Inc.)
Canon MG3100 series On-screen Manual (HKLM-x32\...\Canon MG3100 series On-screen Manual) (Version: - )
Canon MG3100 series User Registration (HKLM-x32\...\Canon MG3100 series User Registration) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
Cold Turkey (Basic) (HKLM-x32\...\{6498E673-B9C2-4544-A722-1E854B5B573E}_is1) (Version: 1.2.5 Basic - Felix Belzile)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.1.5406 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.1.5406 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3121 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.1.3121 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.)
Darksiders II Deathinitive Edition (HKLM\...\Steam App 388410) (Version: - Gunfire Games)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Don't Starve (HKLM\...\Steam App 219740) (Version: - Klei Entertainment)
Dropbox (HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\Dropbox) (Version: 23.4.19 - Dropbox, Inc.)
Duplicate File Finder (HKLM-x32\...\{1041487C-12E6-47FE-B83A-E9891782C8FE}}_is1) (Version: 6.3 - Ashisoft)
Duplicate Photo Cleaner (HKLM\...\Duplicate Photo Cleaner_is1) (Version: - WebMinds, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - epubfilereader.com)
f.lux (HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\Flux) (Version: - )
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FMW 1 (Version: 1.82.3 - AVG Technologies) Hidden
foobar2000 v1.3.9 (HKLM-x32\...\foobar2000) (Version: 1.3.9 - Peter Pawlowski)
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.3.5254 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\Google Chrome SxS) (Version: 60.0.3073.0 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.6.14.19 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{DCD5C599-5CCC-4E37-8938-FBB548D780C6}) (Version: 2.5.3 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
LibreOffice 4.3.5.2 (HKLM-x32\...\{1D4E90DA-C33C-40ED-BA00-75F6E6DF9CB0}) (Version: 4.3.5.2 - The Document Foundation)
Malware Protection Live (HKLM-x32\...\MalwareProtectionLive) (Version: - ) <==== ATTENTION
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.523.1 - McAfee, Inc.)
Media Go (HKLM-x32\...\{65256C0D-3FE7-4D2E-BB3E-53F1175481C8}) (Version: 3.0.403 - Sony)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nectar Toolbar (HKLM-x32\...\Nectar Toolbar) (Version: 1.1.1 - AIMIA Coalition Loyalty UK Ltd)
NetWorx 5.5.2 (HKLM\...\NetWorx_is1) (Version: - Softperfect)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.1 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.3 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.16 - Nikon)
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
PyQt GPL v5.5.1 for Python v3.4 (x32) (HKLM-x32\...\PyQt GPL v5.5.1 for Python v3.4 (x32)) (Version: 5.5.1 - )
Python 3.2.3 (HKLM-x32\...\{789C9644-9F82-44d3-B4CA-AC31F46F5882}) (Version: 3.2.3150 - Python Software Foundation)
Python 3.3.4 (64-bit) (HKLM\...\{D7E79BB6-DBE5-33C5-B105-CE6871C59DB6}) (Version: 3.3.4150 - Python Software Foundation)
Python 3.4.3 (64-bit) (HKLM\...\{9529565f-e693-3f11-b3bf-8cd545f5f9a0}) (Version: 3.4.3150 - Python Software Foundation)
Python 3.5.0 (32-bit) (HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\{1197d2bb-6cf8-488a-b994-d5bf6d7efe7b}) (Version: 3.5.150.0 - Python Software Foundation)
Python 3.5.0 Add to Path (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Core Interpreter (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Development Libraries (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Documentation (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Executables (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Launcher (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 pip Bootstrap (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Standard Library (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Tcl/Tk Support (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Test Suite (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden
Python 3.5.0 Utility Scripts (32-bit) (x32 Version: 3.5.150.0 - Python Software Foundation) Hidden
qBittorrent 3.3.11 (HKLM-x32\...\qBittorrent) (Version: 3.3.11 - The qBittorrent project)
Quake (HKLM-x32\...\Steam App 2310) (Version: - id Software)
Quake II (HKLM-x32\...\Steam App 2320) (Version: - id Software)
Quake II: Ground Zero (HKLM-x32\...\Steam App 2340) (Version: - Rogue Entertainment)
Quake II: The Reckoning (HKLM-x32\...\Steam App 2330) (Version: - Xatrix Entertainment)
Quake Mission Pack 1: Scourge of Armagon (HKLM-x32\...\Steam App 9040) (Version: - Ritual Entertainment)
Quake Mission Pack 2: Dissolution of Eternity (HKLM-x32\...\Steam App 9030) (Version: - Rogue Entertainment)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.17 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.33 - REALTEK Semiconductor Corp.)
RTSpect 2.6 (HKLM-x32\...\RTSpect_is1) (Version: - Mark Huckvale)
ScreenRuler (HKLM-x32\...\{46243C14-2485-45EE-9B4E-609B71B5D5FF}) (Version: 3.0.5 - Claro Software)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
SolidCapture (HKLM-x32\...\{1978BDCF-E266-480F-9D91-B2971C464C30}) (Version: 3.0.218.0 - SolidDocuments)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spotify (HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
SuperCollider Version 3.8.0 (HKLM-x32\...\SuperCollider-3.8.0) (Version: 3.8.0 - SuperCollider Community)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
The Simsâ„¢ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.28.25.1020 - Electronic Arts Inc.)
TreeSize Free V4.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 4.0.1 - JAM Software)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.8.3 - Nikon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )
Wondershare Filmora(Build 8.1.0) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare Video Converter Ultimate(Build 8.8.0.3) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.8.0.3 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Xoe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Xoe\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Xoe\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Xoe\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2512842997-4247233269-2972442051-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Xoe\AppData\Roaming\Dropbox\bin\DropboxExt64.15.0.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {016D22D8-F632-41B8-9600-228DC633391B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {034F5240-1EC9-495D-B253-552B71C0D90F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {13A48114-16B0-4E11-AD32-F111F722C9C5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {13ECBD0B-0E86-467C-9A8B-D7D51DFC2A2E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2512842997-4247233269-2972442051-1001UA => C:\Users\Xoe\AppData\Local\Google\Update\GoogleUpdate.exe [2017-04-09] (Google Inc.)
Task: {1E38A96A-EA27-4A47-93C3-8E74C007B00F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-04-17] (Microsoft Corporation)
Task: {21F2FDF2-37D1-44CE-9A29-BD4F8C83490C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2492DB33-EAEE-4166-AF0C-02317D1B5B36} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2512842997-4247233269-2972442051-1001UA1d23798eaf41b64 => C:\Users\Xoe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {33297879-B0DF-447B-A75F-EF431412EDB6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {3AE5B2E9-BA48-4337-B5B8-E6753160B99C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {48477B06-2D65-41D4-99B2-47B3B8CC2D1D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4FB10F90-58E7-4A9A-858B-CABE3E34C7F1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {55E0EC16-40A1-4AB5-BF94-067B715A5B03} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2512842997-4247233269-2972442051-1001Core => C:\Users\Xoe\AppData\Local\Google\Update\GoogleUpdate.exe [2017-04-09] (Google Inc.)
Task: {5649536D-AD76-4DA7-91F3-7EC41806CED2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {5A384448-D291-4775-BB6E-64B90ED1ACF4} - System32\Tasks\0215tb_RML => C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe
Task: {5B1EDF40-8639-4AE7-A3DF-A9B7F185BA95} - System32\Tasks\0116avUpdateInfo => C:\ProgramData\Avg_Update_0116av\0116av_AVG-Secure-Search-Update.exe [2016-01-10] ()
Task: {639C5F3E-C88B-4B47-9991-44B8279B2C03} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {63FE5442-5851-4D65-9DE8-4D44B03D206C} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.)
Task: {75CDEDC9-C1CD-417F-B40A-1A20C20B1891} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7C324DAD-FEC5-44D1-A61A-A878F20E2EF9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7EC8CD97-F66A-4F0D-9477-DEE0F7EC70BD} - System32\Tasks\0215tbUpdateInfo => C:\ProgramData\Avg_Update_0215tb\0215tb_{E51D9B53-94E1-41B9-98B9-B960FD685A31}.exe [2015-03-20] ()
Task: {94C3EF05-37C6-45BC-B510-77E8AF5CC225} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-05] (Google Inc.)
Task: {9EE8F73F-7CC2-4EB4-849B-4B4B8FCC3196} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {A53B577E-4831-4B75-A1DD-ABFDC1CFE42B} - System32\Tasks\{AE298DBA-E1C3-4CFD-AA11-46DAD4CAECB8} => pcalua.exe -a "C:\Users\Xoe\Documents\M364 dvd\M364.EXE" -d "C:\Users\Xoe\Documents\M364 dvd"
Task: {A807E312-F60D-4F25-9542-C74EE5D54B2E} - System32\Tasks\{CAF2B9BC-4D7B-4408-B7C6-03309C25AFDD} => pcalua.exe -a C:\Users\Xoe\Downloads\AM_CDBurner.exe -d C:\Users\Xoe\Downloads
Task: {BE396489-6BCF-42D9-9565-DA1D54756958} - System32\Tasks\{FB677C32-23B3-4D5D-989C-DDFE941B1423} => pcalua.exe -a "C:\Program Files (x86)\Common Files\EAInstaller\The Sims 4\Cleanup.exe" -c uninstall_game -autologging
Task: {C18D0269-F9E7-4D5A-91AF-02C78ABD2D12} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2512842997-4247233269-2972442051-1001Core1d23798ea9e4694 => C:\Users\Xoe\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {DB88ECD9-EAD2-4E72-A3E6-DD82FF9AF599} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-05] (Google Inc.)
Task: {FA3E7698-4286-47F4-AA25-EF14F28ECFA1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-11] (Adobe Systems Incorporated)
Task: {FA5A22AA-77F7-4E15-9B3F-6F4314B8DCC6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\0215tbUpdateInfo.job => C:\ProgramData\Avg_Update_0215tb\0215tb_{E51D9B53-94E1-41B9-98B9-B960FD685A31}.exe
Task: C:\WINDOWS\Tasks\0215tb_RML.job => C:\Program Files (x86)\AVG Web TuneUp\AVG-Secure-Search-Update_0215tb.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2512842997-4247233269-2972442051-1001Core1d23798ea9e4694.job => C:\Users\Xoe\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2512842997-4247233269-2972442051-1001UA1d23798eaf41b64.job => C:\Users\Xoe\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForXoe.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-03-16 13:21 - 2017-03-04 08:19 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-03-17 14:21 - 2017-02-06 22:34 - 00981576 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2014-03-28 13:31 - 2014-03-28 13:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-12-27 23:33 - 2017-04-17 14:16 - 00443112 _____ () C:\Program Files (x86)\Backblaze\bzserv.exe
2014-11-24 19:31 - 2014-07-04 12:24 - 00094936 ____N () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-24 20:01 - 2014-04-14 19:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-03-16 13:21 - 2017-03-04 08:19 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-16 16:52 - 2016-08-16 16:52 - 00959168 _____ () C:\Users\Xoe\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2014-05-01 15:13 - 2016-09-10 15:21 - 00592384 _____ () C:\Users\Xoe\AppData\Local\MEGAsync\ShellExtX64.dll
2016-08-25 10:56 - 2015-02-27 14:38 - 00721263 _____ () C:\WINDOWS\SysWoW64\WSCM64.dll
2016-09-18 21:04 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-16 13:20 - 2017-03-04 07:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-16 13:21 - 2017-03-04 07:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-16 13:21 - 2017-03-04 07:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-16 13:21 - 2017-03-04 07:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-03-16 13:21 - 2017-03-04 07:05 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-03-16 13:21 - 2017-03-04 07:05 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-03-16 13:21 - 2017-03-04 07:08 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-03-28 13:36 - 2014-03-28 13:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2016-03-01 22:14 - 2016-02-16 15:04 - 00806400 _____ () C:\Program Files\NetWorx\sqlite.dll
2015-12-27 23:33 - 2017-04-17 14:16 - 00595176 _____ () C:\Program Files (x86)\Backblaze\bzbui.exe
2015-02-02 21:35 - 2017-02-06 22:34 - 02183752 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2015-12-27 23:33 - 2017-04-17 14:16 - 04463848 _____ () C:\Program Files (x86)\Backblaze\x64\bztransmit64.exe
2017-04-17 12:52 - 2017-04-17 11:02 - 03807064 _____ () C:\Users\Xoe\AppData\Local\Google\Chrome SxS\Application\60.0.3073.0\libglesv2.dll
2017-04-17 12:52 - 2017-04-17 11:02 - 00100184 _____ () C:\Users\Xoe\AppData\Local\Google\Chrome SxS\Application\60.0.3073.0\libegl.dll
2017-04-10 09:21 - 2017-04-10 09:22 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-04-10 09:21 - 2017-04-10 09:22 - 00189952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-04-10 09:21 - 2017-04-10 09:22 - 42507264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-04-10 09:21 - 2017-04-10 09:22 - 02334184 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\skypert.dll
2017-04-19 10:52 - 2017-04-19 10:52 - 00098816 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\win32api.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00110080 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\pywintypes27.dll
2017-04-19 10:52 - 2017-04-19 10:52 - 00364544 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\pythoncom27.dll
2017-04-19 10:52 - 2017-04-19 10:52 - 00320512 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\win32com.shell.shell.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00914432 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\_hashlib.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 01176576 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\wx._core_.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00806400 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\wx._gdi_.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00816128 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\wx._windows_.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 01067008 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\wx._controls_.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00733184 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\wx._misc_.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00682496 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\pysqlite2._sqlite.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00088064 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\_ctypes.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00686080 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\unicodedata.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00119808 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\win32file.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00108544 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\win32security.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00007168 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\hashobjs_ext.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00017920 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\thumbnails_ext.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00088064 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\usb_ext.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00012800 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\common.time34.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00018432 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\win32event.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00167936 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\win32gui.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00046080 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\_socket.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 01303552 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\_ssl.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00128512 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\_elementtree.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00127488 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\pyexpat.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00038912 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\win32inet.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00036864 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\_psutil_windows.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00524248 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\windows._lib_cacheinvalidation.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00011264 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\win32crypt.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00123392 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\wx._wizard.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00077312 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\wx._html2.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00027648 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\_multiprocessing.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00020480 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\_yappi.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00035840 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\win32process.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00078848 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\wx._animate.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00024064 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\win32pipe.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00010240 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\select.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00025600 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\win32pdh.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00017408 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\win32profile.pyd
2017-04-19 10:52 - 2017-04-19 10:52 - 00022528 ____R () C:\Users\Xoe\AppData\Local\Temp\_MEI69442\win32ts.pyd
2014-11-24 19:21 - 2013-12-10 16:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-04-06 12:19 - 2017-03-29 03:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-06 12:19 - 2017-03-29 03:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [273]
AlternateDataStreams: C:\ProgramData\Temp:5C305AE2 [196]
AlternateDataStreams: C:\Users\Xoe\Documents\Principles for Physical Fitness.pdf:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2017-04-14 17:33 - 00000879 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Xoe\Pictures\Saved Pictures\DSC_0357.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SimplePass"
HKLM\...\StartupApproved\Run: => "OPBHOBroker"
HKLM\...\StartupApproved\Run: => "OPBHOBrokerDesktop"
HKLM\...\StartupApproved\Run: => "CanonMyPrinter"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "CanonSolutionMenuEx"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Nikon Message Center 2"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9FB6F71DDDB7A5BB2591700729459C29"
HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\StartupApproved\Run: => "SolidCapture"
HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_26BD5E01A8E32BE058D9A9AFA222BFE9"
HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2512842997-4247233269-2972442051-1001\...\StartupApproved\Run: => "Sony PC Companion"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1D5F2CC4-0303-4020-B363-BDE02B2AB36F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{BCFDF90D-A4E4-4084-AC38-F5EF62106266}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{3D7BF6A2-25B6-4FCF-89E5-430FEF5DD1AC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{0AC479CD-EDF4-4977-BF38-5F8408680BB0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{3C3DDD66-093D-4FE6-8BFB-CE6743E2196B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{5E8EC04C-CCBA-4F4C-82E4-608B319691C8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{413747F6-8C7C-4D67-9731-A9DF8EE2221B}] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{21A2E9E2-E423-4268-B0E1-6B4E3DCAB663}] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{74FED47F-DD82-40A1-9795-A63C64019AF0}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{DE12853F-A620-472E-96C4-35892C5388A0}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{FEEE96B7-3EAE-4581-B8C3-927D7C468848}] => (Allow) C:\Program Files\NetWorx\networx.exe
FirewallRules: [{CC018D92-0137-4907-AA98-F7F1EA24D481}] => (Block) C:\users\xoe\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [{EC3C912E-4209-4074-8898-EAB0EFFCA7F4}] => (Block) C:\users\xoe\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{91ACC3EB-C24F-44A8-9EA4-921052455035}C:\users\xoe\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\xoe\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{AC639CAF-188E-4696-9DC7-B2CB9D026856}C:\users\xoe\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe] => (Allow) C:\users\xoe\appdata\local\programs\blackboard\blackboard collaborate launcher\resources\java\jre1.7.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{2A17DCCF-71BC-433A-BA2F-DF9D4736EE95}C:\program files (x86)\sony\media go\mediago.exe] => (Allow) C:\program files (x86)\sony\media go\mediago.exe
FirewallRules: [TCP Query User{7AB8E8B4-BE64-40C8-936A-78A20028CF02}C:\program files (x86)\sony\media go\mediago.exe] => (Allow) C:\program files (x86)\sony\media go\mediago.exe
FirewallRules: [{1653A56F-7417-42AC-AC2D-4D3979A971F1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{C26D51B0-0E51-41AE-8A35-F8F70476E9F0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{49F0AE7D-6344-42F2-AC80-0E2A273CD30B}] => (Block) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{7A63436B-9A30-4D79-A676-CE05C7932E8C}] => (Block) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{3470DFC1-470A-45AF-BFDC-B9701F84C592}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [TCP Query User{559591FB-AEA8-449C-8A79-7D9EF8E5F258}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{660D1221-5351-4ADE-AA2E-0C2B84A25782}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{F61A8DE8-44D7-4AC3-8345-5A2C94A01ECB}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{BAC4DC6B-3957-4224-B93B-AFBAC5ADD8EC}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [TCP Query User{6143FDC2-BF15-46D0-8E25-624772A835D9}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{4AC3AFD7-7B19-41E0-B640-4EFFD0AAEE22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{0D04F7E3-7CA3-45AE-BD8A-F528F74508F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [UDP Query User{D59050B8-16E1-48C1-844A-B7970EC509CD}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [TCP Query User{E29F7A28-C9CA-407A-9E92-CB48295037F7}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [{585B3842-289B-44AB-8579-B6CC426B3281}] => (Allow) C:\Users\Xoe\AppData\Local\Temp\nsr8DD7.tmp\CnetInstaller-10205472.exe
FirewallRules: [{87659A92-2D05-4D60-B335-030D8BA71B3C}] => (Allow) C:\Users\Xoe\AppData\Local\Temp\nsr8DD7.tmp\CnetInstaller-10205472.exe
FirewallRules: [{3798FFF8-DA00-4E61-B4C5-D033FE98F957}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7CDD343C-A38C-445B-B97E-A7B166E2072D}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D04B0CCB-5F2F-4995-94FB-C068145FC8C7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{2E900793-3892-440B-AAFB-3D969C2B22A3}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\java.exe
FirewallRules: [{DF5C38FD-8780-424B-B414-A258B0BB5E58}] => (Block) C:\program files (x86)\java\jre1.8.0_40\bin\java.exe
FirewallRules: [UDP Query User{40C71687-FB98-466D-B036-C81412CC2BD8}C:\program files (x86)\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\java.exe
FirewallRules: [TCP Query User{87C9504B-E462-4CAA-BCC6-1410B71597CF}C:\program files (x86)\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\java.exe
FirewallRules: [{3DD1FA1D-0D76-45A4-8360-05B426D6535E}] => (Allow) LPort=51001
FirewallRules: [UDP Query User{D211D089-2C97-4682-AB57-FC9C3F93A6A5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{A262E51E-7AF1-4BE7-9E08-A6B78A09F33B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{97A1F59F-CC7B-49B5-B1FA-BA8546E3A32F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jazzpunk\windows\Jazzpunk.exe
FirewallRules: [{857CFE9F-B108-4189-8D14-7FD2E9CF7F4D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CFAF3537-46A5-42A3-870A-3F2EE7B9E7CF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BFF68C09-8F13-4650-92A4-1D7FB1A1478C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2E63625E-F3DF-4F9F-9050-C8AE0C4987E3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{C9CACC00-6116-4099-B4AC-756C0C9F57EF}C:\windows\system32\runtimebroker.exe] => (Block) C:\windows\system32\runtimebroker.exe
FirewallRules: [UDP Query User{63A21CD6-7803-4CED-A1DE-7533133AF4E4}C:\windows\system32\runtimebroker.exe] => (Block) C:\windows\system32\runtimebroker.exe
FirewallRules: [TCP Query User{CBE8A7C3-2BA7-4490-8DB7-7450F46FF4F5}C:\program files (x86)\supercollider-3.8.0\sclang.exe] => (Allow) C:\program files (x86)\supercollider-3.8.0\sclang.exe
FirewallRules: [UDP Query User{D3173867-CAAB-458A-858F-17D3B32B46AA}C:\program files (x86)\supercollider-3.8.0\sclang.exe] => (Allow) C:\program files (x86)\supercollider-3.8.0\sclang.exe
FirewallRules: [{02E72998-0C44-4482-AD12-207D2ACDF57C}] => (Block) C:\program files (x86)\supercollider-3.8.0\sclang.exe
FirewallRules: [{85DA8C5A-B0E8-42B1-9EB7-A12AA0247D85}] => (Block) C:\program files (x86)\supercollider-3.8.0\sclang.exe
FirewallRules: [TCP Query User{A6621C52-4554-41C6-AD14-1E13B2B2CE0C}C:\program files (x86)\supercollider-3.8.0\scsynth.exe] => (Allow) C:\program files (x86)\supercollider-3.8.0\scsynth.exe
FirewallRules: [UDP Query User{B1FF8614-6B4A-462E-BA91-B58279D6C779}C:\program files (x86)\supercollider-3.8.0\scsynth.exe] => (Allow) C:\program files (x86)\supercollider-3.8.0\scsynth.exe
FirewallRules: [{B28134D5-A719-401F-BD0F-5CC78CF78816}] => (Block) C:\program files (x86)\supercollider-3.8.0\scsynth.exe
FirewallRules: [{8C8B4D71-FBED-4D3F-BCEB-604D022E7A2A}] => (Block) C:\program files (x86)\supercollider-3.8.0\scsynth.exe
FirewallRules: [{095140AA-3FAD-419E-8510-9EFEB6A91E4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
FirewallRules: [{30FF71D3-C1A7-4B91-886F-F8F28D4DB20B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
FirewallRules: [{A5A1685B-B504-4897-9828-9436BE4B290F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8DB3F70F-1CFC-4DE4-8A8F-3D0BCE871365}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{48522CB4-CC04-4A23-99F3-BF6B957E9F42}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8622E36E-0A18-4EC9-8DA1-9CC2ADA9382B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BB988252-E147-44B2-AAC0-06BE4BFA6E3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{4F3F82A3-5E84-4891-AAF5-D3B997FFC115}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{A1C978B3-8870-49E7-86AA-BC3543929D43}C:\users\xoe\documents\arduino-1.8.1\java\bin\javaw.exe] => (Block) C:\users\xoe\documents\arduino-1.8.1\java\bin\javaw.exe
FirewallRules: [UDP Query User{929F7C98-95E8-44A0-83E2-E41ECF6BAA00}C:\users\xoe\documents\arduino-1.8.1\java\bin\javaw.exe] => (Block) C:\users\xoe\documents\arduino-1.8.1\java\bin\javaw.exe
FirewallRules: [TCP Query User{A2E0315C-95FE-41FC-86F4-1514B7BBC3D1}C:\users\xoe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\xoe\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{114E61D9-983F-4F16-B806-59FA82371849}C:\users\xoe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\xoe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{11A0DEC1-E063-4FB4-A1E2-D51E8C8924F1}] => (Block) C:\users\xoe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A9165CFD-51F0-4B4A-937C-5B8522E76891}] => (Block) C:\users\xoe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B4D86E37-3772-4DDD-9794-E2152698B397}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TreeOfSavior\release\patch\tos.exe
FirewallRules: [{5D3C157F-6E6F-4F0C-9A8D-1F2BB3582688}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TreeOfSavior\release\patch\tos.exe
FirewallRules: [{F108FC50-2491-433A-B971-40EC8D68B927}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{B1BAF9DB-2D59-4553-922B-20C68B1E0845}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{F713E0E1-AB30-4E3F-BC48-C647F81B2DD2}] => (Allow) C:\Program Files (x86)\R.G. Mechanics\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{45B9E3AE-7514-4637-865C-C4FF0161874E}] => (Allow) C:\Program Files (x86)\R.G. Mechanics\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{A1F28A0D-8FB6-4B48-B2F2-C546057BDAA0}] => (Allow) C:\Program Files (x86)\R.G. Mechanics\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{9A3A3D0B-E9EE-4895-B665-8E4130F9DA59}] => (Allow) C:\Program Files (x86)\R.G. Mechanics\The Sims 4\Game\Bin\TS4_x64.exe
FirewallRules: [{6A76F4AE-2730-4427-BEA5-E9A4E53973CD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

17-04-2017 14:30:17 Windows Update
17-04-2017 14:33:12 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2017 01:09:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/19/2017 01:09:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\DCEXEC.EXE".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/19/2017 01:09:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\100\DTS\Binn\dtshost.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/19/2017 01:09:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\100\Tools\Binn\SQLdiag.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/19/2017 01:09:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\100\DTS\Binn\dtutil.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/19/2017 01:09:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\100\Tools\Binn\SQLCMD.EXE".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/19/2017 01:09:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\100\DTS\Binn\DTExec.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/19/2017 01:09:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\100\COM\qrdrsvc.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/19/2017 01:09:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\100\COM\logread.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/19/2017 01:09:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\Program Files\Microsoft SQL Server\100\COM\DISTRIB.exe".
Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.1833" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (04/19/2017 01:06:36 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/19/2017 12:51:08 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/19/2017 10:54:45 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (04/19/2017 10:51:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/19/2017 10:51:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/19/2017 10:51:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (04/19/2017 10:50:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WsAppService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/19/2017 10:50:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WsAppService service to connect.

Error: (04/19/2017 10:50:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ACProtector service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/19/2017 10:50:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ACProtector service to connect.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4288U CPU @ 2.60GHz
Percentage of memory in use: 47%
Total physical RAM: 8122.15 MB
Available physical RAM: 4231.63 MB
Total Virtual: 9402.15 MB
Available Virtual: 4842.16 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1374.27 GB) (Free:763.15 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.08 GB) (Free:2.36 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:218.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 39ED847C)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 0330F74F)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Operating Systems → Apple OSX → Is LastPass not just not working but actually harming my MacBook? Started by sue.words , 01 Nov 2020 LastPass, Safari and 2 more...	1 reply 3,390 views	sue.words 03 Nov 2020
Security → Virus, Spyware, Malware Removal → Multiple Infections - Overall slowness and running poorly [Closed] Started by GreenGal , 08 Oct 2017 virus, infection, slowness and 1 more... 1 2	Hot 16 replies 9,091 views	LiquidTension 03 Nov 2017
Software → Web Browsers and Email → Need help with chronic Firefox issue Started by andythebeagle , 04 Oct 2017 script, hanging, freezing and 4 more...	2 replies 3,601 views	andythebeagle 19 Oct 2017
Security → Virus, Spyware, Malware Removal → can't access HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Started by omhan , 13 May 2017 Possible Malware	1 reply 6,022 views	$can't access HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ - last post by Jr0x$ Jr0x 15 May 2017

#1
boudiccaeceni

Posted 19 April 2017 - 07:16 AM

Advertisements

#2
RKinner

Posted 19 April 2017 - 07:52 PM

Similar Topics

Also tagged with one or more of these keywords: log in problems, bad quality text, slowness, possible malware

Is LastPass not just not working but actually harming my MacBook?

Multiple Infections - Overall slowness and running poorly [Closed]

Need help with chronic Firefox issue

can't access HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

laptop suddenly slow, possible malware

#1 boudiccaeceni Posted 19 April 2017 - 07:16 AM

Advertisements

#2 RKinner Posted 19 April 2017 - 07:52 PM

Similar Topics

Also tagged with one or more of these keywords: log in problems, bad quality text, slowness, possible malware

Is LastPass not just not working but actually harming my MacBook?

Multiple Infections - Overall slowness and running poorly [Closed]

Need help with chronic Firefox issue

can't access HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us

Sign In

#1
boudiccaeceni

Posted 19 April 2017 - 07:16 AM

#2
RKinner

Posted 19 April 2017 - 07:52 PM