Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some programs quit unexpectedly


  • This topic is locked This topic is locked
8 replies to this topic

#1 Scottish558

Scottish558

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 28 January 2016 - 10:25 AM

Sometimes programs that I use quit in the middle of use. That could be other problems than spyware but I have tried to narrow it down and can not find anything. I have ran Farbar and Hijackthis the log files in Hijackthis look suspicious. Maybe someone can take a quick look at the Farbar files and tell me what they think.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by greenuser (administrator) on GREEN (28-01-2016 10:03:01)
Running from C:\Users\greenuser\Downloads
Loaded Profiles: greenuser (Available Profiles: greenuser)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareService.exe
( ) C:\Windows\System32\lxdncoms.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE
(Microsoft Corporation) C:\Program Files (x86)\EMET 4.1\EMET_Agent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTray.exe [9574112 2015-12-09] ()
HKLM-x32\...\Run: [EMET 4.1 Update 1 Agent] => C:\Program Files (x86)\EMET 4.1\EMET_agent.exe [88272 2014-05-28] (Microsoft Corporation)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065968 2015-07-23] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [286992 2016-01-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [719632 2015-11-04] ()
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\Run: [Spotify Web Helper] => C:\Users\greenuser\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-15] (Spotify Ltd)
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\Run: [Google Update] => C:\Users\greenuser\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\RunOnce: [Uninstall C:\Users\greenuser\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\greenuser\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\RunOnce: [Uninstall C:\Users\greenuser\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\greenuser\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\RunOnce: [Uninstall C:\Users\greenuser\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\greenuser\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [149504 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-10-14] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-05-29]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-05-29]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk [2015-02-19]
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-02-19]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-01-04]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-01-27]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 216.66.108.26
Tcpip\..\Interfaces\{fa8c3c89-112c-43ad-a5d1-606062e5444c}: [DhcpNameServer] 192.168.0.1 216.66.108.26

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
URLSearchHook: HKU\S-1-5-21-2063059394-2818367510-731196322-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {71F11D34-26C4-4F00-81C8-07E78606B57D} URL =
SearchScopes: HKLM -> {71F11D34-26C4-4F00-81C8-07E78606B57D} URL =
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2063059394-2818367510-731196322-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2063059394-2818367510-731196322-1001 -> {0FEEF344-F82A-4636-9697-13F685E300C4} URL =
SearchScopes: HKU\S-1-5-21-2063059394-2818367510-731196322-1001 -> {7A61F983-420D-498A-972E-301E101851B3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US662D20140918&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2063059394-2818367510-731196322-1001 -> {9C488E9D-6D24-4A5D-930E-9A4673DC4C3E} URL =
SearchScopes: HKU\S-1-5-21-2063059394-2818367510-731196322-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2063059394-2818367510-731196322-1001 -> {E6099D80-0184-4EB5-AEF5-0A6FF1140B69} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-29] (LastPass)
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-02-19] (McAfee)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2015-01-19] (Yahoo! Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-21] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-29] (LastPass)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-02-19] (McAfee)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-21] (Oracle Corporation)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-02-19] (McAfee)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-29] (LastPass)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2015-01-19] (Yahoo! Inc.)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-02-19] (McAfee)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-29] (LastPass)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2012-08-16] (Belarc, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-29] (McAfee, Inc.)
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2016-01-11] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-01-11] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: hxxps://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-19] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-29] (LastPass)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-19] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-21] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-29] (LastPass)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-01-11] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2015-11-09] (McAfee, Inc.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2016-01-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-01-27] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2063059394-2818367510-731196322-1001: @citrixonline.com/appdetectorplugin -> C:\Users\greenuser\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-10-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-2063059394-2818367510-731196322-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\greenuser\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2063059394-2818367510-731196322-1001: @talk.google.com/O1DPlugin -> C:\Users\greenuser\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2063059394-2818367510-731196322-1001: @tools.google.com/Google Update;version=3 -> C:\Users\greenuser\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2063059394-2818367510-731196322-1001: @tools.google.com/Google Update;version=9 -> C:\Users\greenuser\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2063059394-2818367510-731196322-1001: ipcamera.com/IPCamPlug -> C:\WINDOWS\npIPCamPlug.dll [2014-11-28] (IPCamera)
FF Plugin ProgramFiles/Appdata: C:\Users\greenuser\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\greenuser\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-02-06]
FF Extension: Exif Viewer - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\extensions\exif_viewer@mozilla.doslash.org.xpi [2015-05-29]
FF Extension: Garmin Communicator - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2015-05-31]
FF Extension: TinEye Reverse Image Search - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\extensions\tineye@ideeinc.com.xpi [2015-08-27]
FF Extension: LastPass - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\extensions\support@lastpass.com [2016-01-05]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF Extension: Ghostery - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\Extensions\firefox@ghostery.com.xpi [2015-12-30]
FF Extension: iFamebook  - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\Extensions\ifamebook@stormvision.it.xpi [2015-08-16]
FF Extension: Google search link fix - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2015-12-22]
FF Extension: Facebook profile picture revealer - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\Extensions\jid1-UvjUdyxSwWa06Q122@jetpack.xpi [2015-05-30]
FF Extension: SSL Version Control - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\Extensions\jid1-ZM3BerwS6FsQAg@jetpack.xpi [2015-05-27]
FF Extension: Facebook Photo Stalker - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\Extensions\joshua.carcione@gmail.com.xpi [2015-05-29]
FF Extension: PictureMate - View hidden Facebook pictures - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\Extensions\picturemate-view-hidden-picture@jetpack.xpi [2015-10-17]
FF Extension: TinEye Commercial API Search - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\Extensions\support@tineye.com.xpi [2015-08-26]
FF Extension: YouTube Unblocker - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\Extensions\youtubeunblocker@unblocker.yt [2015-12-02]
FF Extension: Facebook Phishing Protector - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2015-05-27]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2015-05-29]
FF Extension: Facebook Toolbar Button - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\Extensions\{72c9fdff-bccd-4fac-a08e-857103c6e721}.xpi [2016-01-28]
FF Extension: Yahoo Mail Hide Ad Panel - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2015-08-03]
FF Extension: Adblock Plus - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-19]
FF Extension: WorldIP - C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\Extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi [2015-12-04]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-06-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-08-12] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-01-27]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-01-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2015-11-16] (Acer Incorporated)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-10] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-10] (Dropbox, Inc.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-03-31] (WildTangent)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-11] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareService.exe [712432 2015-12-09] ()
S3 lxcg_device; C:\Windows\system32\lxcgcoms.exe [566704 2007-04-29] ( )
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [158952 2015-12-29] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2016-01-11] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095976 2016-01-27] (RealNetworks, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [221728 2013-12-18] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942016 2013-12-18] (GlavSoft LLC.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 Cdr4_2K; C:\Windows\SysWow64\Drivers\Cdr4_2K.sys [52464 2016-01-27] (Adaptec)
S2 Cdralw2k; C:\Windows\SysWow64\Drivers\Cdralw2k.sys [21913 2016-01-27] (Roxio) [File not signed]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R3 cpuz136; C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [23856 2015-08-02] (CPUID)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-09] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37448 2015-12-29] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2014-07-31] (Wondershare)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-28 10:03 - 2016-01-28 10:04 - 00036548 _____ C:\Users\greenuser\Downloads\FRST.txt
2016-01-28 10:02 - 2016-01-28 10:03 - 00000000 ____D C:\FRST
2016-01-28 10:01 - 2016-01-28 10:02 - 02370560 _____ (Farbar) C:\Users\greenuser\Downloads\FRST64.exe
2016-01-28 09:02 - 2016-01-28 09:02 - 00388608 _____ (Trend Micro Inc.) C:\Users\greenuser\Downloads\HijackThis(4).exe
2016-01-28 08:40 - 2016-01-28 08:40 - 00000000 ___HD C:\OneDriveTemp
2016-01-28 08:38 - 2016-01-28 08:38 - 00016148 _____ C:\WINDOWS\system32\GREEN_greenuser_HistoryPrediction.bin
2016-01-27 22:26 - 2016-01-28 00:29 - 00003608 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2063059394-2818367510-731196322-1001
2016-01-27 22:26 - 2016-01-28 00:29 - 00003546 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2063059394-2818367510-731196322-1001
2016-01-27 22:26 - 2016-01-27 22:26 - 00001281 _____ C:\Users\Public\Desktop\RealPlayer (RealTimes).lnk
2016-01-27 22:26 - 2016-01-27 22:26 - 00000000 ____D C:\Users\greenuser\AppData\Roaming\RealNetworks
2016-01-27 22:25 - 2016-01-27 22:25 - 00278800 _____ (Progressive Networks) C:\WINDOWS\SysWOW64\pncrt.dll
2016-01-27 22:25 - 2016-01-27 22:25 - 00200976 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll
2016-01-27 22:25 - 2016-01-27 22:25 - 00000000 ____D C:\ProgramData\RealNetworks
2016-01-27 22:25 - 2016-01-27 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2016-01-27 22:25 - 2016-01-27 22:25 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2016-01-27 22:24 - 2016-01-27 22:24 - 00505616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2016-01-27 22:24 - 2016-01-27 22:24 - 00354064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2016-01-27 22:23 - 2016-01-27 22:23 - 01308632 _____ (RealNetworks, Inc.) C:\Users\greenuser\Downloads\RealTimes-RealPlayer(3).exe
2016-01-27 22:13 - 2016-01-27 22:13 - 01308632 _____ (RealNetworks, Inc.) C:\Users\greenuser\Downloads\RealTimes-RealPlayer(2).exe
2016-01-27 22:11 - 2016-01-27 22:11 - 01308632 _____ (RealNetworks, Inc.) C:\Users\greenuser\Downloads\RealTimes-RealPlayer(1).exe
2016-01-27 18:15 - 2016-01-27 22:26 - 00003558 _____ C:\WINDOWS\System32\Tasks\RealDownloader Update Check
2016-01-27 18:15 - 2016-01-27 18:15 - 00000000 ____D C:\Users\greenuser\AppData\Local\Real
2016-01-27 18:15 - 2016-01-27 18:15 - 00000000 ____D C:\Users\greenuser\AppData\Local\CrashRpt
2016-01-27 18:13 - 2016-01-27 22:26 - 00000000 ____D C:\Program Files (x86)\Real
2016-01-27 18:12 - 2016-01-27 22:26 - 00000000 ____D C:\Users\greenuser\AppData\Roaming\Real
2016-01-27 18:11 - 2016-01-27 22:26 - 00000000 ____D C:\ProgramData\Real
2016-01-27 18:11 - 2016-01-27 18:11 - 01308632 _____ (RealNetworks, Inc.) C:\Users\greenuser\Downloads\RealTimes-RealPlayer.exe
2016-01-27 16:48 - 2016-01-28 00:18 - 00000631 _____ C:\Users\greenuser\AppData\Roaming\burnaware.ini
2016-01-27 16:47 - 2016-01-27 16:47 - 00001127 _____ C:\Users\Public\Desktop\BurnAware Free.lnk
2016-01-27 16:47 - 2016-01-27 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
2016-01-27 16:47 - 2016-01-27 16:47 - 00000000 ____D C:\Program Files (x86)\BurnAware Free
2016-01-27 16:46 - 2016-01-27 16:46 - 07997224 _____ (Burnaware ) C:\Users\greenuser\Downloads\burnaware_free.exe
2016-01-27 16:45 - 2016-01-27 22:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-27 16:23 - 2016-01-27 16:23 - 00000000 ____D C:\finalburner
2016-01-27 16:21 - 2016-01-27 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-01-27 16:21 - 2016-01-27 16:21 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2016-01-27 16:21 - 2009-10-13 13:00 - 00085504 _____ C:\WINDOWS\SysWOW64\ff_vfw.dll
2016-01-27 16:21 - 2009-10-13 13:00 - 00000038 _____ C:\WINDOWS\avisplitter.ini
2016-01-27 16:21 - 2009-08-16 10:08 - 00178176 _____ C:\WINDOWS\SysWOW64\unrar.dll
2016-01-27 16:21 - 2009-05-29 16:37 - 00205824 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll
2016-01-27 16:21 - 2009-05-29 16:31 - 00881664 _____ C:\WINDOWS\SysWOW64\xvidcore.dll
2016-01-27 16:21 - 2008-10-03 07:30 - 00000414 _____ C:\WINDOWS\SysWOW64\lame_acm.xml
2016-01-27 16:21 - 2008-09-24 13:41 - 00839680 _____ (hxxp://www.mp3dev.org/) C:\WINDOWS\SysWOW64\lameACM.acm
2016-01-27 16:21 - 2007-09-20 19:52 - 00118784 _____ (fccHandler) C:\WINDOWS\SysWOW64\ac3acm.acm
2016-01-27 16:21 - 2007-07-10 11:10 - 00000547 _____ C:\WINDOWS\SysWOW64\ff_vfw.dll.manifest
2016-01-27 16:21 - 2004-01-25 11:18 - 00217088 _____ (www.helixcommunity.org) C:\WINDOWS\SysWOW64\yv12vfw.dll
2016-01-27 16:19 - 2016-01-27 16:20 - 12417842 _____ ( ) C:\Users\greenuser\Downloads\klcodec520f.exe
2016-01-27 16:19 - 2016-01-27 16:19 - 10285064 _____ C:\Users\greenuser\Downloads\fb_free.exe
2016-01-27 16:00 - 2016-01-27 16:00 - 00000280 _____ C:\WINDOWS\_delis32.ini
2016-01-27 09:29 - 2016-01-27 09:29 - 00000136 _____ C:\WINDOWS\ODBC.INI
2016-01-27 09:26 - 2016-01-27 09:26 - 00052464 _____ (Adaptec) C:\WINDOWS\SysWOW64\Drivers\cdr4_2k.sys
2016-01-27 09:26 - 2016-01-27 09:26 - 00045056 _____ (Roxio) C:\WINDOWS\SysWOW64\cdral.dll
2016-01-27 09:26 - 2016-01-27 09:26 - 00045056 _____ (Adaptec) C:\WINDOWS\SysWOW64\cdrtc.dll
2016-01-27 09:26 - 2016-01-27 09:26 - 00036864 _____ C:\WINDOWS\uneng.exe
2016-01-27 09:26 - 2016-01-27 09:26 - 00021913 _____ (Roxio) C:\WINDOWS\SysWOW64\Drivers\cdralw2k.sys
2016-01-27 09:25 - 2016-01-27 09:26 - 00000713 _____ C:\WINDOWS\INSTLOG.TXT
2016-01-27 09:24 - 2016-01-27 16:11 - 00000000 ____D C:\Program Files (x86)\Adaptec
2016-01-27 09:24 - 1999-01-12 13:11 - 00029184 _____ (Blue Sky Software) C:\WINDOWS\SysWOW64\Popup.ocx
2016-01-27 09:24 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe
2016-01-27 09:24 - 1997-12-07 23:00 - 00883200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVCP50.DLL
2016-01-27 08:25 - 2016-01-27 08:25 - 00347816 _____ (Microsoft Corporation) C:\Users\greenuser\Downloads\MicrosoftFixit.dvd.Run.exe
2016-01-26 16:01 - 2016-01-26 16:03 - 00000000 ____D C:\ProgramData\install_clap
2016-01-26 16:00 - 2016-01-26 16:01 - 00837008 _____ (CyberLink Corp. ) C:\Users\greenuser\Downloads\PowerDVD_Patch_DVD140710-01.exe
2016-01-26 15:08 - 2016-01-26 15:09 - 00000000 ____D C:\Users\greenuser\AppData\Local\CareCenter
2016-01-26 15:08 - 2016-01-26 15:08 - 00005404 _____ C:\WINDOWS\System32\Tasks\Software Update Application
2016-01-26 15:08 - 2016-01-26 15:08 - 00004614 _____ C:\WINDOWS\System32\Tasks\ACCAgent
2016-01-26 15:08 - 2016-01-26 15:08 - 00003846 _____ C:\WINDOWS\System32\Tasks\ACC
2016-01-26 15:08 - 2016-01-26 15:08 - 00003060 _____ C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
2016-01-26 15:08 - 2016-01-26 15:08 - 00001810 _____ C:\Users\Public\Desktop\Acer Care Center.lnk
2016-01-26 15:07 - 2016-01-26 15:07 - 01761632 _____ (Acer Incorporated) C:\Users\greenuser\Downloads\AcerCareCenterLiveUpdater.exe
2016-01-26 15:03 - 2016-01-26 15:03 - 01423295 _____ C:\Users\greenuser\Downloads\User Manual W10_Acer_1.0_A_A.zip
2016-01-26 15:02 - 2016-01-26 15:02 - 00096096 _____ C:\Users\greenuser\Downloads\SerialNumberDetectionTool.exe
2016-01-26 14:47 - 2016-01-26 14:49 - 3515875328 _____ C:\Users\greenuser\Downloads\Windows8pro.iso
2016-01-26 14:32 - 2016-01-26 15:01 - 00000000 __RHD C:\ESD
2016-01-26 14:30 - 2016-01-26 14:31 - 01483336 _____ (Microsoft Corporation) C:\Users\greenuser\Downloads\mediacreationtool(1).exe
2016-01-26 14:28 - 2016-01-26 14:28 - 00003029 _____ C:\Users\greenuser\Desktop\keys.txt
2016-01-26 14:25 - 2016-01-26 14:27 - 00003029 _____ C:\Users\greenuser\Desktop\New Text Document (2).txt
2016-01-24 15:50 - 2016-01-24 15:50 - 00024612 _____ C:\Users\greenuser\Downloads\864cb4a4-30f3-4f5b-bbfe-bcd5ed6ee635(1).pdf
2016-01-24 15:49 - 2016-01-24 15:49 - 00117020 _____ C:\Users\greenuser\Documents\sbs-motion-to-terminate-probation.pdf
2016-01-24 15:43 - 2016-01-24 15:43 - 00098188 _____ C:\Users\greenuser\Documents\Motion_Early_Termination.pdf
2016-01-24 09:32 - 2016-01-24 09:32 - 13163744 _____ (Microsoft Corporation) C:\Users\greenuser\Downloads\Silverlight_x64.exe
2016-01-24 09:32 - 2016-01-24 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-24 09:32 - 2016-01-24 09:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-24 09:32 - 2016-01-24 09:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-23 13:21 - 2016-01-23 13:21 - 18446672 _____ (Microsoft Corporation) C:\Users\greenuser\Downloads\MediaCreationTool.exe
2016-01-23 13:21 - 2016-01-23 13:21 - 00000000 ___HD C:\$Windows.~WS
2016-01-23 13:21 - 2016-01-23 13:21 - 00000000 ____D C:\$WINDOWS.~BT
2016-01-23 12:47 - 2016-01-23 12:47 - 00000613 _____ C:\Users\greenuser\Desktop\ProduKey.cfg
2016-01-22 22:22 - 2016-01-22 22:24 - 00002047 _____ C:\Users\greenuser\Desktop\New Text Document.txt
2016-01-22 12:53 - 2016-01-22 22:14 - 00000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2016-01-22 12:53 - 2016-01-22 12:53 - 00001024 ____H C:\SYSTAG.BIN
2016-01-22 12:53 - 2016-01-22 12:53 - 00000000 ____D C:\ProgramData\AomeiBR
2016-01-22 12:53 - 2015-02-26 00:00 - 00151480 _____ C:\WINDOWS\system32\ammntdrv.sys
2016-01-22 12:53 - 2015-02-26 00:00 - 00030648 _____ C:\WINDOWS\system32\ambakdrv.sys
2016-01-22 12:53 - 2015-02-26 00:00 - 00017848 _____ C:\WINDOWS\system32\amwrtdrv.sys
2016-01-22 12:50 - 2016-01-22 12:52 - 81807912 _____ (AOMEI Technology Co., Ltd. ) C:\Users\greenuser\Downloads\BackupperFull.exe
2016-01-21 21:03 - 2016-01-21 21:03 - 00796806 _____ C:\Users\greenuser\Desktop\scan005.pdf
2016-01-17 19:07 - 2016-01-17 19:08 - 06805440 _____ (Piriform Ltd) C:\Users\greenuser\Downloads\ccsetup513.exe
2016-01-13 12:27 - 2016-01-04 22:07 - 02463704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 12:27 - 2016-01-04 22:07 - 00377592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-13 12:27 - 2016-01-04 22:06 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 12:27 - 2016-01-04 22:06 - 01991120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-13 12:27 - 2016-01-04 22:06 - 01270104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 12:27 - 2016-01-04 22:06 - 01063504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-13 12:27 - 2016-01-04 22:06 - 00119800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 12:27 - 2016-01-04 22:04 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-01-13 12:27 - 2016-01-04 22:04 - 02641928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-13 12:27 - 2016-01-04 22:04 - 01591848 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 12:27 - 2016-01-04 22:04 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-13 12:27 - 2016-01-04 22:04 - 00862056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 12:27 - 2016-01-04 22:04 - 00787720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 12:27 - 2016-01-04 22:04 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-13 12:27 - 2016-01-04 22:04 - 00779928 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-13 12:27 - 2016-01-04 22:04 - 00772448 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-13 12:27 - 2016-01-04 22:04 - 00751992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-13 12:27 - 2016-01-04 22:04 - 00667856 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 12:27 - 2016-01-04 22:04 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-13 12:27 - 2016-01-04 22:04 - 00249464 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-13 12:27 - 2016-01-04 22:04 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 12:27 - 2016-01-04 22:04 - 00233992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 12:27 - 2016-01-04 22:04 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-13 12:27 - 2016-01-04 22:04 - 00090912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-13 12:27 - 2016-01-04 22:04 - 00083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-13 12:27 - 2016-01-04 21:59 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-01-13 12:27 - 2016-01-04 21:52 - 00441696 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-13 12:27 - 2016-01-04 21:50 - 01817064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 12:27 - 2016-01-04 21:50 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 12:27 - 2016-01-04 21:50 - 00723648 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 12:27 - 2016-01-04 21:50 - 00345080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-13 12:27 - 2016-01-04 21:50 - 00251544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-13 12:27 - 2016-01-04 21:50 - 00205072 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-13 12:27 - 2016-01-04 21:31 - 01365576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 12:27 - 2016-01-04 21:30 - 02459096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-13 12:27 - 2016-01-04 21:30 - 02162064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-13 12:27 - 2016-01-04 21:30 - 02152744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 12:27 - 2016-01-04 21:30 - 01106872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 12:27 - 2016-01-04 21:30 - 00882208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-13 12:27 - 2016-01-04 21:30 - 00368776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-13 12:27 - 2016-01-04 21:30 - 00232896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 12:27 - 2016-01-04 21:30 - 00100712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 12:27 - 2016-01-04 21:29 - 00208688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 12:27 - 2016-01-04 21:28 - 02445128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-01-13 12:27 - 2016-01-04 21:28 - 00714808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 12:27 - 2016-01-04 21:28 - 00696192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-13 12:27 - 2016-01-04 21:28 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 12:27 - 2016-01-04 21:28 - 00645144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-13 12:27 - 2016-01-04 21:28 - 00635312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-13 12:27 - 2016-01-04 21:28 - 00497896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 12:27 - 2016-01-04 21:28 - 00277400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-13 12:27 - 2016-01-04 21:28 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 12:27 - 2016-01-04 21:28 - 00107952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-13 12:27 - 2016-01-04 21:28 - 00082096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-13 12:27 - 2016-01-04 21:28 - 00072808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-13 12:27 - 2016-01-04 21:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-01-13 12:27 - 2016-01-04 21:18 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-13 12:27 - 2016-01-04 21:15 - 24592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-13 12:27 - 2016-01-04 21:15 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-01-13 12:27 - 2016-01-04 21:15 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 12:27 - 2016-01-04 21:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2016-01-13 12:27 - 2016-01-04 21:10 - 00305776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-13 12:27 - 2016-01-04 21:10 - 00278424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-13 12:27 - 2016-01-04 21:10 - 00188032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-13 12:27 - 2016-01-04 21:09 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 12:27 - 2016-01-04 21:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 12:27 - 2016-01-04 21:02 - 01672192 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-13 12:27 - 2016-01-04 21:02 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 12:27 - 2016-01-04 21:02 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 12:27 - 2016-01-04 21:01 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 12:27 - 2016-01-04 20:59 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 12:27 - 2016-01-04 20:57 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 12:27 - 2016-01-04 20:57 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 12:27 - 2016-01-04 20:57 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 12:27 - 2016-01-04 20:56 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 12:27 - 2016-01-04 20:51 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 12:27 - 2016-01-04 20:51 - 01009664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 12:27 - 2016-01-04 20:51 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-13 12:27 - 2016-01-04 20:51 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-13 12:27 - 2016-01-04 20:51 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-13 12:27 - 2016-01-04 20:44 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 12:27 - 2016-01-04 20:43 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-13 12:27 - 2016-01-04 20:42 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 12:27 - 2016-01-04 20:38 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2016-01-13 12:27 - 2016-01-04 20:32 - 01541632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-13 12:27 - 2016-01-04 20:32 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 12:27 - 2016-01-04 20:31 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 12:27 - 2016-01-04 20:31 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 12:27 - 2016-01-04 20:30 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-13 12:27 - 2016-01-04 20:29 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 12:27 - 2016-01-04 20:26 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 12:27 - 2016-01-04 20:24 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-13 12:27 - 2016-01-04 20:20 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 12:27 - 2016-01-04 20:19 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 12:27 - 2016-01-04 20:19 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-13 12:27 - 2016-01-04 20:19 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-13 12:27 - 2016-01-04 20:19 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-13 12:26 - 2016-01-04 21:15 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 12:26 - 2016-01-04 21:00 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-13 12:26 - 2016-01-04 21:00 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 12:26 - 2016-01-04 20:44 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 12:26 - 2016-01-04 20:29 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-04 13:53 - 2016-01-04 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-12-30 18:22 - 2015-12-30 18:23 - 50584792 _____ (Microsoft Corporation) C:\Users\greenuser\Downloads\Windows-KB890830-x64-V5.31.exe
2015-12-30 16:41 - 2015-12-30 16:41 - 00001781 _____ C:\Users\greenuser\Desktop\TDSSKiller.exe - Shortcut.lnk
2015-12-30 16:39 - 2015-12-30 16:42 - 00271946 _____ C:\TDSSKiller.3.1.0.9_30.12.2015_16.39.42_log.txt
2015-12-30 16:36 - 2015-12-30 16:39 - 00006164 _____ C:\TDSSKiller.3.1.0.7_30.12.2015_16.36.47_log.txt
2015-12-30 11:54 - 2015-12-30 11:54 - 06937888 _____ (TeamViewer) C:\Users\greenuser\Downloads\TeamViewerQS_en.exe
2015-12-30 11:16 - 2015-12-30 11:16 - 00000460 _____ C:\Users\greenuser\Downloads\message (1).eml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-28 10:03 - 2015-10-10 07:58 - 00000926 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-01-28 10:01 - 2014-10-04 14:03 - 00000000 ____D C:\Users\greenuser\AppData\LocalLow\LastPass
2016-01-28 09:46 - 2015-07-05 15:46 - 00000931 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Update {73C93EFF-09DF-4CA4-AEE2-436C78D990F9}.job
2016-01-28 09:46 - 2015-07-05 15:46 - 00000745 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {73C93EFF-09DF-4CA4-AEE2-436C78D990F9}.job
2016-01-28 09:44 - 2015-08-16 11:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-28 09:36 - 2015-02-06 19:26 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2063059394-2818367510-731196322-1001UA1d0426cc29d3993.job
2016-01-28 09:34 - 2014-11-16 09:52 - 00001180 _____ C:\Users\greenuser\Desktop\HijackThis.exe - Shortcut.lnk
2016-01-28 09:31 - 2014-11-14 17:21 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2063059394-2818367510-731196322-1001UA.job
2016-01-28 09:19 - 2015-02-04 20:09 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d040e05f3385b7.job
2016-01-28 09:17 - 2015-12-01 11:17 - 00000931 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Update {2A2B6CFE-415C-456D-B230-4D6DF539B76E}.job
2016-01-28 09:17 - 2015-12-01 11:17 - 00000745 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {2A2B6CFE-415C-456D-B230-4D6DF539B76E}.job
2016-01-28 09:16 - 2015-12-01 11:16 - 00000931 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Update {D8E7B340-149D-4D4B-BFDA-1C79F67CA2D5}.job
2016-01-28 09:16 - 2015-12-01 11:16 - 00000745 _____ C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {D8E7B340-149D-4D4B-BFDA-1C79F67CA2D5}.job
2016-01-28 09:14 - 2014-10-05 14:54 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-28 09:03 - 2015-10-10 07:58 - 00000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-01-28 08:44 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-28 08:44 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-28 08:41 - 2015-12-19 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-01-28 08:40 - 2014-10-01 08:35 - 00000000 ___RD C:\Users\greenuser\OneDrive
2016-01-28 08:39 - 2014-10-05 14:54 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-28 08:38 - 2015-08-08 06:19 - 00002406 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2016-01-28 08:38 - 2015-08-02 10:31 - 00000000 __SHD C:\Users\greenuser\IntelGraphicsProfiles
2016-01-28 08:37 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-28 02:35 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-27 22:26 - 2014-09-20 09:36 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-27 22:02 - 2014-09-18 14:56 - 00000000 ____D C:\Temp
2016-01-27 22:01 - 2015-02-19 17:08 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-01-27 22:00 - 2015-03-06 21:56 - 00000000 ____D C:\WINDOWS\en
2016-01-27 22:00 - 2014-09-18 15:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-27 21:15 - 2014-09-22 13:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-27 20:19 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-27 20:16 - 2015-07-10 05:59 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-01-27 20:16 - 2015-07-10 05:59 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-01-27 20:16 - 2015-07-10 05:59 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-01-27 20:16 - 2015-07-10 05:59 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-01-27 20:16 - 2015-07-10 05:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-01-27 20:16 - 2015-07-10 05:59 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-01-27 20:16 - 2015-07-10 05:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-01-27 20:16 - 2015-07-10 05:59 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-01-27 20:16 - 2015-07-10 05:59 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-01-27 20:16 - 2015-07-10 05:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-01-27 20:16 - 2015-07-10 05:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-01-27 20:16 - 2015-07-10 05:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-01-27 20:16 - 2015-07-10 05:59 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-01-27 20:16 - 2015-07-10 05:59 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-01-27 20:16 - 2015-07-10 05:59 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-01-27 20:16 - 2015-07-10 05:59 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-01-27 20:16 - 2015-07-10 05:59 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-01-27 20:16 - 2015-07-10 05:59 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-01-27 17:20 - 2015-08-08 15:03 - 00000000 ____D C:\Users\greenuser\AppData\Roaming\Anvsoft
2016-01-27 15:56 - 2014-04-03 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2016-01-27 12:33 - 2014-10-15 22:22 - 00000000 ____D C:\Users\greenuser\AppData\Roaming\Audacity
2016-01-27 10:36 - 2014-11-14 17:21 - 00000884 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2063059394-2818367510-731196322-1001Core.job
2016-01-27 09:28 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2016-01-26 21:42 - 2015-08-02 10:10 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-26 18:04 - 2015-08-08 15:17 - 00000000 ____D C:\Users\greenuser\AppData\Roaming\dvdcss
2016-01-26 16:02 - 2014-04-26 03:39 - 00000000 ____D C:\ProgramData\Temp
2016-01-26 16:01 - 2014-04-26 03:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-26 15:15 - 2015-05-13 14:48 - 00000000 ___RD C:\Users\greenuser\Downloads\DeviceDoctor.RAROpener_mkdtfchztkfbm!App
2016-01-26 15:11 - 2014-09-18 14:36 - 00000000 ____D C:\Users\Public\OEM
2016-01-26 15:11 - 2014-04-26 03:31 - 00000000 ____D C:\Program Files\Acer
2016-01-26 15:11 - 2014-04-03 01:16 - 00000000 ___HD C:\OEM
2016-01-26 15:11 - 2014-04-03 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-01-26 15:09 - 2014-04-03 00:39 - 00000000 ____D C:\ProgramData\Acer
2016-01-26 15:08 - 2014-04-03 00:39 - 00000000 ____D C:\Program Files (x86)\Acer
2016-01-26 15:07 - 2014-10-19 10:51 - 00000000 ____D C:\Users\greenuser\AppData\Local\acer
2016-01-26 15:07 - 2014-04-26 03:45 - 00000000 ____D C:\ProgramData\OEM
2016-01-25 08:17 - 2014-10-14 15:36 - 00000000 ____D C:\Users\greenuser\AppData\Roaming\ZoomBrowser EX
2016-01-25 08:17 - 2014-10-14 15:31 - 00000000 ____D C:\ProgramData\ZoomBrowser
2016-01-23 13:47 - 2015-08-02 13:40 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-22 07:53 - 2014-10-14 15:43 - 00000000 ____D C:\Users\greenuser\AppData\Roaming\CameraWindowDC
2016-01-21 15:22 - 2014-10-18 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-21 15:22 - 2014-10-18 17:56 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-21 15:22 - 2014-09-27 17:11 - 00000000 ____D C:\ProgramData\Oracle
2016-01-21 15:21 - 2015-08-27 06:39 - 00000000 ____D C:\Users\greenuser\.oracle_jre_usage
2016-01-21 15:21 - 2014-10-18 17:56 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-01-21 12:52 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-19 20:57 - 2015-02-19 12:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-01-18 19:54 - 2015-02-19 12:52 - 00000000 ____D C:\Users\greenuser\AppData\Roaming\TeamViewer
2016-01-18 17:05 - 2015-03-31 07:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-17 19:09 - 2014-10-01 12:51 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-16 09:07 - 2015-12-10 18:15 - 00000000 ____D C:\Users\greenuser\AppData\Roaming\vlc
2016-01-15 19:57 - 2015-06-25 09:49 - 00003122 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2016-01-15 19:57 - 2015-06-25 09:49 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-01-14 03:37 - 2015-07-10 07:20 - 00201944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-13 12:54 - 2014-09-18 17:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 12:44 - 2014-09-18 17:55 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-13 09:48 - 2015-05-15 19:42 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 09:47 - 2015-05-15 19:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-10 15:24 - 2015-08-15 13:23 - 00141163 ____H C:\Users\greenuser\Desktop\ZbThumbnail.info
2016-01-04 13:53 - 2015-10-05 16:47 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-01-04 13:53 - 2014-09-18 21:18 - 00002013 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-01-03 09:52 - 2014-09-18 14:47 - 00000000 ____D C:\Users\greenuser\AppData\Local\ElevatedDiagnostics
2016-01-02 20:40 - 2015-10-11 13:54 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 20:40 - 2015-10-11 13:54 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-01 17:33 - 2014-09-18 19:51 - 00007591 _____ C:\Users\greenuser\AppData\Local\resmon.resmoncfg
2015-12-29 19:38 - 2015-12-06 19:57 - 00000000 ____D C:\Users\greenuser\Documents\Mead labels

==================== Files in the root of some directories =======

2014-10-04 14:03 - 2015-05-29 14:37 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-01-27 16:48 - 2016-01-28 00:18 - 0000631 _____ () C:\Users\greenuser\AppData\Roaming\burnaware.ini
2015-05-09 13:32 - 2015-05-09 13:32 - 0005632 _____ () C:\Users\greenuser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-18 19:51 - 2016-01-01 17:33 - 0007591 _____ () C:\Users\greenuser\AppData\Local\resmon.resmoncfg
2014-09-28 19:08 - 2014-09-28 19:08 - 1264640 _____ () C:\Users\greenuser\AppData\Local\Templibtsk_jni.dll
2015-08-02 09:44 - 2015-08-02 09:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-18 14:20 - 2014-09-18 14:20 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2015-03-07 08:48 - 2015-03-07 08:48 - 0349396 _____ () C:\ProgramData\SPL4CDE.tmp
2015-03-07 08:47 - 2015-03-07 08:47 - 0349396 _____ () C:\ProgramData\SPL6D4B.tmp
2015-03-06 12:14 - 2015-03-06 12:14 - 0394881 _____ () C:\ProgramData\SPL78E1.tmp
2015-03-07 08:47 - 2015-03-07 08:47 - 0349396 _____ () C:\ProgramData\SPL91AC.tmp
2015-03-06 12:14 - 2015-03-06 12:14 - 0394881 _____ () C:\ProgramData\SPL97B2.tmp
2015-03-06 12:15 - 2015-03-06 12:15 - 0394881 _____ () C:\ProgramData\SPLC98F.tmp
2015-03-06 12:25 - 2015-03-06 12:25 - 0394881 _____ () C:\ProgramData\SPLDAAB.tmp
2015-03-08 09:05 - 2015-03-08 09:05 - 0349396 _____ () C:\ProgramData\SPLDE6C.tmp

Files to move or delete:
====================
C:\Users\greenuser\gosetup.exe


Some files in TEMP:
====================
C:\Users\greenuser\AppData\Local\Temp\4A3E.exe
C:\Users\greenuser\AppData\Local\Temp\COMAP.EXE
C:\Users\greenuser\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\greenuser\AppData\Local\Temp\lowproc.exe
C:\Users\greenuser\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-23 13:00

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by greenuser (2016-01-28 10:05:47)
Running from C:\Users\greenuser\Downloads
Windows 10 Home (X64) (2015-08-02 15:31:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2063059394-2818367510-731196322-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2063059394-2818367510-731196322-503 - Limited - Disabled)
greenuser (S-1-5-21-2063059394-2818367510-731196322-1001 - Administrator - Enabled) => C:\Users\greenuser
Guest (S-1-5-21-2063059394-2818367510-731196322-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2001 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2003.0 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.06.2000.22 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3016 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2001 - Acer Incorporated)
Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)
Ad-Aware Antivirus (HKLM\...\{9A711B34-77B5-4DDA-A97E-2FD6663729E1}_AdAwareUpdater) (Version: 11.9.696.8769 - Lavasoft)
AdAwareInstaller (Version: 11.9.696.8769 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.9.696.8769 - Lavasoft) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.2.1 - Angry IP Scanner)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AntimalwareEngine (Version: 3.0.99.0 - Lavasoft) Hidden
Any Video Converter 5.8.3 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.13.2000.0 - Acer Incorporated)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Autopsy (HKLM\...\{1A3AD2E8-29CB-4775-9CEF-3F4DC0FF8339}) (Version: 3.1.0 - The Sleuth Kit)
BCDx36HP Sentinel (HKLM-x32\...\{D7E7755E-38AB-4A29-97B6-F7BEBE93545D}) (Version: 1.05.00 - Uniden)
Belarc Advisor 8.2 (HKLM-x32\...\Belarc Advisor) (Version: 8.2.7.16 - Belarc Inc.)
BurnAware Free 8.7 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.1.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.0.20 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{77463C86-BB3A-426E-A6C2-06B4D28C250F}) (Version: 1.0.223 - Citrix)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4314.55 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeepMeta (HKLM-x32\...\{EA8ADD20-DD29-41FD-91CE-16C88EDF7C71}) (Version: 2.0.0016 - Eazign bvba - Franky De Meyer)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
Elevated Installer (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
EMET 4.1 Update 1 (HKLM-x32\...\{6A09FEB2-691C-456B-B982-2F6D21B19602}) (Version: 4.1.1 - Microsoft Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ffdshow x64 v1.2.4422 [2012-04-09] (HKLM\...\ffdshow64_is1) (Version: 1.2.4422.0 - )
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)
Garmin City Navigator North America NT 2015.40 (HKLM-x32\...\{502AF3EA-34FA-4BD9-BAEF-3F8D8C5E3CCC}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b292f4e5-60ca-4bb8-8810-e5f908c3c1ff}) (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
HomePatrol Sentinel (HKLM-x32\...\{F6381DF9-4824-47D5-887C-65A24871B4D5}) (Version: 2.03.02 - Uniden)
Host App Service (HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\Pokki) (Version: 0.269.7.660 - Pokki)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8102 - Acer Incorporated)
iCamSource (HKLM-x32\...\{C4A49370-477C-4C38-A14A-2F74C6BE218C}) (Version: 2.8 - SKJM, LLC)
ICQ 8.2 (build 7138) (HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\ICQ) (Version: 8.2.7138.0 - ICQ)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
iSpy (64 bit) (HKLM\...\{A0613F4F-6D3E-4F93-A486-45093B3A22FB}) (Version: 6.4.0 - iSpy)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
K-Lite Codec Pack 5.2.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.2.0 - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4150 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\safekey) (Version: 2.2.3 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.135 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.141 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Moo0 Connection Watcher 1.56 (HKLM-x32\...\Moo0 ConnectionWatcher) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 44.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-US)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.0.5866 - Mozilla)
MultiBit 0.5.18 (HKLM-x32\...\MultiBit 0.5.18) (Version: 0.5.18 - )
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{551AC8F2-FEA2-4B45-ACF7-C98681233CC9}) (Version: 12.5.01200 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 15.0.1000 - Nero AG)
Nero Prerequisite Installer 2.0 (HKLM-x32\...\{F4C242B4-2973-43F3-93F2-ED1B47AE8848}) (Version: 12.0.02000 - Nero AG)
NirSoft ProduKey (HKLM-x32\...\NirSoft ProduKey) (Version:  - )
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\Pokki_Start_Menu) (Version: 0.269.7.660 - Pokki)
Police Call CD-ROM (HKLM-x32\...\{F2B71A7F-38BE-4090-8789-788FE2FC2138}) (Version: 5.0.0.0 - Pozilla Software)
Prerequisite installer (x32 Version: 12.0.0008 - Nero AG) Hidden
Privacy Eraser (HKLM\...\{CB5AC03C-B8AD-980F-998E-51969A6DFC9F}_is1) (Version: 4.7.2.1729 - Cybertron Software Co., Ltd.)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.25 - Qualcomm Atheros)
RealDownloader (x32 Version: 18.1.2.176 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.2.179 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.2 - RealNetworks)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.3.34 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Scary Sounds HD (HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\scarysoundshd-c67fc43ff08ca095449dfdb92ee0667d) (Version: 0.2 - Panther Apps)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
SoftPerfect WiFi Guard version 1.0.6 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.6 - SoftPerfect)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Soluto (HKLM\...\{AD78441D-E016-4119-A0AE-9ECB763B6A3D}) (Version: 1.3.1500.2 - Soluto)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Stamps.com (x32 Version: 12.1.1.2876 - Stamps.com, Inc.) Hidden
Stamps.com Application Support for Corel WordPerfect 8 (x32 Version: 12.2.0.2734 - Stamps.com, Inc.) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden
Timelapse Viewer Plus R version 1.0 (HKLM-x32\...\Timelapse Viewer Plus R_is1) (Version: 1.0 - Browning)
Timelapse Viewer Plus version 1.0 (HKLM\...\Timelapse Viewer Plus_is1) (Version: 1.0 - Browning)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Whois Tools version 1.0 (HKLM-x32\...\{D1E27CB9-0560-432A-B92B-44D57D9EFE6C}_is1) (Version: 1.0 - HosterTalk.com)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media ASF View 9 Series (HKLM-x32\...\ASFView) (Version:  - )
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
YTD Video Downloader 4.9.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.9.1 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\greenuser\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\greenuser\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\greenuser\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\greenuser\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\greenuser\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\greenuser\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\greenuser\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04843571-2A76-477F-A0E6-708EDE2D8D39} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-11-19] (Acer)
Task: {055C06AA-3038-4350-A6E7-1F92EF296F26} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2015-11-25] ()
Task: {0C2AD704-7A06-4BB0-A1AB-DC7911D99A60} - System32\Tasks\Leader Technologies\LTCM Client\New Message Check - greenuser => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2011-04-07] (Leader Technologies Inc.)
Task: {0FDFE5BC-8E9D-4E9F-8F69-365787C45457} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2015-11-23] ()
Task: {12ADD3C2-F976-430D-B714-B28E3CA3BC24} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {14456173-DEA7-41E2-B780-C30DE4FF655C} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {1796BA58-FDA8-4AD0-914F-DA7DDCF6D679} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2063059394-2818367510-731196322-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {1E64EFEA-75A2-4D4E-B0C2-CB449164EB55} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {213234D4-AA30-464F-AD57-A5E5C8EA498F} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {22233D05-34B3-4180-9379-9D5E4674A3A0} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2015-11-25] ()
Task: {2B79956E-BD41-4491-8BA5-F4E8E37F32AB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2CB7F371-D6D1-437C-B6FD-76AAA5FFD1AF} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-10-29] ()
Task: {2FFFDA58-5466-4C1E-855B-B7F032C06D5E} - System32\Tasks\{F6F97110-D9D7-4A1E-9310-A533FC54D9A0} => pcalua.exe -a D:\bce\lexusbin.exe -d D:\bce
Task: {3151796E-9969-426E-A7A6-4F6380163B78} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {316F1DB0-994F-41B7-A20E-AA170760C5B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {31E23180-3561-4AEC-90DF-1390B0061CB3} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-10] (Dropbox, Inc.)
Task: {3404E80C-A540-4C89-A706-77BDE77AEA7A} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Moo0\ConnectionWatcher 1.56\ConnectionWatcher.exe [2013-08-14] (Moo0)
Task: {36FE5947-E13E-4FA9-92C4-5ECCD2E6D871} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-11-17] (Acer Incorporated)
Task: {38D88A24-C4C8-4C3C-8ABD-6822EAF0D53A} - System32\Tasks\EPSON XP-310 Series Update {73C93EFF-09DF-4CA4-AEE2-436C78D990F9} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {3D93EB6B-6534-4543-9E07-9AA1846C5E7E} - System32\Tasks\GoogleUpdateTaskMachineUA1d040e05f3385b7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3E977851-D723-4ADF-B0BC-F513E6B04411} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-11-04] ()
Task: {3F3AB5E2-776B-4582-9659-AFD4DBEF80E0} - System32\Tasks\EPSON XP-310 Series Update {2A2B6CFE-415C-456D-B230-4D6DF539B76E} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {4423C1D6-9C42-41BB-86D4-5847A17E64DF} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2013-12-30] (Acer Incorporated)
Task: {44AC5ABB-09AD-4C40-A100-C4CE197B9B8C} - System32\Tasks\{1CB70B78-92FD-43AB-AACE-CB5866BC1019} => pcalua.exe -a "C:\Program Files (x86)\Lexmark 2300 Series\Install\x64\Uninst.exe"
Task: {53E5AE43-AF76-4F73-B061-7AEF2E85BF40} - System32\Tasks\{EC7BD614-6BC8-4D9F-B87A-8CF49E3AA5B6} => pcalua.exe -a D:\Setup.EXE -d D:\
Task: {5586F63F-83DC-4BBB-9261-75B0C058C9A9} - System32\Tasks\{7B038A08-D236-436E-B908-CB927959E4A9} => pcalua.exe -a "C:\Program Files\Lexmark 2300 Series\setup.exe" -d "C:\Program Files\Lexmark 2300 Series"
Task: {57485E86-757F-4D45-B1EF-8205797C0B4D} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {5998B002-0FB1-40D7-8D6E-AB34EFEE0B14} - System32\Tasks\{2A74263A-5FAD-407F-8206-9D1914D9200E} => pcalua.exe -a C:\Windows\System32\spool\drivers\x64\3\lxcgunst.exe -c -NOLICENSE
Task: {5A4F9BDD-E4E0-4D4D-8A5D-032B5612FDB5} - System32\Tasks\Google Update => C:\Users\greenuser\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5FB234DD-DDB0-4472-ACF6-BF0FF2BB5A89} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {64948219-A6D4-497A-9014-5E74708D8FBC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {66CA6592-79FD-4F05-9855-06E07E5777D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6B20E06A-B133-41CD-9832-309E06635457} - System32\Tasks\EPSON XP-310 Series Update {D8E7B340-149D-4D4B-BFDA-1C79F67CA2D5} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {72BEDFDC-C194-4F60-94A9-355105D50FBB} - System32\Tasks\Cybertron\Privacy Eraser\SkipUAC_greenuser => C:\Program Files\Cybertron\Privacy Eraser\PrivacyEraser.exe [2015-12-15] (Cybertron Software, Co., Ltd.)
Task: {7455A4CE-A93A-40B9-9B09-E8A13639D201} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {77796D27-7794-4779-A3B7-E257BEF30527} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {78116B72-0B5E-4710-A694-AF0CD611145B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2063059394-2818367510-731196322-1001Core => C:\Users\greenuser\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {813E07C3-8328-4B6D-89BA-307B5A7FB4C0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8413A8D7-8EA0-4ED5-8A55-341857C9E5A3} - System32\Tasks\{E2926F07-3782-4B34-BB1F-013ABE0E54F2} => pcalua.exe -a C:\Users\greenuser\Downloads\ASFinst.exe -d C:\Users\greenuser\Downloads
Task: {8572BDDE-F859-49EC-A5E8-F5F1BE50B079} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-10] (Dropbox, Inc.)
Task: {86797398-7421-4830-8279-BB2DE0C3A65C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-13] (Microsoft Corporation)
Task: {8E68BDFA-02E0-477E-9E26-727D1CBDA597} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {94F85A29-C299-4CA7-909A-311A6638D35B} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-09-01] (McAfee, Inc.)
Task: {9745B307-CC70-458C-B3A0-B53CCA3AC599} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {983ADF6E-9DBE-4DEA-BAC0-064066402F35} - System32\Tasks\EPSON XP-310 Series Invitation {73C93EFF-09DF-4CA4-AEE2-436C78D990F9} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {9BA08968-27E7-4BD6-A1B7-BD49944EFEC0} - System32\Tasks\EPSON XP-310 Series Invitation {2A2B6CFE-415C-456D-B230-4D6DF539B76E} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {9CE487A2-38EA-4E72-B5CD-7AE5F13CFD67} - System32\Tasks\{584A3B2F-DD4A-4D90-9874-4F2D318C54A5} => pcalua.exe -a C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_239_Plugin.exe -c -maintain plugin
Task: {A20B2CAE-96B0-4388-B8C9-A8AC43E1FEAA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {A68EDF5E-F3B0-4703-AD0E-24101BD7EE69} - System32\Tasks\{6469986D-CACB-4BBB-9724-5B6226C33853} => pcalua.exe -a "C:\Program Files\Lexmark 2300 Series\setup (2).exe" -d "C:\Program Files\Lexmark 2300 Series"
Task: {AA246F96-AF4E-4902-881E-FC5329A87657} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)
Task: {AE0DDE2E-A9A9-4422-9A23-536F65499729} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2063059394-2818367510-731196322-1001UA => C:\Users\greenuser\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {BEDD56E3-1FE8-4F53-B46B-6AF2826C57EC} - System32\Tasks\{D92EE83C-4BCF-401A-8A98-973518CA3862} => pcalua.exe -a D:\Install\x86\instgui.exe -d D:\Install\x86
Task: {C4669D06-31B9-4C40-816A-3A74D97E697E} - System32\Tasks\EPSON XP-310 Series Invitation {D8E7B340-149D-4D4B-BFDA-1C79F67CA2D5} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {C7FC9288-C7CD-4DC9-A9E5-BF5D002586BC} - System32\Tasks\{FC5A14B0-F67A-4518-83BC-028E3C188091} => pcalua.exe -a "C:\Program Files\Lexmark 2300 Series\Applications\setup.exe" -d "C:\Program Files\Lexmark 2300 Series\Applications"
Task: {CB0FDB7F-93B0-428D-8A50-E0D5C99B5CB2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CBF1C6D2-2646-443D-8ECF-84ADB4EBA9F4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D7D022B6-C9A8-4227-96FA-AB9995649227} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {E432A9AC-3107-480E-873A-F89B04FA9771} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated)
Task: {E5334D4A-15B2-4E5D-BB10-21F2324242ED} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2015-11-25] ()
Task: {E707C512-DEC0-4C47-AABF-ED8A295DBB1F} - System32\Tasks\{56B436C2-CFB6-4491-94F1-3A905FBB3A90} => pcalua.exe -a "C:\Program Files (x86)\Search Extensions\uninstall.exe" -c /u=true /UserID=741912da-d65c-44e9-8e29-30ab0eaf7304 /SourceID=tucows_ba|tucows_vlc /ImplementationID=browsersafeguard-rockettab-mw3-ptn-tba-nt /UC=20141001
Task: {E7BF1BE5-5301-4805-9B5C-A01EBBC04D6E} - System32\Tasks\{829E5616-6C49-44DF-A38B-7F5010B42A6B} => pcalua.exe -a "C:\Program Files\Lexmark 2300 Series\OCR\setup.exe" -d "C:\Program Files\Lexmark 2300 Series\OCR"
Task: {E864DFE4-317F-4D32-A36A-C01CD6116F67} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()
Task: {E8CDC21B-8ABD-49F0-97CA-6C50C8587CBA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2063059394-2818367510-731196322-1001UA1d0426cc29d3993 => C:\Users\greenuser\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {EAAB09DE-C813-4BA4-BEF8-84E0E800C83D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EFB74250-556B-4482-B875-84A184579324} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-11-25] (Acer Incorporated)
Task: {F042729D-5FE2-4821-9DAA-69C034BA3180} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2063059394-2818367510-731196322-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-11-04] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {2A2B6CFE-415C-456D-B230-4D6DF539B76E}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {73C93EFF-09DF-4CA4-AEE2-436C78D990F9}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Invitation {D8E7B340-149D-4D4B-BFDA-1C79F67CA2D5}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {2A2B6CFE-415C-456D-B230-4D6DF539B76E}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{2A2B6CFE-415C-456D-B230-4D6DF539B76E} /F:UpdateWORKGROUP\GREEN$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {73C93EFF-09DF-4CA4-AEE2-436C78D990F9}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{73C93EFF-09DF-4CA4-AEE2-436C78D990F9} /F:UpdateWORKGROUP\GREEN$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-310 Series Update {D8E7B340-149D-4D4B-BFDA-1C79F67CA2D5}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE:/EXE:{D8E7B340-149D-4D4B-BFDA-1C79F67CA2D5} /F:UpdateWORKGROUP\GREEN$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d040e05f3385b7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2063059394-2818367510-731196322-1001Core.job => C:\Users\greenuser\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2063059394-2818367510-731196322-1001UA.job => C:\Users\greenuser\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2063059394-2818367510-731196322-1001UA1d0426cc29d3993.job => C:\Users\greenuser\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\Booking.com.lnk -> C:\Program Files\Booking.COM\StartURL.exe () -> hxxp://www.booking.com/index.html?aid=379334

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 06:00 - 2015-07-10 06:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2014-05-28 15:23 - 2014-05-28 15:23 - 00098512 _____ () C:\Program Files (x86)\EMET 4.1\EMET_CE64.DLL
2015-08-02 13:34 - 2015-08-02 13:34 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-03-06 07:24 - 2009-08-13 12:06 - 00177152 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2015-08-18 17:21 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-12-09 17:55 - 2015-12-09 17:55 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareService.exe
2015-12-09 17:58 - 2015-12-09 17:58 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_date_time-vc120-mt-1_57.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_system-vc120-mt-1_57.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_filesystem-vc120-mt-1_57.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 11671800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareServiceKernel.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_regex-vc120-mt-1_57.dll
2015-12-09 17:59 - 2015-12-09 17:59 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_thread-vc120-mt-1_57.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\RCF.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_chrono-vc120-mt-1_57.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 00709360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareActivation.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 00476928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareApplicationUpdater.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareGamingMode.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareReset.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTime.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 01030912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareDefinitionsUpdater.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareDefinitionsUpdaterScheduler.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareIgnoreList.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareQuarantine.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 01571584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareAntiMalwareEngine.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareAntiRootkitEngine.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareScannerHistory.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 01373928 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareScanner.dll
2015-12-09 17:59 - 2015-12-09 17:59 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_timer-vc120-mt-1_57.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 01019640 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareScannerScheduler.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareRealTimeProtection.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 02489592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareIncompatibles.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 01468136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareAntiSpam.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 01416944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareAntiPhishing.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareParentalControl.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 02995960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareWebProtection.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 01325816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareEmailProtection.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\boost_iostreams-vc120-mt-1_57.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 01856768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareNetworkProtection.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 01013992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwarePromo.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 00365288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareFeedback.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareThreatWorkAlliance.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 01261800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwarePinCode.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 01014504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareNotice.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 01542896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareAvcEngine.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareRealTimeProtectionHistory.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 00475888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareStatistics.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00033088 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-09-30 14:36 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-31 12:22 - 2015-10-31 12:22 - 00163328 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\PCGAppContr9a4addef#\729e73bd733d8a0def83537444380ab2\PCGAppControlPluginLoader.ni.exe
2015-09-30 14:36 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-09 17:58 - 2015-12-09 17:58 - 02794744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareShellExtension.dll
2015-09-30 14:36 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-11-23 18:44 - 2015-11-23 18:44 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-11-25 11:03 - 2015-11-25 11:03 - 04644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2013-12-18 18:02 - 2013-12-18 18:02 - 00124480 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll
2013-12-18 18:02 - 2013-12-18 18:02 - 00054848 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll
2015-10-31 12:24 - 2015-10-31 12:24 - 00150016 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Management\b49b551c26eae5920b121652d21c9eb0\Windows.Management.ni.dll
2015-08-19 15:50 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-08-19 15:50 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-08-19 15:50 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-08-19 15:50 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00037720 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-11-04 15:19 - 2015-11-04 15:19 - 00039768 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00037728 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2014-05-28 15:23 - 2014-05-28 15:23 - 00089808 _____ () C:\Program Files (x86)\EMET 4.1\EMET_CE.DLL
2015-11-16 19:55 - 2015-11-16 19:55 - 00202456 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00654000 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00641240 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll
2015-11-16 19:56 - 2015-11-16 19:56 - 00119000 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll
2015-12-02 08:10 - 2015-12-02 08:10 - 00015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-11-17 11:11 - 2015-11-17 11:11 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-11-17 11:10 - 2015-11-17 11:10 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-01-05 10:41 - 2016-01-05 10:41 - 01114648 _____ () C:\Users\greenuser\AppData\Roaming\Mozilla\Firefox\Profiles\x6xkjc8d.default-1433097140802\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\com -> hxxp://*.Wondershare.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2016-01-04 13:53 - 00000858 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2063059394-2818367510-731196322-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\greenuser\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\desktop background.bmp
DNS Servers: 192.168.0.1 - 216.66.108.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install SafeKey FF RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "LTCM Client"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\StartupApproved\Run: => "Pokki"
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\StartupApproved\Run: => "Google Update"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1B7D996C-B1E9-4082-BA31-00270A99DFCB}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{0A3EF913-2C81-43FF-90BF-199FB5C1B9C6}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{BFD080D1-9ABC-4076-B478-F4E4B2ECA23F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{2A8518EA-3810-415B-A991-E0A38F5D8A13}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9E085D91-6A03-4B93-B719-BED1D3A804FC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{50A8E7E3-4A16-4CD1-94A2-1990C44BF8D2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{3C73B335-5C11-4D8E-900D-DDA931BA8508}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{B1AA9890-F0B6-48A9-B2A6-F4A70B1DAABA}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{6B75AEBC-9AB0-45B8-BC43-CE69C0BDF0BA}] => (Allow) LPort=1900
FirewallRules: [{4E8A0E88-C1EC-480E-92DB-9E12F08A0B7A}] => (Allow) LPort=2869
FirewallRules: [{5D6542A1-6744-49FF-A705-AFCA5DA65FAF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{34E072C0-284F-4F8E-A1FA-C4563F3F80AD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3B3246C1-7A59-4E1E-BA00-0C991EC43F4E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{A5A83938-E1E3-431B-9859-D74BBAA0ADD8}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{C39A0517-63AC-4BD0-984D-DC2970CB0E3A}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{283F536A-1DF2-4DB0-A98E-BB37B942D134}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcgpswx.exe
FirewallRules: [{AD19843A-8E85-4486-B57C-78D13785B2BF}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcgpswx.exe
FirewallRules: [{265F42B9-36A8-4BB2-8B7F-D4003BED22B2}] => (Allow) C:\Windows\System32\lxcgcoms.exe
FirewallRules: [{075B6627-39F7-4544-B475-CE4F579202A5}] => (Allow) C:\Windows\System32\lxcgcoms.exe
FirewallRules: [{AC3E6C24-CF1B-4C54-8001-D3A96C3AF0B7}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcgpswx.exe
FirewallRules: [{71198AD1-9662-41BC-89C6-11B39A6A4942}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxcgpswx.exe
FirewallRules: [{5CE8838F-0545-4E02-97B3-99ED438E5C57}] => (Allow) C:\Windows\System32\lxcgcoms.exe
FirewallRules: [{18CDFC1D-691D-4026-A1C3-82E89FAB8F01}] => (Allow) C:\Windows\System32\lxcgcoms.exe
FirewallRules: [{199D92BD-0942-4817-9010-D3AA01DA2F27}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{953A9D3F-1484-43B9-A025-4523E333FA1C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{21A92C82-FE50-44F7-B61A-9F16763DB08E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0BA2B5F5-2152-43A4-A0C6-AB10065B0A0F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{17972019-8ACB-4E1A-A845-B22B4A2F7CC2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B069A0FA-851A-4007-85B1-B88229A0E840}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{124E9E10-628C-4BBF-B0E7-574674945173}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F3908741-0937-4E40-9047-25E69DFBB1BC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0A894F49-5177-4A0B-92CC-F9F269A1C1BD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{250AB777-C371-4208-97A4-7623E103C49D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{25E140D1-89C4-4981-8F8B-2E2850EBD510}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{FD49F231-46B7-460E-9083-AB9CBFA2433D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{1C7DBAA5-99CC-49B6-84A2-3F14C1E48A8D}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{1C65B96B-7843-4BAB-826E-3C61490725EF}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{BCA02A47-01E5-4F37-9526-93D8BC824662}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{34857569-6433-469D-8A3B-AA8F91207147}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{68C0150A-951D-4749-A54F-9B43C28BE222}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8BCD719E-7D14-4713-9A1E-3132E5D4117A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{E5EBC45B-CA8C-419D-9C3C-F1A07E554611}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{CEA0E68B-FF22-4F38-BF3B-53C59D50F375}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\WindowsUpnpMV.exe
FirewallRules: [{C1C61956-676A-42AA-8728-8A4A79EBD8BA}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{CCE52591-DB2D-4524-8416-DFFCB487325D}] => (Allow) C:\Program Files (x86)\Acer\abMedia_\DMCDaemon.exe
FirewallRules: [{8E4334B6-03D4-45B3-8BF7-99AF5AE7BDE4}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{FCF79ADB-940B-4FE4-B8B7-C1B7AAA3FC3A}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{6A3900AE-F118-46F2-B1F9-31B3614B9949}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{33860AB4-6A40-403C-A283-40531EA47041}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2138E1C9-CE26-4F50-98EC-C860F5DA00FC}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{77C97B12-A9E7-4D27-9B60-18B2A5452C41}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{12CD34BC-51C9-4806-9F67-7C846F28D373}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{155046B1-0215-4DDC-B100-C21F2798AAC6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{D88539E6-6B9B-44CC-A3E4-5841FC0FB2C8}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{A0DC303C-991C-4EF3-8D61-06264DA20CFC}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{FAE7E1D2-38FC-44A4-8639-019E79A1ACB6}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{DD9B1D76-0A17-4544-AF2A-7AD56A0D7434}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{127BFB1F-A08D-4A27-B22D-FC455FA8E44F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{716FBA96-A5C2-439F-AF23-E5B847DD960E}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{42D54233-FE62-43F4-BCCC-2B5521DC0B15}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{089A27BD-DFD2-411E-B438-BD1245D8B687}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{2FEF5301-2101-4C5E-98F8-4BE6F440BBAD}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{EB379593-18DC-4567-8E45-DA7AF61F197C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{0233DAF1-8E7D-4B8C-98AA-041E4E985D4C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{095F4E29-C56B-450F-9AFB-50E2CAA87D48}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{8B7770E3-3495-468D-ACD7-613AF53E4EC4}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CAEC3B31-01FA-439A-9298-A23C14FEFD02}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{9BDE7FDD-AA7F-44FE-A634-14A5BC7E14B8}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{E4F47B5B-C86A-477F-9C0F-F854C20A8E15}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{5A1BB755-360F-4E0E-96F6-2A55A17E4E64}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{7229FF56-D0E5-42DF-AB33-CC036BE7FEFF}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{1F75B9B7-A7ED-42EC-B938-9AE4058B1E99}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{4580A2A6-FE2F-4BD6-829E-5BABE57CACC2}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{CE29C982-B473-43C8-8997-45D9D2C16401}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{FEA8CA65-C5E5-453A-8B9A-C550CF0DE4AE}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{CC8B375A-D73C-45AD-9175-F9CBC004A885}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{17A9AC48-6266-4B9C-A1CF-C6065DBCC314}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{590B988F-4F3B-4BE4-B000-5F9EC369834F}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{6F93C600-EEBF-4793-A532-52E12AC13964}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{7D9F0A12-E5E9-485A-A4C2-855B32084A75}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{A63358A2-0E58-4BA7-9D73-D29FFE002354}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{CACA08B4-0F05-4329-A0EB-10C14B46F4FE}] => (Allow) C:\Program Files\Soluto\SolutoCleanup.exe
FirewallRules: [{FBA8011C-8647-46E6-85B4-B7D7169979EC}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{1227722E-7883-462F-A4DA-A251FDF171AC}] => (Allow) C:\Program Files\Soluto\SolutoRemoteDirect.exe
FirewallRules: [{E8402CD5-3580-4453-A6C4-88A0B4516861}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{A819657C-DEA7-4152-8E41-E8D7B6FB093C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{FF5E770F-E691-4F9F-AD26-A66FD31A4B52}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{98D35586-23DC-4BDA-A71A-EC298E5738B9}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{4DCABE46-841E-4926-A371-86FDA012FC5B}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{299D8E9F-75D4-4EF4-AA1B-4133A7274CDF}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{87FE9639-CE55-4F61-9286-B21A97F5BE5A}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{05DD1827-0BFD-4F8B-97FB-1234EB7E7EE0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE2B07E6-9B13-452C-85AC-690F2D6AE64D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2E141867-9BCF-473C-A6B5-58968620ED44}] => (Allow) C:\Users\greenuser\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{B628C043-DD5E-4D52-B5CB-0E4864BC034B}] => (Allow) C:\Users\greenuser\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{AAEBAC2E-43E4-42CB-95E5-49B5D7090589}] => (Allow) C:\Users\greenuser\AppData\Local\Temp\WZSE1.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{2BB74AC6-7D2C-42AA-A601-55FBC2B4DB5C}] => (Allow) C:\Users\greenuser\AppData\Local\Temp\WZSE1.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{710B00A4-B209-4968-BDD0-4402FDEDE2F8}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{052030DF-AAD0-42A2-8459-2AE27CB7518F}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{A432C23C-E635-432E-9FBD-1D3641F9B48B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{965D5F4D-4A40-4A44-AF41-9E31422EEC06}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{033C49C3-CF4F-4CD1-A58B-3657AF8CD521}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{19BC1E81-4E2F-4F58-B108-40F105685483}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{2B7DF402-0571-49F6-A44D-6686790E62BA}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{CB50A4EC-528E-42D6-8B6D-D71E8229D521}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A9C5F592-F90D-4934-B871-932C1D127573}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{330C20DD-5E06-4D91-A016-1AFB3DDB7660}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F364D2DD-21B3-4ED9-A0EB-FFB693443027}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B9855F0B-DCA8-4568-8F68-4F348907E74D}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

09-01-2016 09:05:48 Windows Update
13-01-2016 12:40:55 Windows Update
13-01-2016 12:42:33 Windows Update
18-01-2016 17:04:51 Removed Skype Click to Call
26-01-2016 10:27:20 Scheduled Checkpoint
27-01-2016 15:47:03 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
27-01-2016 15:48:32 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2016 08:40:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16603, time stamp: 0x5655390b
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10240.16548, time stamp: 0x56133a14
Exception code: 0xc000027b
Fault offset: 0x00000000004aee7f
Faulting process id: 0x1d38
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (01/28/2016 08:40:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16603, time stamp: 0x5655390b
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10240.16548, time stamp: 0x56133a14
Exception code: 0xc000027b
Fault offset: 0x00000000004aee7f
Faulting process id: 0x1cf0
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (01/28/2016 08:40:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16603, time stamp: 0x5655390b
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10240.16548, time stamp: 0x56133a14
Exception code: 0xc000027b
Fault offset: 0x00000000004aee7f
Faulting process id: 0x1e40
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (01/28/2016 08:40:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16603, time stamp: 0x5655390b
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10240.16548, time stamp: 0x56133a14
Exception code: 0xc000027b
Fault offset: 0x00000000004aee7f
Faulting process id: 0x1408
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (01/28/2016 08:39:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16603, time stamp: 0x5655390b
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10240.16548, time stamp: 0x56133a14
Exception code: 0xc000027b
Fault offset: 0x00000000004aee7f
Faulting process id: 0x1a20
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (01/28/2016 08:39:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16603, time stamp: 0x5655390b
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10240.16548, time stamp: 0x56133a14
Exception code: 0xc000027b
Fault offset: 0x00000000004aee7f
Faulting process id: 0x1a18
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (01/28/2016 12:26:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: realplay.exe, version: 18.1.2.175, time stamp: 0x563a9470
Faulting module name: hxmedpltfm.dll, version: 18.1.2.175, time stamp: 0x563a8efc
Exception code: 0xc0000005
Fault offset: 0x0001c7f6
Faulting process id: 0x940
Faulting application start time: 0xrealplay.exe0
Faulting application path: realplay.exe1
Faulting module path: realplay.exe2
Report Id: realplay.exe3
Faulting package full name: realplay.exe4
Faulting package-relative application ID: realplay.exe5

Error: (01/28/2016 12:22:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GREEN)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/28/2016 12:21:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16603, time stamp: 0x5655390b
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10240.16548, time stamp: 0x56133a14
Exception code: 0xc000027b
Fault offset: 0x00000000004aee7f
Faulting process id: 0x1784
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (01/28/2016 12:18:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EraseDisc.exe version 8.7.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 9ec

Start Time: 01d1598b363f089c

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\BurnAware Free\EraseDisc.exe

Report Id: 9a486fbf-c57e-11e5-832a-f80f41bfcd20

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (01/28/2016 09:12:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Soluto service failed to start due to the following error:
%%31

Error: (01/28/2016 09:12:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Soluto service failed to start due to the following error:
%%31

Error: (01/28/2016 08:41:29 AM) (Source: DCOM) (EventID: 10016) (User: GREEN)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}GreengreenuserS-1-5-21-2063059394-2818367510-731196322-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/28/2016 08:41:29 AM) (Source: DCOM) (EventID: 10016) (User: GREEN)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}GreengreenuserS-1-5-21-2063059394-2818367510-731196322-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/28/2016 08:41:29 AM) (Source: DCOM) (EventID: 10016) (User: GREEN)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}GreengreenuserS-1-5-21-2063059394-2818367510-731196322-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/28/2016 08:41:29 AM) (Source: DCOM) (EventID: 10016) (User: GREEN)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}GreengreenuserS-1-5-21-2063059394-2818367510-731196322-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (01/28/2016 08:41:22 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (01/28/2016 08:38:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Soluto PCGenome Core Service service failed to start due to the following error:
%%1053

Error: (01/28/2016 08:38:12 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Soluto PCGenome Core Service service to connect.

Error: (01/28/2016 08:37:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Cdralw2k service failed to start due to the following error:
%%1275


==================== Memory info ===========================

Processor: Intel® Celeron® CPU J1900 @ 1.99GHz
Percentage of memory in use: 51%
Total physical RAM: 3984.12 MB
Available physical RAM: 1924.36 MB
Total Virtual: 4688.12 MB
Available Virtual: 2033.96 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:450.89 GB) (Free:290.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1861E9C0)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Scottish558, 28 January 2016 - 10:28 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:30 AM

Posted 29 January 2016 - 09:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs and Features applet.
Host App Service (HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\Pokki) (Version: 0.269.7.660 - Pokki)
Pokki Start Menu (HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\Pokki_Start_Menu) (Version: 0.269.7.660 - Pokki)
YTD Video Downloader 4.9.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.9.1 - GreenTree Applications SRL) <==== ATTENTION


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2063059394-2818367510-731196322-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {71F11D34-26C4-4F00-81C8-07E78606B57D} URL =
SearchScopes: HKLM -> {71F11D34-26C4-4F00-81C8-07E78606B57D} URL =
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2015-01-19] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2015-01-19] (Yahoo! Inc.)
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
FF DefaultSearchEngine.US: DuckDuckGo
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
CustomCLSID: HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\greenuser\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\greenuser\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\greenuser\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\greenuser\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {12ADD3C2-F976-430D-B714-B28E3CA3BC24} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {213234D4-AA30-464F-AD57-A5E5C8EA498F} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {2B79956E-BD41-4491-8BA5-F4E8E37F32AB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3151796E-9969-426E-A7A6-4F6380163B78} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {57485E86-757F-4D45-B1EF-8205797C0B4D} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {5FB234DD-DDB0-4472-ACF6-BF0FF2BB5A89} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {64948219-A6D4-497A-9014-5E74708D8FBC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {77796D27-7794-4779-A3B7-E257BEF30527} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {813E07C3-8328-4B6D-89BA-307B5A7FB4C0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8E68BDFA-02E0-477E-9E26-727D1CBDA597} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CB0FDB7F-93B0-428D-8A50-E0D5C99B5CB2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CBF1C6D2-2646-443D-8ECF-84ADB4EBA9F4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EAAB09DE-C813-4BA4-BEF8-84E0E800C83D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
C:\Users\greenuser\AppData\Local\Temp\4A3E.exe
C:\Users\greenuser\AppData\Local\Temp\COMAP.EXE
C:\Users\greenuser\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\greenuser\AppData\Local\Temp\lowproc.exe
C:\Users\greenuser\AppData\Local\Temp\stubhelper.dll

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

Copy the text IN THE CODE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}]
Restart the when completed.

You can delete the fixme.reg file when done.

Please post the logs and let me know what problem persists.

#3 Scottish558

Scottish558
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 29 January 2016 - 12:59 PM

Hi nasdaq, thanks for the reply. I followed your instructions except i did not uninstall YTD video downloader let me know if this is a problem . I see that it is connected with greentree which is the same company that distributes pokki....anyway heres the fixlog.txt.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by greenuser (2016-01-29 12:39:52) Run:1
Running from C:\Users\greenuser\Downloads
Loaded Profiles: greenuser (Available Profiles: greenuser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking
Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2063059394-2818367510-731196322-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> DefaultScope {71F11D34-26C4-4F00-81C8-07E78606B57D} URL =
SearchScopes: HKLM -> {71F11D34-26C4-4F00-81C8-07E78606B57D} URL =
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2015-01-19] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2015-01-19] (Yahoo! Inc.)
Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C -  No File
FF DefaultSearchEngine.US: DuckDuckGo
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
CustomCLSID:
HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\greenuser\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\greenuser\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\greenuser\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\greenuser\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {12ADD3C2-F976-430D-B714-B28E3CA3BC24} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <====
ATTENTION
Task: {213234D4-AA30-464F-AD57-A5E5C8EA498F} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {2B79956E-BD41-4491-8BA5-F4E8E37F32AB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3151796E-9969-426E-A7A6-4F6380163B78} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {57485E86-757F-4D45-B1EF-8205797C0B4D} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {5FB234DD-DDB0-4472-ACF6-BF0FF2BB5A89} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {64948219-A6D4-497A-9014-5E74708D8FBC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {77796D27-7794-4779-A3B7-E257BEF30527} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {813E07C3-8328-4B6D-89BA-307B5A7FB4C0} -
\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8E68BDFA-02E0-477E-9E26-727D1CBDA597} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CB0FDB7F-93B0-428D-8A50-E0D5C99B5CB2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CBF1C6D2-2646-443D-8ECF-84ADB4EBA9F4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EAAB09DE-C813-4BA4-BEF8-84E0E800C83D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
C:\Users\greenuser\AppData\Local\Temp\4A3E.exe
C:\Users\greenuser\AppData\Local\Temp\COMAP.EXE
C:\Users\greenuser\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\greenuser\AppData\Local\Temp\lowproc.exe
C:\Users\greenuser\AppData\Local\Temp\stubhelper.dll

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value removed successfully
Ltd.) => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-2063059394-2818367510-731196322-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value removed successfully
"HKCR\Wow6432Node\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71F11D34-26C4-4F00-81C8-07E78606B57D}" => key removed successfully
HKCR\CLSID\{71F11D34-26C4-4F00-81C8-07E78606B57D} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value removed successfully
"HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => key removed successfully
"HKCR\PROTOCOLS\Handler\WSIEChrome" => key removed successfully
Firefox DefaultSearchEngine.US removed successfully
wfpcapture => service removed successfully
CustomCLSID: => key could not remove. ErrorCode: 0xC000003B
HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\greenuser\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-2063059394-2818367510-731196322-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{12ADD3C2-F976-430D-B714-B28E3CA3BC24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12ADD3C2-F976-430D-B714-B28E3CA3BC24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{213234D4-AA30-464F-AD57-A5E5C8EA498F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{213234D4-AA30-464F-AD57-A5E5C8EA498F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B79956E-BD41-4491-8BA5-F4E8E37F32AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B79956E-BD41-4491-8BA5-F4E8E37F32AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3151796E-9969-426E-A7A6-4F6380163B78}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3151796E-9969-426E-A7A6-4F6380163B78}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57485E86-757F-4D45-B1EF-8205797C0B4D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57485E86-757F-4D45-B1EF-8205797C0B4D}" => key removed successfully
C:\WINDOWS\System32\Tasks\LaunchApp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FB234DD-DDB0-4472-ACF6-BF0FF2BB5A89}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FB234DD-DDB0-4472-ACF6-BF0FF2BB5A89}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64948219-A6D4-497A-9014-5E74708D8FBC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64948219-A6D4-497A-9014-5E74708D8FBC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77796D27-7794-4779-A3B7-E257BEF30527}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77796D27-7794-4779-A3B7-E257BEF30527}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {813E07C3-8328-4B6D-89BA-307B5A7FB4C0} - => key not found.
\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8E68BDFA-02E0-477E-9E26-727D1CBDA597}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E68BDFA-02E0-477E-9E26-727D1CBDA597}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB0FDB7F-93B0-428D-8A50-E0D5C99B5CB2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB0FDB7F-93B0-428D-8A50-E0D5C99B5CB2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBF1C6D2-2646-443D-8ECF-84ADB4EBA9F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBF1C6D2-2646-443D-8ECF-84ADB4EBA9F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAAB09DE-C813-4BA4-BEF8-84E0E800C83D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAAB09DE-C813-4BA4-BEF8-84E0E800C83D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
C:\Users\greenuser\AppData\Local\Temp\4A3E.exe => moved successfully
C:\Users\greenuser\AppData\Local\Temp\COMAP.EXE => moved successfully
C:\Users\greenuser\AppData\Local\Temp\jre-8u71-windows-au.exe => moved successfully
C:\Users\greenuser\AppData\Local\Temp\lowproc.exe => moved successfully
C:\Users\greenuser\AppData\Local\Temp\stubhelper.dll => moved successfully
EmptyTemp: => 3.5 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 12:40:33 ====


Edited by Scottish558, 29 January 2016 - 12:59 PM.


#4 Scottish558

Scottish558
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 29 January 2016 - 01:01 PM

nasdaq, In laymans terms what exactly was removed and does anything else look suspicious ?   Thanks again



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:30 AM

Posted 29 January 2016 - 01:21 PM

Most empty registry items were removed.

This was important. Some malware do place restrictions on IE.

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

How is the computer running now?

#6 Scottish558

Scottish558
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 29 January 2016 - 03:08 PM

Took a while to start up, It seems to be running ok for now. I will let you know if I have problems. Thanks for the help.



#7 Scottish558

Scottish558
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:30 AM

Posted 29 January 2016 - 08:58 PM

Hey nasdaq my computer is running like new, thanks . I have another computer that is acting up If you can take a look at the scan result can you tell me anything that is wrong... thanks in advance.

 

Attached File  result.txt   52.82KB   3 downloads


Edited by Scottish558, 29 January 2016 - 09:05 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:30 AM

Posted 30 January 2016 - 08:21 AM

I have reviewed your log for the XP computer.

We do not service two computers on the same topic.

I have Identified some issues that should be attend too.

Please start a new topic and post the FRST.txt and the Addition.txt logs.

Let me have the URL of this new topic and I will expedite the matter.

===

If all is well with this computer.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:30 AM

Posted 06 February 2016 - 01:46 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users