Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

requested resource is in use.. cannot run mc Affee or any other antivi

Started by aKay47 , Nov 24 2017 08:55 PM
antivirus disabled virus cannot access files can not delete virus

  • Please log in to reply

#1
aKay47
Posted 24 November 2017 - 08:55 PM

aKay47

    Member

  • Member
  • PipPip
  • 62 posts

I think I am in way over my head here.  I am suddenly getting Blue screens  and I can not open McAffee or any of the malicious software removal tools.  I also noticed that my computer is using way too much memory and there were processes i did not recognize in the task manager.  I need help! I read through other posts and i think i have a smart screen virus.  I did notice that i am locked out of accessing those files that look like they don't belong.  I am not the owner?!I know i can not do this by myself as I read through someone else's fix and I was lost.   I did download FRST64 however I am afraid that I could mess up the little bit of workability that i have on this computer if I try this alone

 

I am not very tech savy.  Please someone rescue me. 


  • 0

Advertisements

#2
DonnaB
Posted 24 November 2017 - 09:15 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi aKay47,

Welcome to GeeksToGo! :)

My name is Donna and I'll be helping you to help yourself clean up your computer. Tech savvy or not, together we can conquer the beast that has invaded your computer.

Please read this post completely before beginning. If there's anything that you do not understand, please don't hesitate to ask before proceeding.

Please take note of the guidelines for this fix:
  • Please note that I am a volunteer. I do have a family, a career, and other endeavors that may prevent immediate responses that meet your schedule. Do note that the differences in time zones could present a problem as well. Your patience and understanding will be greatly appreciated.
  • First of all, the procedures we are about to perform are specific to your problem and should only be used on this specific computer.
  • Do not make any changes to your computer that include installing/uninstalling programs, deleting files, modifying the registry, nor running scanners or tools of any kind unless specifically requested by me.
  • Please read ALL instructions carefully and perform the steps fully and in the order they are written.
  • If things appear to be better, let me know. Just because the symptoms no longer exist as before, does not mean that you are clean.
  • Continue to read and follow my instructions until I tell you that your machine is clean.
  • If you have any questions at all, please do not hesitate to ask before performing the task that I ask of you, and please wait for my reply before you proceed.
  • Scanning with programs and reading the logs do take a fair amount of time. Again, your patience will be necessary. :)
Now, let's begin our adventure in cleansing your computer.
  • Right click on the FRST64.exe and choose Run as administrator.
  • When the tool opens click Yes to disclaimer.
  • Give FRST64 a moment to check for updates. You'll see the message "The tool is ready to use" in the upper left corner of the bluish/grey part of the tools user interface screen when you can proceed with the following instructions.
  • Under Optional Scan make sure there is a checkmark in the box for Addition.txt to ensure it creates that 2nd log.
  • Press Scan button.
  • Please copy and paste both logs in your next reply.
Logs to include in your next post:

FRST.txt
Addition.txt
  • 1

#3
aKay47
Posted 24 November 2017 - 09:27 PM

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

I am trying to run the program however I can not see the text in the pop up box. it is blank ... I guess the virus wont allow it to show.. here is a screen shot of what i see.   


  • 0

#4
aKay47
Posted 24 November 2017 - 09:29 PM

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

also, once the program runs.  where will the logs be found?  yes i am that ignorant. 


  • 0

#5
DonnaB
Posted 24 November 2017 - 09:48 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
The log will be found wherever FRST is located. If you downloaded it to your desktop that is where the logs will be saved to. If downloaded to your downloads folder, the logs will be located there.

What Operating System (OS) is installed? Windows 10?

Try booting it into safe mode. I will need to know which (OS) is installed to provide instructions on how to enter safe mode if you're not sure how.
  • 0

#6
aKay47
Posted 24 November 2017 - 09:58 PM

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

windows 10  home version.  I couldn't see what it said but the scan tool is running right now.  should i stop it?  I have no idea if I had the right boxes checked .. I just clicked on the blue grey box at the top left and it started to do somethingl.


  • 0

#7
DonnaB
Posted 24 November 2017 - 10:01 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
No. Go ahead and let it run for now.
  • 0

#8
aKay47
Posted 24 November 2017 - 10:06 PM

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-11-2017 01
Ran by April (administrator) on APRILKAY (24-11-2017 19:30:02)
Running from C:\Users\April\Desktop
Loaded Profiles: April (Available Profiles: April & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
() C:\Windows\System32\tprdpw32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola_svc.exe
(Hola Networks Ltd.) C:\Program Files\Hola\app\hola.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\April\Desktop\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
() C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
() C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [VerizonCloud] => C:\Program Files\Verizon\VerizonCloud\VerizonCloud.exe [2136728 2015-12-03] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [2168416 2017-11-15] (Hola Networks Ltd.) <==== ATTENTION
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Vault Explorer Cache Watcher] => C:\Program Files (x86)\Verizon\Verizon Online Share Drive\vewatch.exe [17408 2012-07-31] (DigiData Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-04-10] (CyberLink Corp.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-21] (Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5885352 2017-06-29] (LogMeIn Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2017-03-28] (Adobe Systems Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [270912 2015-06-17] (CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-06-09] (CANON INC.)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272624 2013-02-05] (Microsoft Corporation)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [Google Update] => C:\Users\April\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-14] (Google Inc.)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [uTorrent] => C:\Users\April\AppData\Roaming\uTorrent\uTorrent.exe [1982144 2017-10-12] (BitTorrent Inc.)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [SynchronossPC] => C:\Program Files\Verizon\VerizonCloud\VerizonCloud.exe [2136728 2015-12-03] ()
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [B6DBB8B0EDF4FDF67A5BF46CB3DA12E3F5D4E945._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [74144 2012-08-10] (Hewlett-Packard Company)
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: F - "F:\setup.exe" 
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: {39843cd8-3120-11e3-be7b-b8763f38aa42} - "F:\TL_Bootstrap.exe" 
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\MountPoints2: {5595447e-4ef7-11e7-bfe1-b8763f38aa42} - "F:\setup.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-04-26]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.551\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Online Backup and Sharing for PC.lnk [2015-01-24]
ShortcutTarget: Verizon Online Backup and Sharing for PC.lnk -> C:\Program Files (x86)\Verizon\Verizon Online Backup and Sharing for PC\DigiData.Host.exe (DigiData)
Startup: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\beautify.exe.lnk [2017-04-27]
Startup: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-11-19]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{00d87d5b-ced8-43ce-9d2e-c589f797a6c2}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{9889cd4c-6234-4a7c-85ec-fdb5698dbf18}: [DhcpNameServer] 10.12.30.254 10.12.15.254
Tcpip\..\Interfaces\{eaadcf75-4d3f-478c-8478-412273d618fe}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
SearchScopes: HKLM -> {37745BC3-A4F1-40D2-BED1-CBDE5CDF93DA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {37745BC3-A4F1-40D2-BED1-CBDE5CDF93DA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
SearchScopes: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> {37745BC3-A4F1-40D2-BED1-CBDE5CDF93DA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> {A22EA8C9-539D-45F8-83B1-A8BD7130CE8B} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_01a233fd_1201_1401_20160526_US_ie_ds_&tag=bds-p10-serp-us-ie-20&query={searchTerms}
SearchScopes: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2017-09-05] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-09-05] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-04-07] (HP Inc.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
BHO-x32: Solution Real 1.0.0.7 -> {1bb456da-878f-44a5-b013-4bfe0ae02fce} -> C:\Program Files (x86)\Solution Real\SolutionRealBHO.dll => No File
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-08-24] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-25] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-25] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-04-07] (HP Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
IE Session Restore: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001 -> is enabled.
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2017-07-18] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-07-10] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-05-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-05-31] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-25] [Lagacy]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-07-22] [Lagacy]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-04-27] [Lagacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2015-10-29] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-25] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-10-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2017-03-13] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2751042415-2246998964-2558403214-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\April\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2751042415-2246998964-2558403214-1001: @talk.google.com/O1DPlugin -> C:\Users\April\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2751042415-2246998964-2558403214-1001: @tools.google.com/Google Update;version=3 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2751042415-2246998964-2558403214-1001: @tools.google.com/Google Update;version=9 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-2751042415-2246998964-2558403214-1001: hp.com/HPDetect -> C:\Users\April\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin ProgramFiles/Appdata: C:\Users\April\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\April\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://search.imesh.net/?sver=3&appid=73","hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\April\AppData\Local\Google\Chrome\User Data\Default [2017-11-24]
CHR Extension: (Google Translate) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-10-19]
CHR Extension: (Duolingo on the Web) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2017-04-17]
CHR Extension: (Google Voice Extension) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\aladafhcgmligibhilgpfncgdfccepgh [2013-10-02]
CHR Extension: (Docs) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (Fotor Photo Editor) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2017-09-04]
CHR Extension: (YouTube) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Guitarist's Reference) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\cddaabhppoebkmalboinjhgofbhdbcgk [2014-11-30]
CHR Extension: (One Number) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfkohgkpafhkpdcnfadadcibfboapggi [2013-10-02]
CHR Extension: (Plugins) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop [2016-10-22]
CHR Extension: (Google Search) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Guitar Tuner) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhglmpmegfnbclojedloihcbkemoiddi [2013-10-02]
CHR Extension: (Polarr Photo Editor) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\djonnbgfieijldcieafgjcnhmpcfpmgg [2017-11-15]
CHR Extension: (Guitar Tab Viewer) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkdmbkpfnfkhalmhebdelpldipheihng [2013-10-02]
CHR Extension: (Fotor Extension) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\eicdknplohdampjgndodmhblklhhnkbn [2017-05-08]
CHR Extension: (Google Docs Offline) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-21]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2017-07-08]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-11-08]
CHR Extension: (Vorsprung) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\henidbeahjgfpjmfakeeimkiikbijiph [2016-10-28]
CHR Extension: (Auto Show Texts in Google Voiceâ„¢) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhbkniagfcnoomhcaaoalkjmdejfmml [2013-10-02]
CHR Extension: (Kindle Cloud Reader) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-02-04]
CHR Extension: (Pixlr Editor) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2017-05-28]
CHR Extension: (SIGNtalk) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbninbhmfefcmefgkapeaflfagppahi [2017-06-25]
CHR Extension: (iPiccy Photo Editor) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2017-05-08]
CHR Extension: (Google Voice (by Google)) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2014-04-09]
CHR Extension: (Google Hangouts) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2017-05-04]
CHR Extension: (Google Play) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-10-22]
CHR Extension: (Tweaks for Google Voice™) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\lomidmppcdmojcgfnpfkmhbnakbnmaff [2016-12-07]
CHR Extension: (AdRemover for Google Chrome™) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcefmojpghnaceadnghednjhbmphipkb [2017-04-13]
CHR Extension: (Guitar Chords) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\megglpjmadjmghjegnallnhiknjnnjhh [2013-10-02]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-07-28]
CHR Extension: (Google Hangouts) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-11-01]
CHR Extension: (Google Voice Paginated Texts) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\necmgnhmkphmjpddncmklalagjebbbea [2016-12-07]
CHR Extension: (No Name) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-05-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2013-10-02]
CHR Extension: (Gmail) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\April\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj [2014-04-09]
CHR Profile: C:\Users\April\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-03-20]
CHR Profile: C:\Users\April\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-24]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
CHR HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [commhkacjheiacaopdonmodahaoadoln] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-28]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-17]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0291631511534851mcinstcleanup; C:\WINDOWS\TEMP\029163~1.EXE [1030904 2017-02-09] (McAfee, Inc.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021056 2016-03-03] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058416 2017-09-05] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
S2 Dataup; C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350576 2017-03-13] (WildTangent)
S2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [3418024 2017-06-29] (LogMeIn Inc.)
R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [20117088 2017-11-15] (Hola Networks Ltd.) <==== ATTENTION
R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [5622368 2017-02-21] (Hola Networks Ltd.) <==== ATTENTION
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
S2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-16] (HP Inc.)
S4 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S4 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 KMSServerService; C:\Program Files\KMSpico\KMSServer.exe [38454 2017-06-20] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-05-27] (LogMeIn, Inc.)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188264 2017-04-18] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [994312 2017-03-13] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.551\McCHSvc.exe [404376 2017-04-17] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\\McCSPServiceHost.exe [2054080 2017-02-28] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1344472 2017-02-24] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2017-01-18] (McAfee, Inc.)
S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [385112 2017-01-18] (McAfee, Inc.)
S2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [343792 2017-01-18] (McAfee, Inc.)
S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1543248 2017-05-31] (McAfee, Inc.)
S4 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1042288 2017-05-21] (Intel Security, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88464 2017-01-20] (McAfee, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 drmkpro64; C:\WINDOWS\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION
R3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2016-05-04] (LogMeIn Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [87928 2016-08-01] (McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487184 2017-01-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366328 2017-01-20] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-01-23] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518704 2017-01-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [923640 2017-01-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498648 2017-01-18] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109320 2017-01-18] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110256 2017-01-20] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2017-01-20] (McAfee, Inc.)
R1 MpKsl37fcc72e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA44C40B-E545-419B-9E92-3DF6D85B4E70}\MpKsl37fcc72e.sys [58120 2017-11-20] (Microsoft Corporation)
R1 MpKsl42d55bd0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F92B29A-CD48-468A-8FF5-6ECBC5DC3955}\MpKsl42d55bd0.sys [58120 2017-11-24] (Microsoft Corporation)
R1 MpKsl83ac0e4e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4FE2A090-80CA-40E8-99C7-3B318A160334}\MpKsl83ac0e4e.sys [58120 2017-11-15] (Microsoft Corporation)
R1 MpKslb1431338; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7E93B3FB-50CD-4AA1-9B1B-863DB0CF8BE1}\MpKslb1431338.sys [58120 2017-11-17] (Microsoft Corporation)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-03-18] (MediaTek Inc.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [252432 2016-03-24] (QUALCOMM Incorporated)
S3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-14] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-27] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
S1 azwtqkfi; \??\C:\WINDOWS\system32\drivers\azwtqkfi.sys [X]
S1 eoettcum; \??\C:\WINDOWS\system32\drivers\eoettcum.sys [X]
S1 hkotdgis; \??\C:\WINDOWS\system32\drivers\hkotdgis.sys [X]
S1 kzejxclx; \??\C:\WINDOWS\system32\drivers\kzejxclx.sys [X]
S1 nkbromna; \??\C:\WINDOWS\system32\drivers\nkbromna.sys [X]
S1 odvoxhdr; \??\C:\WINDOWS\system32\drivers\odvoxhdr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-24 19:30 - 2017-11-24 19:35 - 000043233 _____ C:\Users\April\Desktop\FRST.txt
2017-11-24 18:33 - 2017-11-24 18:33 - 000000000 ____D C:\Users\April\Desktop\FRST-OlderVersion
2017-11-24 18:32 - 2017-11-24 19:30 - 000000000 ____D C:\FRST
2017-11-24 14:53 - 2017-11-24 14:56 - 000557084 _____ C:\WINDOWS\Minidump\112417-100531-01.dmp
2017-11-23 23:34 - 2017-11-24 18:33 - 002393088 _____ (Farbar) C:\Users\April\Desktop\FRST64 (1).exe
2017-11-23 23:33 - 2017-11-23 23:34 - 002393088 _____ (Farbar) C:\Users\April\Downloads\FRST64 (1).exe
2017-11-17 22:31 - 2017-11-17 22:34 - 000557036 _____ C:\WINDOWS\Minidump\111717-49921-01.dmp
2017-11-17 22:19 - 2017-11-17 22:21 - 000419404 _____ C:\WINDOWS\Minidump\111717-64156-01.dmp
2017-11-17 21:31 - 2017-11-17 21:31 - 002392576 _____ (Farbar) C:\Users\April\Downloads\FRST64.exe
2017-11-16 17:31 - 2017-11-16 17:31 - 000116847 _____ C:\Users\April\Downloads\social security online Create a Login Account.pdf
2017-11-16 02:18 - 2017-11-16 02:18 - 000000000 ____D C:\ProgramData\HP
2017-11-16 02:18 - 2017-11-16 02:18 - 000000000 ____D C:\Program Files\HP
2017-11-15 14:05 - 2017-11-01 20:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-15 14:05 - 2017-11-01 20:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-15 14:05 - 2017-11-01 20:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 14:05 - 2017-11-01 20:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-15 14:05 - 2017-10-15 06:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-15 14:04 - 2017-11-01 21:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 14:04 - 2017-11-01 20:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-15 14:04 - 2017-11-01 20:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-15 14:04 - 2017-11-01 20:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-15 14:04 - 2017-11-01 20:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-15 14:04 - 2017-11-01 20:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-15 14:04 - 2017-11-01 20:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-15 14:04 - 2017-11-01 20:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 14:04 - 2017-11-01 20:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-15 14:04 - 2017-11-01 20:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-15 14:04 - 2017-11-01 20:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 14:04 - 2017-11-01 20:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-15 14:04 - 2017-11-01 20:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-15 14:04 - 2017-11-01 20:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-15 14:04 - 2017-11-01 20:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 14:04 - 2017-11-01 20:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 14:04 - 2017-11-01 20:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-15 14:04 - 2017-10-24 23:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 14:04 - 2017-10-15 07:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-15 14:04 - 2017-10-15 06:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-15 14:04 - 2017-10-15 06:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-15 14:04 - 2017-10-15 06:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-15 14:03 - 2017-11-01 20:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-15 14:03 - 2017-11-01 20:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 14:03 - 2017-11-01 20:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 14:03 - 2017-11-01 20:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 14:03 - 2017-11-01 20:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 14:03 - 2017-11-01 20:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 14:03 - 2017-11-01 20:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-15 14:03 - 2017-11-01 20:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-15 14:03 - 2017-11-01 20:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-15 14:03 - 2017-11-01 20:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 14:03 - 2017-11-01 20:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 14:03 - 2017-10-15 06:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-15 14:03 - 2017-10-15 06:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-15 14:03 - 2017-10-15 06:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-15 14:03 - 2017-10-15 06:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-15 14:03 - 2017-10-15 06:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-15 14:00 - 2017-11-01 20:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-15 14:00 - 2017-11-01 20:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-15 14:00 - 2017-11-01 20:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-15 14:00 - 2017-11-01 20:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-15 14:00 - 2017-11-01 20:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-15 14:00 - 2017-11-01 20:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 14:00 - 2017-11-01 20:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 14:00 - 2017-11-01 20:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 14:00 - 2017-11-01 20:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 14:00 - 2017-11-01 20:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 14:00 - 2017-11-01 20:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-15 14:00 - 2017-10-15 06:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-15 13:59 - 2017-11-01 21:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-15 13:59 - 2017-11-01 20:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-15 13:59 - 2017-11-01 20:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-15 13:59 - 2017-11-01 20:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 13:59 - 2017-11-01 20:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-15 13:59 - 2017-11-01 20:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-15 13:59 - 2017-10-15 07:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-15 13:59 - 2017-10-15 07:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-15 13:59 - 2017-10-15 06:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-15 13:45 - 2017-11-01 21:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-15 13:45 - 2017-11-01 20:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-15 13:45 - 2017-11-01 20:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-15 13:45 - 2017-11-01 20:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-15 13:45 - 2017-11-01 20:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-15 13:45 - 2017-11-01 20:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 13:44 - 2017-11-01 20:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-15 13:43 - 2017-11-01 21:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 13:43 - 2017-11-01 21:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-15 13:43 - 2017-11-01 21:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-15 13:43 - 2017-11-01 20:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-15 13:43 - 2017-11-01 20:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-15 13:43 - 2017-11-01 20:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-15 13:43 - 2017-11-01 20:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-15 13:43 - 2017-11-01 20:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-15 13:43 - 2017-11-01 20:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-15 13:43 - 2017-11-01 20:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-15 13:43 - 2017-11-01 20:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-15 13:43 - 2017-11-01 20:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-15 13:43 - 2017-11-01 20:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-15 13:43 - 2017-11-01 20:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 13:43 - 2017-11-01 20:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 13:43 - 2017-11-01 20:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 13:43 - 2017-10-15 06:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-15 13:43 - 2017-10-15 06:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-15 13:43 - 2017-10-15 06:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-15 13:43 - 2017-10-15 06:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-11-15 13:42 - 2017-11-01 21:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 13:42 - 2017-11-01 20:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-15 13:42 - 2017-11-01 20:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-15 13:42 - 2017-11-01 20:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-15 13:42 - 2017-11-01 20:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-15 13:42 - 2017-11-01 20:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-15 13:42 - 2017-11-01 20:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-15 13:42 - 2017-11-01 20:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-15 13:42 - 2017-11-01 20:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-15 13:42 - 2017-11-01 20:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-15 13:42 - 2017-11-01 20:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-15 13:42 - 2017-11-01 20:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 13:42 - 2017-10-15 06:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-15 13:41 - 2017-11-01 21:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 13:41 - 2017-11-01 21:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-15 13:41 - 2017-11-01 21:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-15 13:41 - 2017-11-01 20:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-15 13:41 - 2017-11-01 20:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-15 13:41 - 2017-11-01 20:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-15 13:41 - 2017-11-01 20:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 13:41 - 2017-11-01 20:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-15 13:41 - 2017-11-01 20:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-15 13:41 - 2017-11-01 20:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 13:41 - 2017-11-01 20:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-15 13:41 - 2017-11-01 20:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-15 13:41 - 2017-11-01 20:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-15 13:41 - 2017-11-01 20:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-15 13:41 - 2017-11-01 20:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 13:41 - 2017-11-01 20:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 13:41 - 2017-10-15 06:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-15 13:41 - 2017-10-15 06:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-15 13:41 - 2017-10-15 06:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-15 13:40 - 2017-11-01 21:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 13:40 - 2017-11-01 20:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-15 13:40 - 2017-11-01 20:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-15 13:40 - 2017-11-01 20:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-15 13:40 - 2017-10-15 06:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-15 13:40 - 2017-10-15 06:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-15 13:39 - 2017-11-01 21:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-15 13:39 - 2017-11-01 21:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 13:39 - 2017-11-01 21:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-15 13:39 - 2017-11-01 21:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-15 13:39 - 2017-11-01 20:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-15 13:39 - 2017-11-01 20:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 13:39 - 2017-11-01 20:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-15 13:39 - 2017-11-01 20:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 13:39 - 2017-10-15 06:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-15 13:39 - 2017-10-15 06:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-15 13:39 - 2017-10-15 06:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-15 13:38 - 2017-11-01 21:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-15 13:38 - 2017-11-01 21:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 13:38 - 2017-11-01 21:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-15 13:38 - 2017-11-01 20:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-15 13:38 - 2017-11-01 20:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 13:38 - 2017-11-01 20:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 13:38 - 2017-11-01 20:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-15 13:38 - 2017-11-01 20:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 13:38 - 2017-11-01 20:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 13:38 - 2017-11-01 20:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-15 13:38 - 2017-11-01 20:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 13:38 - 2017-11-01 20:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 13:38 - 2017-11-01 20:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 13:38 - 2017-11-01 20:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 13:38 - 2017-11-01 20:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-15 13:38 - 2017-11-01 20:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 13:38 - 2017-10-15 06:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-15 13:38 - 2017-10-15 06:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-15 13:38 - 2017-10-15 06:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-15 13:37 - 2017-11-01 21:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-15 13:37 - 2017-11-01 21:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-15 13:37 - 2017-11-01 21:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-15 13:37 - 2017-11-01 21:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-15 13:37 - 2017-11-01 21:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-15 13:37 - 2017-11-01 21:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-15 13:37 - 2017-11-01 21:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-15 13:37 - 2017-11-01 21:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-15 13:37 - 2017-11-01 20:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-15 13:37 - 2017-11-01 20:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-15 13:37 - 2017-11-01 20:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-15 13:37 - 2017-11-01 20:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-15 13:37 - 2017-11-01 20:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-15 13:37 - 2017-11-01 20:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-15 13:37 - 2017-11-01 20:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-15 13:37 - 2017-11-01 20:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-15 13:37 - 2017-11-01 20:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-15 13:37 - 2017-10-15 06:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-15 13:37 - 2017-10-15 06:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-15 13:36 - 2017-11-01 21:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-15 13:36 - 2017-11-01 21:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-15 13:36 - 2017-11-01 21:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-15 13:36 - 2017-11-01 21:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-15 13:36 - 2017-11-01 21:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 13:36 - 2017-10-15 06:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-15 13:36 - 2017-10-15 06:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-15 13:35 - 2017-11-01 21:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 13:35 - 2017-11-01 21:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-15 13:35 - 2017-11-01 21:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-15 13:35 - 2017-11-01 21:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-15 13:35 - 2017-11-01 21:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-15 13:35 - 2017-11-01 21:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-15 13:35 - 2017-11-01 21:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-15 13:35 - 2017-11-01 21:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 13:35 - 2017-11-01 21:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-15 13:35 - 2017-11-01 21:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-15 13:35 - 2017-11-01 21:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-15 13:35 - 2017-11-01 21:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-15 13:35 - 2017-11-01 21:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-15 13:35 - 2017-11-01 21:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-15 13:35 - 2017-11-01 21:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-15 13:35 - 2017-11-01 20:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-15 13:35 - 2017-11-01 20:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-15 13:35 - 2017-11-01 20:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-15 13:35 - 2017-11-01 20:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-15 13:35 - 2017-11-01 20:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-15 13:35 - 2017-10-15 06:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-15 13:35 - 2017-10-15 06:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-12 21:20 - 2017-11-12 21:20 - 000830656 _____ C:\Users\April\Downloads\kilo credit.pdf
2017-11-12 19:56 - 2017-11-12 19:56 - 000137669 _____ C:\Users\April\Downloads\DAVID ARREST.pdf
2017-11-08 04:55 - 2017-11-08 04:57 - 000509980 _____ C:\WINDOWS\Minidump\110817-35312-01.dmp
2017-11-06 19:00 - 2017-11-06 19:00 - 000002029 _____ C:\Users\April\Desktop\Canon IJ Network Tool (2).lnk
2017-11-06 19:00 - 2017-11-06 19:00 - 000001291 _____ C:\Users\April\Desktop\Google Chrome (2).lnk
2017-11-06 19:00 - 2017-11-06 19:00 - 000001099 _____ C:\Users\April\Desktop\Connected Music powered by Meridian.lnk
2017-11-06 19:00 - 2017-11-06 19:00 - 000000903 _____ C:\Users\April\Desktop\Adobe Acrobat XI - Shortcut.lnk
2017-11-05 01:38 - 2017-11-05 01:39 - 000412108 _____ C:\WINDOWS\Minidump\110517-37015-01.dmp
2017-11-04 01:56 - 2017-11-04 01:56 - 000000279 _____ C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2017-11-02 14:17 - 2017-11-02 14:17 - 000000000 ___HD C:\OneDriveTemp
2017-10-29 10:32 - 2017-10-29 10:32 - 000000000 ___HD C:\$WINDOWS.~BT
2017-10-28 01:53 - 2017-10-28 01:53 - 000033683 _____ C:\Users\April\Documents\received_1634761773221496.jpeg
2017-10-28 01:38 - 2017-10-28 01:38 - 000264536 _____ C:\Users\April\Documents\received_10210300136400634.jpeg
2017-10-28 01:36 - 2017-10-28 01:36 - 000136153 _____ C:\Users\April\Documents\received_10210300117720167.jpeg
2017-10-27 12:48 - 2017-10-27 12:53 - 000599692 _____ C:\WINDOWS\Minidump\102717-102640-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-24 18:46 - 2017-03-18 13:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-24 18:44 - 2013-10-09 11:18 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-11-24 17:43 - 2017-05-22 00:19 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-24 17:38 - 2017-05-22 01:02 - 001946386 _____ C:\WINDOWS\system32\perfh007.dat
2017-11-24 17:38 - 2017-05-22 01:02 - 000508454 _____ C:\WINDOWS\system32\perfc007.dat
2017-11-24 17:38 - 2017-05-22 00:27 - 000007208 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-24 17:26 - 2013-10-31 18:25 - 000000000 __RDO C:\Users\April\SkyDrive
2017-11-24 17:25 - 2016-05-19 00:27 - 000000000 __SHD C:\Users\April\IntelGraphicsProfiles
2017-11-24 14:54 - 2017-08-23 23:24 - 000000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForApril.job
2017-11-24 14:54 - 2017-05-22 01:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-24 14:53 - 2017-05-22 10:03 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-24 14:53 - 2015-01-31 06:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-11-24 14:53 - 2014-03-06 20:04 - 729465080 _____ C:\WINDOWS\MEMORY.DMP
2017-11-24 11:11 - 2017-04-28 00:03 - 000000000 ____D C:\Users\April\AppData\Local\ntuserlitelist
2017-11-24 08:52 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-24 07:28 - 2017-03-18 13:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-24 07:28 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-24 06:53 - 2015-01-22 12:33 - 000000000 ____D C:\Program Files\Common Files\McAfee
2017-11-24 06:52 - 2017-05-22 01:15 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-11-24 06:47 - 2015-01-22 12:33 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-11-24 02:45 - 2017-04-27 21:51 - 000000000 ____D C:\Users\April\AppData\Local\BeautifyDesktop
2017-11-23 23:29 - 2017-05-22 01:15 - 000004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1E0E4AD9-125A-46E6-839B-185C01240A94}
2017-11-23 23:09 - 2015-01-31 06:47 - 000000000 __RSD C:\Users\April\Documents\McAfee Vaults
2017-11-23 22:34 - 2017-07-15 21:50 - 000001291 _____ C:\Users\April\Desktop\Google Chrome.lnk
2017-11-23 02:45 - 2017-08-23 23:24 - 000003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForApril
2017-11-21 20:18 - 2017-10-13 13:59 - 000000000 ____D C:\Users\April\AppData\LocalLow\Canon Easy-WebPrint EX
2017-11-21 09:02 - 2017-03-18 03:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-20 22:08 - 2015-01-22 12:09 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-17 22:24 - 2017-05-22 00:28 - 000000000 ____D C:\Users\April
2017-11-17 19:49 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-15 18:54 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\rescache
2017-11-15 18:46 - 2013-10-10 21:35 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-11-15 18:45 - 2013-08-22 05:25 - 000000301 _____ C:\WINDOWS\win.ini
2017-11-15 18:32 - 2013-10-02 07:03 - 000000000 ____D C:\Users\April\AppData\Local\ElevatedDiagnostics
2017-11-15 18:05 - 2016-02-13 05:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-15 18:00 - 2017-03-18 13:01 - 000000000 ____D C:\WINDOWS\INF
2017-11-15 17:58 - 2017-05-22 00:19 - 000405488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-15 17:56 - 2014-06-12 10:19 - 000000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAPRILKAY$.job
2017-11-15 17:55 - 2017-03-18 03:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-11-15 17:52 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-15 17:52 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-15 17:52 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-15 17:52 - 2017-03-18 13:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-15 17:52 - 2017-03-18 13:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-15 17:30 - 2017-05-22 01:15 - 000003290 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAPRILKAY$
2017-11-15 15:04 - 2017-03-18 12:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-15 12:49 - 2017-05-22 01:15 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-11-15 12:46 - 2016-10-21 21:41 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-14 23:56 - 2017-05-22 01:15 - 000003710 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001UA1d257efe2e63987
2017-11-14 23:56 - 2017-05-22 01:15 - 000003442 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001Core1d257efe2a75280
2017-11-14 23:51 - 2017-05-22 01:15 - 000004538 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-11-14 23:51 - 2017-05-22 01:15 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-14 23:51 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-14 23:51 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-14 13:49 - 2013-10-02 07:27 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-13 23:33 - 2017-05-22 01:15 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-13 23:33 - 2017-05-22 01:15 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-06 19:01 - 2017-07-22 03:08 - 000000000 ____D C:\Users\April\Desktop\Adobe Acrobat XI
2017-11-05 01:58 - 2017-05-24 03:29 - 000000000 ____D C:\Users\DefaultAppPool
2017-11-04 17:40 - 2017-03-18 13:06 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 17:40 - 2017-03-18 13:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-02 14:17 - 2017-07-22 10:07 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2751042415-2246998964-2558403214-1001
2017-11-02 14:16 - 2016-05-19 00:41 - 000002405 _____ C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-10-29 10:33 - 2017-05-21 21:50 - 000000000 ___DC C:\WINDOWS\Panther
2017-10-27 23:09 - 2017-05-22 01:23 - 000001908 _____ C:\WINDOWS\diagwrn.xml
2017-10-27 23:09 - 2017-05-22 01:23 - 000001908 _____ C:\WINDOWS\diagerr.xml
2017-10-27 13:01 - 2016-11-27 08:53 - 000000000 ___RD C:\Users\April\Verizon Cloud Sync
2017-10-27 13:01 - 2013-10-11 11:06 - 000000000 ____D C:\Users\April\Tracing
2017-10-26 11:07 - 2015-04-28 15:30 - 000000000 ____D C:\Users\April\AppData\Local\LogMeIn Hamachi
 
==================== Files in the root of some directories =======
 
2017-04-13 12:22 - 2017-04-13 12:22 - 007639040 _____ () C:\Program Files (x86)\GUTEA25.tmp
2016-01-26 04:35 - 2017-01-05 01:05 - 000007595 _____ () C:\Users\April\AppData\Local\Resmon.ResmonCfg
2017-04-27 21:40 - 2017-04-27 21:40 - 000002048 _____ () C:\Users\April\AppData\Local\uninstallro.exe
2014-09-30 00:01 - 2014-09-30 00:01 - 000000000 _____ () C:\Users\April\AppData\Local\{26A95307-47D9-44BF-AF14-EABC861C7C64}
2014-09-29 00:01 - 2014-09-29 00:01 - 000000000 _____ () C:\Users\April\AppData\Local\{50328719-06DF-49DB-8B69-7C03A6642321}
2014-09-23 00:01 - 2014-09-23 00:01 - 000000000 _____ () C:\Users\April\AppData\Local\{6C04BF0D-0783-4B63-A191-87208C96AA0B}
2015-09-06 12:34 - 2015-09-06 12:34 - 000000000 _____ () C:\Users\April\AppData\Local\{7D82360C-B7B5-4ECC-B169-205C12967018}
 
Files to move or delete:
====================
C:\Program Files\Hola\app\hola.exe
 
 
Some files in TEMP:
====================
2017-05-31 07:34 - 2017-05-31 07:34 - 000010520 _____ () C:\Users\April\AppData\Local\Temp\BullseyeCoverage-x86-3.dll
2017-06-20 14:18 - 2017-06-20 14:18 - 002861152 _____ (Hola Networks Ltd.) C:\Users\April\AppData\Local\Temp\Hola-Setup-x64-1.34.855.exe
2017-09-05 22:45 - 2017-09-05 22:45 - 000175416 ____T (Symantec Corporation) C:\Users\April\AppData\Local\Temp\SCC.dll
2017-11-16 02:18 - 2017-10-17 14:01 - 000927784 _____ () C:\Users\April\AppData\Local\Temp\TAInstaller.exe
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\fwcfg.dll
C:\Windows\SysWOW64\Windows.System.Diagnostics.Telemetry.PlatformTelemetryClient.dll
C:\Windows\System32\fwcfg.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\ndistpr64.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2017-11-17 02:11
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2017 01
Ran by April (24-11-2017 19:37:18)
Running from C:\Users\April\Desktop
Windows 10 Home Version 1703 15063.726 (X64) (2017-05-22 11:11:59)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2751042415-2246998964-2558403214-500 - Administrator - Disabled)
April (S-1-5-21-2751042415-2246998964-2558403214-1001 - Administrator - Enabled) => C:\Users\April
DefaultAccount (S-1-5-21-2751042415-2246998964-2558403214-503 - Limited - Disabled)
Guest (S-1-5-21-2751042415-2246998964-2558403214-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2751042415-2246998964-2558403214-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
4 Elements II (HKLM-x32\...\WTA-ef65e410-974d-46a7-bc19-e92d9f4d7e90) (Version: 2.2.0.98 - WildTangent) Hidden
Active@ Boot Disk 10 (HKLM-x32\...\{9770BCC6-C50D-41D7-AE07-5B796D630052}_is1) (Version: 10 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.20 - Adobe Systems)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.6 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{49F51ACB-7CDD-3728-1E9E-49398FF8BA95}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AVIGenerator 1.8.0.0 (HKLM-x32\...\AVIGenerator) (Version: 1.8.0.0 - )
Bejeweled 3 (HKLM-x32\...\WTA-e35bc750-31fc-4947-b563-7eeaf2884b61) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (HKLM-x32\...\WTA-c6f54e1e-b78f-4eb7-b83f-9dc46e5b44c6) (Version: 2.2.0.98 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.7.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.0.19 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.3.1.4 - Canon Inc.)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.5.2 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.5.2 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.7.1 - Canon Inc.)
Canon TS5000 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS5000_series) (Version: 1.01 - Canon Inc.)
Canon TS5000 series On-screen Manual (HKLM-x32\...\Canon TS5000 series On-screen Manual) (Version: 1.1.0 - Canon Inc.)
Canon TS5000 series User Registration (HKLM-x32\...\Canon TS5000 series User Registration) (Version:  - ‭Canon Inc.)
Chuzzle Deluxe (HKLM-x32\...\WTA-742ccb6f-b1bf-49dc-a215-1e958ad66a38) (Version: 2.2.0.95 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-837a9cfe-991c-46c5-b0bb-e7008be29aad) (Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-89dfc2e3-cf01-4092-9088-1e0a87819cbb) (Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.8.5511 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DragonBoost (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\DragonBoost) (Version:  - ) <==== ATTENTION
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (HKLM-x32\...\WTA-073d8289-e4b7-451f-9203-b739d5aeab0c) (Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (HKLM-x32\...\WTA-be44d8a2-c7ed-4257-ad57-67a66b8e946b) (Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (HKLM-x32\...\WTA-96e9659b-ea02-4dbe-a569-4803e370d1ac) (Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (HKLM-x32\...\WTA-c9eba096-c976-4c75-ad23-db15430a459d) (Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-86cbf3bf-b897-4b80-9d18-e7e1aa6b6e0c) (Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hola™ 1.70.574 - Better Internet (HKLM\...\Hola) (Version: 1.70.574 - Hola Networks Ltd.) <==== ATTENTION
Hoyle Card Games (HKLM-x32\...\WTA-65da518b-433c-448f-8303-616cb8dbc34b) (Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\HPConnectedMusic) (Version: 1.1 (build 106) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{18DE31AE-70D0-43A7-9E3C-2ED7283ECE8A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.5.37.19 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.8.37.11 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1434 - HP Inc.)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
IHA_MessageCenter (HKLM-x32\...\{3EECDAD2-50D8-41B2-A8BA-359ED85D2D5F}) (Version: 1.9.1 - Verizon)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3097 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.2.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IPCMultiViewSetup (HKLM-x32\...\{1C375B52-884F-40C1-A962-7F20048A7420}) (Version: 1.0.0 - IPCamera)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-db329c41-02b5-4c0d-90c5-0a422c4a4ace) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-fea4321d-d522-4a20-b715-1e89256e3701) (Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (HKLM-x32\...\{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
K-Lite Codec Pack 13.1.6 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.1.6 - KLCP)
KMSpico v9.0.4.20131110 (Beta2) (HKLM\...\KMSpico_is1) (Version: 9.0.4.20131110 - )
LogMeIn Hamachi (HKLM-x32\...\{BE82D2D7-6CA2-43B3-8C22-CCF6405806E7}) (Version: 2.2.0.579 - LogMeIn, Inc.) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.579 - LogMeIn, Inc.)
Luxor Evolved (HKLM-x32\...\WTA-40a1e484-65e8-44b4-ac98-65377b9ab27b) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (HKLM-x32\...\WTA-61987586-0ab0-4606-9df6-c27b15c18995) (Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4981.1001 - Microsoft Corporation)
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Core Components (x86) ENU  (HKLM-x32\...\{7AC8EF88-D996-4D47-B40C-4DD93E307481}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Sync Framework 2.1 Provider Services (x86) ENU  (HKLM-x32\...\{77610794-D144-422E-82B2-77BBE9052FDA}) (Version: 2.1.1648.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Professional Edition 9.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version:  - MiniTool Solution Ltd.)
Mortimer Beckett and the Crimson Thief Premium Edition (HKLM-x32\...\WTA-e380f873-2320-4813-9a4e-f3148386489e) (Version: 2.2.0.98 - WildTangent) Hidden
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (HKLM-x32\...\{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}) (Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (HKLM\...\{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}) (Version: 5.4.0 - Motorola Inc.) Hidden
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-385406e8-ac4b-4241-b42a-408bfc920bbe) (Version: 2.2.0.98 - WildTangent) Hidden
Nero 8 Micro 8.3.6.0 (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.6.0 - Updatepack.nl)
NetViewer 2.1.348.0 (HKLM-x32\...\NetViewer) (Version: 2.1.348.0 - )
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4981.1001 - Microsoft Corporation) Hidden
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Peggle Nights (HKLM-x32\...\WTA-6a634b0f-fe68-4c90-bd5c-7d3226690a21) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-93ddd3cf-ffcf-4017-969d-8cf4a8fc7763) (Version: 2.2.0.98 - WildTangent) Hidden
PlayBack 1.0.1.14 (HKLM-x32\...\PlayBack) (Version: 1.0.1.14 - )
Polar Bowler (HKLM-x32\...\WTA-9bdfb1ba-787f-40f6-8803-2da3af3a1938) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-201ac228-bcd5-4839-95a2-cb5a9f228b17) (Version: 2.2.0.98 - WildTangent) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}) (Version: 9.0.715.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Roads of Rome 3 (HKLM-x32\...\WTA-e7fce72e-fa39-48d9-b326-239dae7772d0) (Version: 2.2.0.98 - WildTangent) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Stellar Phoenix Windows Data Recovery - Professional (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Professional_is1) (Version: 6.0.0.0 - Stellar Information Systems Ltd)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-692ce175-eb92-4d57-a952-b0d69f8f66fc) (Version: 2.2.0.110 - WildTangent) Hidden
Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB4011255) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{2449D2C4-C30E-4854-9A5E-59AA60DE216B}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UserTesting.com Recorder Plugin (HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\UserTestingPlugin) (Version:  - UserTesting.com)
Vacation Quest™ - Australia (HKLM-x32\...\WTA-7e5996d0-ae63-495c-8e4c-942a5e5e23f8) (Version: 2.2.0.98 - WildTangent) Hidden
Verizon Cloud (HKLM\...\Verizon Cloud) (Version: 15.3.7.9 - Verizon)
Verizon Online Backup and Sharing for PC (HKLM-x32\...\{00CBEAB1-3FF4-4A94-AA71-237297D75526}) (Version: 5.1.24.11 - Verizon)
Verizon Online Share Drive (HKLM-x32\...\{606DBC4C-CFC8-4437-A2D8-64A88351BB47}) (Version: 2.1.11 - Verizon)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.5.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
ZPlayer version 1.0.15.0 (HKLM-x32\...\{A75F6799-58BE-4cfa-AA94-8A9173C6AA7B}_is1) (Version: 1.0.15.0 - )
Zuma's Revenge (HKLM-x32\...\WTA-bb74e17d-6a9d-4992-a1bf-59e639543a0a) (Version: 2.2.0.98 - WildTangent) Hidden
Zviewer version 2.0.0.10 (HKLM-x32\...\{1B00336F-393F-4DC7-9956-42C69ED6565E}_is1) (Version: 2.0.0.10 - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\April\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)
ContextMenuHandlers1: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.ContextMenus.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2012-07-26] (Cyberlink)
ContextMenuHandlers4: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.ContextMenus.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers5: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.ContextMenus.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)
ContextMenuHandlers6: [VerizonCtxMenu] -> {8CA825D9-C7DB-4833-9901-E7400521CE04} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.ContextMenus.dll [2015-12-03] (Synchronoss Technologies Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03516F4F-0CA0-42C0-A53F-36384E5CB315} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {08F1B00C-84DB-4F97-AC9D-6E1D1651A152} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {0FF914FB-019D-4A3B-B2E2-A42FFF4E2177} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1893CD82-97F3-4F46-9241-A24F6000BF51} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {19B45630-1933-4C9A-AA47-8569C68A7D3B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {1EABA3E7-E481-4536-B0F7-8E7998D9D39C} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {1F70A3FF-F9A3-4C92-AE67-75E107E6C729} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {25FD071C-454F-4626-9216-3B3C03522C14} - System32\Tasks\HPCeeScheduleForApril => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {2A23B3FB-93B4-424D-B4B8-3142D95620FC} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-16] ()
Task: {2A5C7EE7-67F5-4D07-A6CE-BA80D704CEE1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {2B4BC560-AF1C-4EDE-A075-E1010AFD3CBC} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-05-31] (McAfee, Inc.)
Task: {305D3FF9-FD13-4933-8213-DE556BAC4318} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001UA1d257efe2e63987 => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {338D5739-A62F-48EB-825D-B3583A072594} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3795C737-5A09-4980-91E8-DB965BD343CB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {3D641F02-80B9-488E-A6EC-39BC981AB4D3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001Core => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {3E5D69AD-FAAE-47E9-9512-ED83D6EB8328} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_27_0_0_187_pepper.exe [2017-11-14] (Adobe Systems Incorporated)
Task: {3F716B81-CE98-4DC4-86A2-0E034BD0274F} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {41B20BC2-667A-4FF3-8B74-C0CB73F78C8C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001UA => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {42B07A2F-EE96-4D9D-ADAA-8E058A837C38} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {438FF447-4C42-4A66-9F8E-45EA37A26D8E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {453BF074-2835-4457-BD55-567FC4BC13F1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {4C873FCD-2F87-44C3-AE28-2CECF9BB4645} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {516DC611-9D8F-472E-A5FA-E0BC96E04CCB} - System32\Tasks\HPCeeScheduleForAPRILKAY$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {52AF8A46-4A6F-4BBD-B107-12B5D66D8637} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {53ACC885-D0EF-446D-97DB-5B5B9A368ED4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {59E8A881-1394-45E8-9721-AE22227B6186} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-09-05] (Microsoft Corporation)
Task: {5C3E60E8-2B3C-4A6E-B88A-9488084B00B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {5C8C518B-5F80-44EE-8805-67BD1F123601} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6AC31E10-BBB9-49B7-8820-2EBBE618CCF0} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-05-10] ()
Task: {6BB952AB-9BE0-4CE2-A6BA-B9C486B0F50A} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {7C55B1F4-8F4E-4C5C-9170-FF8A65D3FCF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {7E4D6F1A-F926-4D1B-9E02-1611C15F5A16} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7EE9C0AB-9F00-4AA6-84F3-49216534F39C} - \WPD\SqmUpload_S-1-5-21-2751042415-2246998964-2558403214-1001 -> No File <==== ATTENTION
Task: {87FABF81-9ADD-4872-AE58-C151210D4CD2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {88126F71-7126-4B04-AD7D-6D848BEAB97B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {8AB20F1F-B79E-4C1C-B636-AEFCE85B0434} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
Task: {8BF5180A-EC42-453A-9E50-A7A74AED0B98} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {8E98C408-C55D-47EA-AC21-28F7E696F55E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {90DB022D-742E-43C4-B006-2D5679C1DA89} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {94D35FC4-BF49-44F8-A3BC-50282E2A59FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {A3206F36-1B48-4A73-BFF1-56DA74FC0138} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B2A96232-71C1-48B7-A7B0-AC9AE7D8D2E9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BD74DDFA-4AB0-4379-B2F4-D558BFE44FCF} - System32\Tasks\{531BBD63-DB5D-4531-A255-17EEC2DEB6F2} => C:\WINDOWS\system32\pcalua.exe -a F:\setup.exe -d F:\
Task: {C6687B24-0D24-49E1-AF81-8CAA842D2F9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CA1A7FB1-DF48-429F-A1B2-67374C921951} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-04-27] (Synaptics Incorporated)
Task: {CD321F0F-AA3B-4033-879F-B9FB731F6C76} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {D2DBB54F-F9FA-4E0C-A688-D60E872C26BD} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATTENTION
Task: {D917C74E-6C91-4389-B1B9-528600A7069C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001Core1d257efe2a75280 => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F037890D-BBFF-4886-8EC6-6C641AEDA471} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FC108894-32D3-4230-80D4-90824E1AA4E3} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {FC9A8789-6F92-4F92-BD92-1CFCA142A738} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {FF0EE298-FC3A-4696-B70C-E4986F1C8FC5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001Core.job => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2751042415-2246998964-2558403214-1001UA.job => C:\Users\April\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForApril.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAPRILKAY$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\April\Desktop\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
ShortcutWithArgument: C:\Users\April\Desktop\Vorsprung.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=henidbeahjgfpjmfakeeimkiikbijiph
ShortcutWithArgument: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl
ShortcutWithArgument: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Polarr Photo Editor.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=djonnbgfieijldcieafgjcnhmpcfpmgg
ShortcutWithArgument: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Vorsprung.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=henidbeahjgfpjmfakeeimkiikbijiph
ShortcutWithArgument: C:\Users\April\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b8da4a38624bbb1e\Feedback.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gfdkimpbcpahaombhbimeihdjnejgicl
ShortcutWithArgument: C:\Users\April\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\a3a1d6b8109861c5\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nckgahadagoaajjgafhacjanaoiihapd
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-03-18 12:57 - 2017-03-18 12:57 - 000377344 _____ () c:\windows\system32\SSDM.dll
2014-05-06 02:37 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2017-01-05 16:36 - 2017-01-05 16:36 - 000077824 _____ () C:\Program Files (x86)\ntuserlitelist\dataup\dataup.exe
2017-03-18 12:58 - 2017-03-18 12:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-21 02:26 - 2017-01-31 04:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-03-29 18:04 - 2017-03-29 18:04 - 000833024 ____N () C:\windows\system32\tprdpw32.exe
2017-03-18 12:59 - 2017-03-18 18:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-14 13:49 - 2017-11-10 01:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-14 13:49 - 2017-11-10 01:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-10-27 21:21 - 2017-10-27 21:21 - 000927744 _____ () C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
2017-10-19 12:18 - 2017-10-19 12:18 - 001089536 _____ () C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
2016-09-21 22:32 - 2016-09-21 22:32 - 000224768 _____ () C:\Program Files (x86)\ntuserlitelist\dataup\help_dll.dll
2013-05-29 09:20 - 2012-06-25 10:41 - 001198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-05-29 09:38 - 2012-06-07 19:34 - 000627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 000016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2017-08-02 21:40 - 2017-08-02 21:40 - 053460480 _____ () C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\libcef.dll
2016-05-31 11:43 - 2016-05-31 11:43 - 001976832 _____ () C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\libglesv2.dll
2016-05-31 11:44 - 2016-05-31 11:44 - 000075264 _____ () C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\libEGL.dll
2016-06-15 17:15 - 2016-06-15 17:15 - 017599640 _____ () C:\Users\April\AppData\Local\ntuserlitelist\svcvmx\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:D5FBE8F9 [362]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\hola.org -> hxxp://hola.org
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2017-05-01 05:01 - 000000909 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\April\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Dataup => 
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: IHA_MessageCenter => 2
MSCONFIG\Services: MotoHelper => 2
MSCONFIG\Services: srcsrv => 2
HKLM\...\StartupApproved\StartupFolder: => "Verizon Online Backup and Sharing for PC.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "VerizonCloud"
HKLM\...\StartupApproved\Run: => "hola"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "HP CoolSense"
HKLM\...\StartupApproved\Run32: => "ICF"
HKLM\...\StartupApproved\Run32: => "Vault Explorer Cache Watcher"
HKLM\...\StartupApproved\Run32: => "IJNetworkScanUtility"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "NielsenOnline"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\StartupApproved\Run: => "msnmsgr"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\StartupApproved\Run: => "SynchronossPC"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\StartupApproved\Run: => "B6DBB8B0EDF4FDF67A5BF46CB3DA12E3F5D4E945._service_run"
HKU\S-1-5-21-2751042415-2246998964-2558403214-1001\...\StartupApproved\Run: => "AccelerometerSysTrayApplet"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{69344EA6-C276-45DD-BEA8-32C597A72C20}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{A9E2BF3D-B013-4AC7-8CE1-FA3915A9539E}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{48F47431-7D24-424F-929B-C21633AEDFED}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{4AB60FF8-5141-481C-80B6-A74B2E92F4AB}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{4886DE56-A5D5-426B-8A8A-1A7D3132EF66}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
FirewallRules: [{C8A0D15C-AF6A-4242-A5C2-41E759951A44}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
FirewallRules: [{F6F16DE1-98D7-45BA-B055-5ACCBEF481AE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
FirewallRules: [{655934D3-8BBC-4940-BEE8-34B2B7AD0171}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
FirewallRules: [UDP Query User{C1D52EAC-43F5-42D2-8E22-7972566CC5E9}C:\program files (x86)\ipcamera\ipcmultiviewsetup\ipcmultiview.exe] => (Block) C:\program files (x86)\ipcamera\ipcmultiviewsetup\ipcmultiview.exe
FirewallRules: [TCP Query User{779270A1-F147-4B3B-9C70-A21765136A14}C:\program files (x86)\ipcamera\ipcmultiviewsetup\ipcmultiview.exe] => (Block) C:\program files (x86)\ipcamera\ipcmultiviewsetup\ipcmultiview.exe
FirewallRules: [{13EB5F1E-6B8B-470D-BC19-10D4398F9216}] => (Block) D:\program files\monitorclient\monitorclient.exe
FirewallRules: [{08D10294-1410-4A3E-AF77-B25896F462AF}] => (Block) D:\program files\monitorclient\monitorclient.exe
FirewallRules: [UDP Query User{DFE753D1-7A02-4794-9D5C-AF7564887EBC}D:\program files\monitorclient\monitorclient.exe] => (Allow) D:\program files\monitorclient\monitorclient.exe
FirewallRules: [TCP Query User{A66DDB3B-059C-4EB2-B992-97A80F1AFCE3}D:\program files\monitorclient\monitorclient.exe] => (Allow) D:\program files\monitorclient\monitorclient.exe
FirewallRules: [{BA3B28B6-4F00-44D7-BCFE-AF3ADE3E6259}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{30262F81-23BA-433A-958B-DEC1DEEBAA6A}] => (Block) C:\windows\explorer.exe
FirewallRules: [{D14A2E00-7D34-4F8E-8AAA-34C0423D08A0}] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{7AE7D2F5-FC21-49EE-BCB3-25DD4FBD9B3E}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [TCP Query User{14B79A07-8BB6-4FBC-AA18-29D741AF664D}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{CEE2CD96-ED8C-414B-B4CD-A4A81E800219}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{FB03DCE2-E75F-4D17-9F5D-1DCF5EE16AF5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{E54536A0-DA5D-434C-BE07-85FF401E3859}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{91E66480-C3A2-46D0-9718-4A2D98BEE944}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{13024E76-2783-4E98-A90B-4C54D19495F3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{7FA24806-2CBB-4F20-A5CE-AE0BC3D6F121}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{C0C196EA-89C5-4A79-ADD7-CEDAE58E5C42}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{8200E0E5-9791-409E-9075-3D9C7C2C4612}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{F7718A7C-CCAC-4C37-8C85-11A43A0462C8}] => (Allow) LPort=1900
FirewallRules: [{DB3C1C48-9E1E-4AB0-BD7E-3A4BD2DA1B10}] => (Allow) LPort=2869
FirewallRules: [{16371F78-D612-4132-81C9-F207E932A83B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{285852D1-0298-466E-B733-F0F299B6D61D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [UDP Query User{0AA1CDCC-60EC-426F-9CAC-6C1BFA5874B3}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [TCP Query User{4C71533B-AA4D-4087-9DFC-3490B98B6450}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [{A36A265E-C138-4243-A1EA-7245BEEEBBAD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{33E8404E-5B2B-4A09-86CB-145E73CBBEC9}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{15E60878-84D0-4CDE-95B6-CB8B388CF4F6}] => (Allow) C:\Program Files (x86)\Solution Real\bin\SolutionReal.BRT.Helper.exe
FirewallRules: [{50D863C6-26A6-4B37-927D-5BAED4D94FA2}] => (Allow) C:\Program Files (x86)\Solution Real\bin\SolutionReal.BRT.Helper.exe
FirewallRules: [{7717F3A5-9313-495B-921E-BA60DD71B48B}] => (Allow) C:\Program Files (x86)\Solution Real\bin\SolutionReal.BRT.Helper.exe
FirewallRules: [{2A26215E-8756-4154-BC41-DA42E14A9DFD}] => (Allow) C:\Program Files (x86)\Solution Real\bin\SolutionReal.BRT.Helper.exe
FirewallRules: [{5E8DEA8B-1073-4C0A-94A3-71FFDDDA0257}] => (Allow) LPort=50001
FirewallRules: [{9F99C153-83A5-40C5-B669-24004E1BF4C3}] => (Allow) LPort=50001
FirewallRules: [{1E346B2F-CE6D-4746-978C-BAD77B46D8E9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4199D330-6042-4E05-8F40-1141DACEE114}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{082B9F60-5B49-4256-99DC-4173DC5324CC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{F64D0D1E-6149-4B92-B468-B74B6FEF264B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{08D0E0D2-2ED8-44D4-BE78-0CB7B5AB6F9E}] => (Allow) C:\Users\April\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{64B0DECC-1868-4A54-B953-E0A74A2FFE17}] => (Allow) C:\Users\April\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8D7D7100-B49B-4F29-AA25-D2F5D57D843F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D8EA5B1F-0B6C-4694-AA10-0E657153E4F2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{15A550E7-83AC-46EA-B3ED-64AFE9210249}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9697158D-9658-4384-ABA4-0AF72908ADCD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{57F71D08-A4A5-4AC6-BC88-8B9DB6934CCD}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{03509DE6-7700-4589-B368-2CF6C5A00A52}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{0DE11640-C9D3-4551-9FA9-D5970EEB5931}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{6ACC7BBA-5024-4697-ABD9-28BC4E3B1C46}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{1B22E9B2-E888-4B88-AA0D-980430484F35}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{639F83C0-0558-48D1-A9AD-25D8F958E4A1}] => (Allow) C:\Users\April\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{0E2B5A12-751A-4D76-9E1E-9BD6789460F8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{1279E2F1-665E-4F11-A994-68DE770FF422}] => (Allow) LPort=50000
FirewallRules: [{9878B87B-C99B-47A5-A263-97F749F6C058}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A96A41AF-0BEF-455F-B831-59CFD004F094}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{26057D9B-BC02-4756-B646-B30314D4451C}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{363960B3-01A0-4395-8E91-DC26565DA3FB}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{64B8F316-9227-4DD1-A882-CAC6A9440A1F}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{98C62D48-C5BD-48C2-8D61-BCB565274836}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe
FirewallRules: [{AC5FAF73-EB8C-4EB8-814A-F9E4D160B18A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
28-10-2017 03:22:19 Scheduled Checkpoint
05-11-2017 14:48:35 Scheduled Checkpoint
15-11-2017 14:29:22 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/24/2017 06:31:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 52.4.0.6242, time stamp: 0x00000000
Faulting module name: d2d1.dll, version: 10.0.15063.675, time stamp: 0x753d3443
Exception code: 0xc0000005
Fault offset: 0x002bd8e6
Faulting process id: 0x217c
Faulting application start time: 0x01d365953daf53e2
Faulting application path: C:\Users\April\Desktop\Tor Browser\Browser\firefox.exe
Faulting module path: C:\WINDOWS\SYSTEM32\d2d1.dll
Report Id: 0e72e8ff-b0a7-4802-9581-cfb7485dcea0
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/24/2017 06:30:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: APRILKAY)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/24/2017 05:36:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 52.4.0.6242, time stamp: 0x00000000
Faulting module name: d2d1.dll, version: 10.0.15063.675, time stamp: 0x753d3443
Exception code: 0xc0000005
Fault offset: 0x002bd8e6
Faulting process id: 0x281c
Faulting application start time: 0x01d3658d03a56f12
Faulting application path: C:\Users\April\Desktop\Tor Browser\Browser\firefox.exe
Faulting module path: C:\WINDOWS\SYSTEM32\d2d1.dll
Report Id: f983c8d7-c2ea-4f47-ae90-715a584e5ea3
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/24/2017 05:24:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1822594
 
Error: (11/24/2017 05:24:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1822594
 
Error: (11/24/2017 05:24:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/24/2017 04:54:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5500
 
Error: (11/24/2017 04:54:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5500
 
Error: (11/24/2017 04:54:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/24/2017 04:54:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4297
 
 
System errors:
=============
Error: (11/24/2017 07:50:55 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (11/24/2017 07:50:53 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (11/24/2017 07:50:51 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (11/24/2017 07:50:49 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (11/24/2017 07:48:33 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (11/24/2017 07:48:31 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (11/24/2017 07:48:29 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (11/24/2017 07:48:26 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (11/24/2017 07:34:16 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (11/24/2017 07:34:14 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
 
CodeIntegrity:
===================================
  Date: 2017-11-24 19:36:57.273
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-24 19:36:57.268
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-24 19:36:36.415
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-24 19:36:36.411
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-24 19:34:49.466
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-24 19:34:49.461
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-24 18:58:16.671
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-24 18:58:16.666
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-24 18:30:42.170
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-11-24 18:30:42.165
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3110M CPU @ 2.40GHz
Percentage of memory in use: 59%
Total physical RAM: 6036.27 MB
Available physical RAM: 2423.56 MB
Total Virtual: 7686.27 MB
Available Virtual: 3532.92 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:672.21 GB) (Free:476.03 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.8 GB) (Free:2.92 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================

  • 0

#9
aKay47
Posted 24 November 2017 - 10:30 PM

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

ok done and done.  It was formatted really strange in notepad and i could not see the options but i got it cut and pasted.  so all is well in my world. I know it is a LOT 


  • 0

#10
DonnaB
Posted 24 November 2017 - 10:31 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Perfect! :) You need to give yourself more credit. You are infected with the Smart Service rootkit. As you can see, the logs are pretty long. Please sit tight for a few minutes there so I can review the logs.

Back as soon as possible. :)
  • 0

Advertisements

#11
aKay47
Posted 24 November 2017 - 10:31 PM

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

by the way.. thank  you so very much for this.. helping me .. I could kiss you on the face. !!


  • 0

#12
aKay47
Posted 24 November 2017 - 11:02 PM

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

okay i am going to disappear for a few minutes to light the barbeque... i need food


Edited by aKay47, 24 November 2017 - 11:05 PM.

  • 0

#13
DonnaB
Posted 24 November 2017 - 11:41 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Ok that's fine. Sorry it is taking so long. This particular infection installs a ton of files.

See if you can uninstall the following undesirable programs:

Hola 1.70.574 - Better Internet (HKLM\...\Hola) (Version: 1.70.574 - Hola Networks Ltd.) <==== ATTENTION
KMSpico v9.0.4.20131110 (Beta2) (HKLM\...\KMSpico_is1) (Version: 9.0.4.20131110 - )
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) Hidden <==== ATTENTION

KMSpico is illegal and used to activate pirated software which is a violation to copywrite laws. I also see that you have uTorrent installed. I must warn you that this type of program is of the highest nature that infections are invited into your Computer. I suggest that you remove it through your Control Panel. Though the programs themselves are not malicious, the chance of downloading a malicious file is like playing russian roulette. Any file could be the one that will turn your computer into a very expensive door stop.

P2P Programs can invite spyware, viruses, Trojan horses, or worms into your computer. When the files are downloaded, your computer becomes infected. If you share these files with others, their computer becomes infected as well. You also invite the possibilities of others stealing your personal information such as passwords, online banking accounts, personal files, etc.

Now, the fix script that I created to cleanse a portion of the infection I will attach below. Hopefully this will give you better control of the system so that we can download and install other tools that we need to cleanse the rest of the files this infection installs.

Please do as follows:
  • Download the attached fixlist.txt to your Desktop.
    Please note: fixlist.txt must be saved to your desktop since that is where FRST64.exe is located
Attached File  fixlist.txt   7.67KB   637 downloads

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Click FRST64.exe icon to open the program.
  • Press the Fix button just once and wait.
  • FRST64.exe will execute, search and find the fixlist.txt downloaded to your desktop.
  • When FRST64.exe is finished executing the script, the fixlist.txt will disappear and will be replaced by a log that will be named (Fixlog.txt) which you will find on your desktop. Please post it to your reply.
  • I will wait to post my next set of instructions after I see the Fixlog.txt.

  • 0

#14
aKay47
Posted 24 November 2017 - 11:50 PM

aKay47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts

my son uses my computer with torrent.. I think the files you are talking about are his doing.  do i uninstall all of them from the console? also, which button is the fix button?  in case i can not still see the text in the program boxes?


  • 0

#15
DonnaB
Posted 25 November 2017 - 12:12 AM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Ahh... kids. My son trashed 2 computers downloading pirated versions of movies and games using uTorrent. Once with the ZeroAccess rootkit infection and the second time with Cryptowall 3.0 ransomeware. Silly kid even turned around and attached his 1TB HDD into the sick computer encrypting thousands of his personal pictures, Navy documents, music, movies, etc. The majority of the files were never recovered because he did not make any backups.Lucky for him I demanded to create the recovery disks for him.

This is what the screen on the user interface if the FRST tool looks likes. Hopefully that will help knowing where the Fix button is located. If not, try booting the computer into safe mode. That may help to get better control till we can get that rootkit off there.


FRST.JPG
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: antivirus disabled, virus, cannot access files, can not delete virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP