Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What now?


  • This topic is locked This topic is locked
25 replies to this topic

#1 AndreasO

AndreasO

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 29 May 2016 - 03:07 AM

My name is Andreas. I am a laptop user but not an expert, and at my wits end with regard to what happened to my computer.  My first log "Urgent help neede"  in "Am I infected" was looked after mainly by buddy215 who, after a lot of work on my behalf, has recommended me to switch to this forum.

 

I have run the FRST software and the files created are attached hereunder.  My problems are many, including

 

  • I cannot start Internet Explorer normally - neither from my taskbar icon nor via START (I'm running Windows 7).  It comes up blank saying "Internet Explorer (not responding)" and then closes down. I currently have to double-click on Carbonite InfoCenter which starts the IE.  I then I quickly open a new tab while the InfoCenter starts up and press my IE link.
  • Windows has a few updates ready to be installed, but they don't install.  Every time a start my laptop, this happens.  I cannot open "Windows Update" and install the updates manually.
  • My C:\Users\Andreas\ is unavailable.
  • I am unable to open my "Action Center"
  • I am unable to open Word 2010 etc. from my toolbar icon.  Opening it from 'START" works OK.

There are other things not working, It seems, for example, that my Backups on the Carbonite website are corrupted.  Ditto on my Seagate 2TB external backup drive.

 

Here are the two FRST files :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016
Ran by Andreas (administrator) on PAVILION-DV7 (29-05-2016 13:55:59)
Running from C:\Users\Andreas\Downloads
Loaded Profiles: Andreas (Available Profiles: Andreas & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Advanced Time Synchronizer\svctimesync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard ) C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
(Hilti Corporation) C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Tray.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Hilti Corporation) C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe
() C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\3.30.8\LogiOptionsMgr.exe
() C:\Program Files\Advanced Time Synchronizer\advtimesync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Temp\0E121F81-4B38-4A6E-AEFA-2E5AA25CDCF9\DismHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-12-05] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-21] ()
HKLM\...\Run: [HPToneControl] => C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-20] (Hewlett-Packard )
HKLM\...\Run: [PROFIS AutoUpdate] => C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Tray.exe [525312 2014-09-30] (Hilti Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1553528 2015-09-02] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BigPondWirelessBroadbandCM] => C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe [5251072 2010-09-09] (Telstra)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1563424 2016-04-05] (Seagate Technology LLC)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1112760 2016-04-14] (Carbonite, Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-14] (Piriform Ltd)
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\...\Run: [Advanced Time Synchronizer] => C:\Program Files\Advanced Time Synchronizer\advtimesync.exe [802816 2010-07-02] ()
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\...\MountPoints2: {2aab7d09-7ae5-11e0-a758-002713d12d4a} - H:\WIN\setup.exe
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\...\MountPoints2: {49dc70f0-c0f9-11e3-b6d6-002713d12d4a} - H:\win\setup.exe -phs
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\...\MountPoints2: {b4874579-ef73-11e3-b072-002713d12d4a} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\...\MountPoints2: {bf70ea7c-9371-11df-8a3d-806e6f6e6963} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\...\MountPoints2: {df18cfa5-3a15-11e0-9b84-002713d12d4a} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\...\MountPoints2: {f6792230-a667-11df-ade6-002713d12d4a} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\...\MountPoints2: {f6792250-a667-11df-ade6-002713d12d4a} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2016-04-22] (Apple Inc.)
Lsa: [Notification Packages] c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll N
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-04-14] (Carbonite, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-10-22]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\egui.lnk [2014-04-16]
ShortcutTarget: egui.lnk -> C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8610 (Network).lnk [2016-05-12]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8610 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPStatusBL.dll (Hewlett-Packard Development Company, LP)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3F7E2751-49D4-46D3-8511-2B084D9AD044}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{EE47BB8C-E5F1-4D35-832E-CCC1B071706E}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://blu185.mail.live.com/default.aspx?id=64855
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.telstra.com/
SearchScopes: HKLM-x32 -> {00170C86-47BF-414F-A97F-23D51B0CAA95} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3457447332-2947019377-471414506-1000 -> {75EB339D-3D3F-4059-9ED2-42B4081EA4DB} URL = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files (x86)\WinZip Courier\wzwmcie64.dll [2015-07-22] (WinZip Computing, S.L.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files (x86)\WinZip Courier\wzwmcie32.dll [2015-07-22] (WinZip Computing, S.L.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-20] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3457447332-2947019377-471414506-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-04-29] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-04-29] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2009-07-22] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Telstra Broadband Assistant\1.0.2.45\ma\bin\npMotive.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [No File]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: No Name - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2015-12-07] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2011-08-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-10-22] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

Chrome:
=======
CHR Profile: C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-30]
CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-28]
CHR Extension: (Google Search) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-17]
CHR Extension: (Google Docs Offline) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-24]
CHR Extension: (Skype) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-24]
CHR Extension: (WinZip Courier) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lomojjnmhlhdepbfoknpkenickajcphi [2016-01-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-24]
CHR Extension: (Gmail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-01-31]
CHR HKLM-x32\...\Chrome\Extension: [lomojjnmhlhdepbfoknpkenickajcphi] - C:\Program Files (x86)\WinZip Courier\wzwmcgc.crx [2015-07-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 advtimesync; C:\Program Files\Advanced Time Synchronizer\svctimesync.exe [679936 2010-07-02] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-04-29] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-04-29] (Microsoft Corporation)
S2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6541080 2015-10-28] (Carbonite, Inc.)
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 hasplms; C:\Windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 Hilti PROFIS AutoUpdate Service; C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Service.exe [213504 2014-09-30] (Hilti Corporation) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-19] () [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-06-16] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 PDF Suite 2015 Helper Service; C:\Program Files (x86)\PDF Suite 2015\HelperService.exe [1144184 2014-10-09] (Interactive Brands Inc.)
S2 PDF Suite 2015 Service; C:\Program Files (x86)\PDF Suite 2015\ConversionService.exe [853368 2014-10-09] (Interactive Brands Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-04-05] (Seagate Technology LLC)
S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-04-05] (Seagate Technology LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S4 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2013-12-05] (IDT, Inc.) [File not signed]
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [308080 2010-09-02] (Sierra Wireless, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2012-09-25] (Broadcom Corporation.)
R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2010-01-30] (DeviceVM, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [231520 2015-07-13] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-13] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-13] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-26] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32568 2015-04-27] (EldoS Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [9105112 2014-01-15] (Realtek Semiconductor Corp.)
S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [259328 2013-04-23] (Sierra Wireless Incorporated)
S3 swiwdmbus; C:\Windows\System32\DRIVERS\swiwdmbusx64.sys [102656 2010-06-21] (Sierra Wireless Inc.) [File not signed]
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [108800 2013-04-23] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [253440 2013-04-23] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [210944 2010-06-21] (Sierra Wireless Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2010-01-28] (CyberLink Corp.)
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 cpuz134; \??\C:\Users\Andreas\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-29 13:55 - 2016-05-29 14:10 - 00031540 _____ C:\Users\Andreas\Downloads\FRST.txt
2016-05-29 13:55 - 2016-05-29 13:55 - 00000000 ____D C:\Users\Andreas\Downloads\FRST-OlderVersion
2016-05-29 13:55 - 2016-05-29 13:55 - 00000000 ____D C:\FRST
2016-05-29 13:25 - 2016-05-29 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2016-05-29 12:51 - 2016-05-29 13:25 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-05-29 00:38 - 2016-05-29 00:38 - 00001226 _____ C:\Users\Andreas\Desktop\Revo Uninstaller.lnk
2016-05-29 00:38 - 2016-05-29 00:38 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-05-29 00:38 - 2016-05-29 00:38 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-05-29 00:36 - 2016-05-29 00:36 - 00001177 _____ C:\Users\Andreas\Desktop\revosetup.exe - Shortcut (2).lnk
2016-05-29 00:33 - 2016-05-29 00:33 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Andreas\Downloads\revosetup.exe
2016-05-29 00:33 - 2016-05-29 00:33 - 00001177 _____ C:\Users\Andreas\Desktop\revosetup.exe - Shortcut.lnk
2016-05-26 23:19 - 2016-05-26 23:19 - 02216402 _____ C:\Users\Andreas\Desktop\CCleaner log.txt
2016-05-26 23:12 - 2016-05-26 23:12 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-05-26 23:12 - 2016-05-26 23:12 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-26 23:12 - 2016-05-26 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-05-26 23:12 - 2016-05-26 23:12 - 00000000 ____D C:\Program Files\CCleaner
2016-05-26 23:11 - 2016-05-26 23:11 - 06893688 _____ (Piriform Ltd) C:\Users\Andreas\Downloads\ccsetup518.exe
2016-05-26 19:41 - 2016-05-26 19:41 - 00009432 _____ C:\Users\Andreas\Desktop\ESET threats.txt
2016-05-26 12:18 - 2016-05-26 12:18 - 00000000 ____D C:\Program Files (x86)\ESET
2016-05-26 12:08 - 2016-05-26 12:08 - 00127452 _____ C:\Users\Andreas\Desktop\JRT.txt
2016-05-26 12:00 - 2016-05-26 12:02 - 01610816 _____ (Malwarebytes) C:\Users\Andreas\Downloads\JRT (1).exe
2016-05-26 12:00 - 2016-05-26 12:00 - 01610816 _____ (Malwarebytes) C:\Users\Andreas\Downloads\JRT.exe
2016-05-26 11:41 - 2016-05-26 11:41 - 00002175 _____ C:\Users\Andreas\Desktop\AdwCleaner[C3].txt
2016-05-26 11:25 - 2016-05-26 11:25 - 03677760 _____ C:\Users\Andreas\Downloads\AdwCleaner.exe
2016-05-26 11:23 - 2016-05-26 11:23 - 00001095 _____ C:\Users\Andreas\Desktop\MBAM Scan Log.txt
2016-05-26 10:30 - 2016-05-26 10:30 - 22851472 _____ (Malwarebytes ) C:\Users\Andreas\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-26 02:18 - 2016-05-26 02:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple
2016-05-26 02:08 - 2016-05-26 02:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\GWX
2016-05-25 23:54 - 2016-05-25 23:54 - 00959270 _____ C:\Users\Administrator\Downloads\Scan 3.pdf
2016-05-25 21:30 - 2016-05-25 21:30 - 00231769 _____ C:\Users\Administrator\Downloads\Scan 2.pdf
2016-05-25 21:26 - 2016-05-25 21:26 - 00380069 _____ C:\Users\Administrator\Downloads\Scan 1.pdf
2016-05-25 21:20 - 2016-05-25 21:20 - 00000000 ____D C:\Users\Administrator\AppData\Local\HP
2016-05-24 17:05 - 2016-05-24 17:10 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Games
2016-05-24 16:53 - 2016-05-26 01:35 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Google
2016-05-24 15:22 - 2016-05-24 15:22 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-05-24 15:08 - 2016-05-24 15:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-05-24 14:42 - 2016-05-24 14:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Hewlett-Packard
2016-05-24 14:41 - 2016-05-24 14:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HpUpdate
2016-05-24 14:38 - 2016-05-24 14:38 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2016-05-24 14:37 - 2016-05-24 14:37 - 00000000 ____D C:\Users\Administrator\Documents\Bluetooth Exchange Folder
2016-05-24 14:37 - 2016-05-24 14:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\Broadcom
2016-05-24 14:36 - 2016-05-24 14:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Sierra Wireless
2016-05-24 14:36 - 2016-05-24 14:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Logitech
2016-05-24 14:36 - 2016-05-24 14:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Logishrd
2016-05-24 14:36 - 2016-05-24 14:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Hewlett-Packard
2016-05-24 14:36 - 2016-05-24 14:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ESET
2016-05-24 14:36 - 2016-05-24 14:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2016-05-24 14:36 - 2016-05-24 14:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\Nico Mak Computing
2016-05-24 14:36 - 2016-05-24 14:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\ESET
2016-05-24 14:35 - 2016-05-24 14:35 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HILTI
2016-05-24 14:34 - 2016-05-24 16:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-05-24 14:34 - 2016-05-24 14:34 - 00001415 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-05-24 14:34 - 2016-05-24 14:34 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-05-24 14:26 - 2016-05-24 14:33 - 00000000 ____D C:\Users\Administrator
2016-05-24 14:26 - 2016-05-24 14:26 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-05-24 14:26 - 2016-05-24 14:26 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-05-24 14:26 - 2016-05-24 14:26 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-05-24 14:26 - 2016-05-24 14:26 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-05-24 14:26 - 2016-05-24 14:26 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-05-24 14:26 - 2015-10-27 12:34 - 00002062 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-05-24 14:26 - 2011-08-17 22:25 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2016-05-24 14:26 - 2011-02-17 21:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\Western Digital
2016-05-24 14:26 - 2010-04-17 19:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2016-05-24 12:53 - 2016-05-24 12:53 - 00001148 _____ C:\Users\Andreas\Desktop\FRST64.exe - Shortcut.lnk
2016-05-24 12:50 - 2016-05-29 13:55 - 02383872 _____ (Farbar) C:\Users\Andreas\Downloads\FRST64.exe
2016-05-24 12:08 - 2016-05-24 12:08 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-05-24 11:32 - 2016-05-24 11:33 - 00001895 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-05-24 11:32 - 2016-05-24 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-05-24 11:30 - 2016-05-24 11:32 - 00000000 ____D C:\Program Files\HitmanPro
2016-05-24 11:18 - 2016-05-24 11:19 - 41284064 _____ (HP ) C:\Users\Andreas\Downloads\sp74656.exe
2016-05-24 11:18 - 2016-05-24 11:19 - 41284064 _____ (HP ) C:\Users\Andreas\Downloads\sp74656 (1).exe
2016-05-24 10:39 - 2016-05-24 10:39 - 00001031 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2016-05-24 10:39 - 2016-05-24 10:39 - 00000000 ____D C:\Program Files (x86)\Secunia
2016-05-24 10:38 - 2016-05-24 10:38 - 04002104 _____ (Secunia) C:\Users\Andreas\Downloads\PSISetup.exe
2016-05-24 00:12 - 2016-05-24 02:00 - 00002092 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2016-05-24 00:12 - 2016-05-24 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2016-05-23 16:44 - 2016-05-26 11:30 - 00000000 ____D C:\AdwCleaner
2016-05-23 14:15 - 2016-05-24 12:09 - 00000000 ____D C:\ProgramData\HitmanPro
2016-05-23 12:48 - 2016-04-07 01:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-22 22:19 - 2016-05-23 21:46 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-22 22:16 - 2009-07-13 17:39 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\print.exe
2016-05-22 22:14 - 2010-11-20 21:07 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2016-05-22 22:14 - 2009-07-13 17:39 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\hwrreg.exe
2016-05-22 22:14 - 2009-07-13 17:39 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\hwrcomp.exe
2016-05-22 22:14 - 2009-06-11 06:35 - 00145792 _____ (Intel Corporation) C:\Windows\system32\Drivers\E1G6032E.sys
2016-05-22 22:08 - 2016-05-22 22:46 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2016-05-22 18:44 - 2016-05-22 18:44 - 00012710 _____ C:\Windows\system32\Native.exe
2016-05-21 15:34 - 2016-05-21 18:35 - 00000000 ____D C:\Users\TEMP.PAVILION-DV7
2016-05-16 14:36 - 2016-05-16 14:36 - 00000000 ____D C:\Users\Andreas\Documents\Chris Grant Info
2016-05-13 18:24 - 2016-05-21 18:44 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-11 11:28 - 2016-04-24 03:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 11:28 - 2016-04-24 02:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 11:28 - 2016-04-23 15:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 11:28 - 2016-04-23 15:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 11:28 - 2016-04-23 15:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 11:28 - 2016-04-23 15:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 11:28 - 2016-04-23 15:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 11:28 - 2016-04-23 15:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 11:28 - 2016-04-23 15:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 11:28 - 2016-04-23 15:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 11:28 - 2016-04-23 15:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 11:28 - 2016-04-23 14:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 11:28 - 2016-04-23 14:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 11:28 - 2016-04-23 14:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 11:28 - 2016-04-23 14:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 11:28 - 2016-04-23 14:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 11:28 - 2016-04-23 14:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 11:28 - 2016-04-23 14:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 11:28 - 2016-04-23 14:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 11:28 - 2016-04-23 14:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 11:28 - 2016-04-23 14:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 11:28 - 2016-04-23 14:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 11:28 - 2016-04-23 14:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 11:28 - 2016-04-23 14:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 11:28 - 2016-04-23 14:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 11:28 - 2016-04-23 14:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 11:28 - 2016-04-23 14:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 11:28 - 2016-04-23 14:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 11:28 - 2016-04-23 14:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 11:28 - 2016-04-23 14:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 11:28 - 2016-04-23 14:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 11:28 - 2016-04-23 14:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 11:28 - 2016-04-23 14:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 11:28 - 2016-04-23 14:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 11:28 - 2016-04-23 14:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 11:28 - 2016-04-23 14:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 11:28 - 2016-04-23 14:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 11:28 - 2016-04-23 14:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 11:28 - 2016-04-23 14:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 11:28 - 2016-04-23 14:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 11:28 - 2016-04-23 14:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 11:28 - 2016-04-23 14:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 11:28 - 2016-04-23 14:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 11:28 - 2016-04-23 13:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 11:28 - 2016-04-23 13:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 11:28 - 2016-04-23 13:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 11:28 - 2016-04-23 13:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 11:28 - 2016-04-23 13:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 11:28 - 2016-04-23 13:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 11:28 - 2016-04-23 13:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 11:28 - 2016-04-23 13:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 11:28 - 2016-04-23 13:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 11:28 - 2016-04-23 13:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 11:28 - 2016-04-23 13:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 11:28 - 2016-04-23 13:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 11:28 - 2016-04-23 13:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 11:28 - 2016-04-23 13:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 11:28 - 2016-04-23 13:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 11:28 - 2016-04-23 13:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 11:28 - 2016-04-23 13:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 11:28 - 2016-04-23 13:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 11:28 - 2016-04-23 13:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 11:28 - 2016-04-23 13:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 11:28 - 2016-04-23 13:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 11:28 - 2016-04-23 13:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 11:28 - 2016-04-23 13:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 11:28 - 2016-04-14 23:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 11:28 - 2016-04-14 23:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 11:28 - 2016-04-09 17:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 11:28 - 2016-04-09 17:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 11:28 - 2016-04-09 16:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 11:28 - 2016-04-09 16:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 11:28 - 2016-04-09 16:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 11:28 - 2016-04-09 16:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 11:28 - 2016-04-09 16:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 11:28 - 2016-04-09 15:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 11:27 - 2016-04-09 17:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 11:27 - 2016-04-09 17:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 11:27 - 2016-04-09 17:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 11:27 - 2016-04-09 17:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 11:27 - 2016-04-09 17:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 11:27 - 2016-04-09 16:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 11:27 - 2016-04-09 16:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 11:27 - 2016-04-09 16:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 11:27 - 2016-04-09 16:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 11:27 - 2016-04-09 16:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 11:27 - 2016-04-09 16:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 11:27 - 2016-04-09 16:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 11:27 - 2016-04-09 16:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 11:27 - 2016-04-09 16:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 11:27 - 2016-04-09 16:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 11:27 - 2016-04-09 16:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 11:27 - 2016-04-09 16:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 11:27 - 2016-04-09 16:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 11:27 - 2016-04-09 16:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 11:27 - 2016-04-09 16:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 11:27 - 2016-04-09 16:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 11:27 - 2016-04-09 16:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 11:27 - 2016-04-09 16:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 16:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 15:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 11:27 - 2016-04-09 15:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 11:27 - 2016-04-09 15:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 11:27 - 2016-04-09 15:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 11:27 - 2016-04-09 15:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 11:27 - 2016-04-09 15:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 11:27 - 2016-04-09 15:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 11:27 - 2016-04-09 15:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 11:27 - 2016-04-09 15:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 11:27 - 2016-04-09 15:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 11:27 - 2016-04-09 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 11:27 - 2016-04-09 15:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 11:27 - 2016-04-09 15:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 11:27 - 2016-04-09 15:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 11:27 - 2016-04-09 15:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 11:27 - 2016-04-09 15:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 11:27 - 2016-04-09 15:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 11:27 - 2016-04-09 15:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 15:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 15:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 11:27 - 2016-04-09 15:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 11:26 - 2016-04-09 14:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 11:26 - 2016-04-09 13:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-06 11:04 - 2016-03-10 04:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-06 11:04 - 2016-03-10 04:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-06 11:04 - 2011-11-17 08:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-05-06 11:04 - 2011-11-17 07:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-05-06 11:04 - 2010-11-20 19:24 - 00351232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-05-06 11:04 - 2010-11-20 19:23 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-05-01 08:53 - 2016-05-01 08:53 - 00003754 _____ C:\Windows\System32\Tasks\Andreas1 Merge
2016-05-01 08:53 - 2016-05-01 08:53 - 00003738 _____ C:\Windows\System32\Tasks\Andreas1

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-29 13:53 - 2012-03-30 18:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-29 13:08 - 2009-07-14 14:45 - 00026192 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-29 13:08 - 2009-07-14 14:45 - 00026192 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-29 11:49 - 2015-07-19 08:15 - 00000926 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3457447332-2947019377-471414506-1000UA1d0c1a74f12249c.job
2016-05-29 11:49 - 2015-07-19 08:15 - 00000874 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3457447332-2947019377-471414506-1000Core1d0c1a74ef7f579.job
2016-05-29 11:49 - 2010-03-04 13:53 - 00000000 ____D C:\ProgramData\Temp
2016-05-29 11:49 - 2009-07-14 15:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-29 01:58 - 2011-08-15 23:14 - 00000000 ____D C:\temp
2016-05-29 01:35 - 2014-12-28 17:21 - 00000000 ____D C:\ProgramData\WinZip Update Manager
2016-05-28 17:36 - 2015-07-19 08:15 - 00003912 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3457447332-2947019377-471414506-1000UA1d0c1a74f12249c
2016-05-28 17:36 - 2015-07-19 08:15 - 00003516 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3457447332-2947019377-471414506-1000Core1d0c1a74ef7f579
2016-05-28 17:35 - 2015-06-07 10:57 - 00000000 ____D C:\Windows\pss
2016-05-28 17:07 - 2015-12-04 23:38 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12e99b514014.job
2016-05-28 17:07 - 2015-12-04 23:38 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e99b3be304.job
2016-05-28 17:07 - 2015-10-19 10:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d10a0734baf054.job
2016-05-28 17:07 - 2015-10-19 10:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d10a07342036e2.job
2016-05-28 17:07 - 2015-08-31 22:25 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0e3e8319818cf
2016-05-28 17:07 - 2015-08-31 22:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e3e8319818cf.job
2016-05-28 17:07 - 2015-08-31 22:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e3e8310882f1.job
2016-05-28 17:07 - 2015-07-16 13:34 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf784ee7ed34.job
2016-05-28 17:07 - 2015-05-15 23:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08f137ff39476.job
2016-05-28 17:07 - 2015-05-15 23:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f137fc3f8f0.job
2016-05-28 17:07 - 2015-02-14 22:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04851567442e8.job
2016-05-28 17:07 - 2015-02-14 22:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0485155c03518.job
2016-05-28 17:07 - 2014-10-23 07:19 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfee3de79bee15.job
2016-05-28 17:07 - 2014-05-08 19:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6aa43132f7d5.job
2016-05-28 17:07 - 2014-05-08 19:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6aa430804708.job
2016-05-28 17:06 - 2010-07-20 00:21 - 00000000 ____D C:\Program Files\Google
2016-05-28 17:06 - 2010-07-20 00:21 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-28 16:43 - 2014-09-27 15:41 - 00000000 ____D C:\Program Files (x86)\WinZip System Utilities Suite
2016-05-28 16:43 - 2014-03-18 10:55 - 00000000 ____D C:\ProgramData\WinZip
2016-05-28 16:43 - 2012-04-14 12:22 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\WinZip
2016-05-28 16:32 - 2010-07-20 00:21 - 00000000 ____D C:\Users\Andreas\AppData\Local\Google
2016-05-28 16:30 - 2012-05-29 17:51 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\WildTangent
2016-05-28 16:30 - 2010-04-17 20:40 - 00000000 ____D C:\ProgramData\WildTangent
2016-05-28 16:30 - 2009-07-14 15:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-28 16:18 - 2009-07-14 13:20 - 00000000 __RSD C:\Windows\Media
2016-05-28 16:16 - 2010-04-17 20:40 - 00000000 ____D C:\Program Files (x86)\HP Games
2016-05-28 16:14 - 2010-07-21 15:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-28 16:13 - 2010-07-20 00:21 - 00000000 ____D C:\ProgramData\Google
2016-05-28 14:04 - 2014-04-17 00:43 - 00003280 _____ C:\Windows\System32\Tasks\{D015EE6C-AB37-401C-9D73-40089DC33164}
2016-05-28 14:04 - 2014-01-18 14:33 - 00002998 _____ C:\Windows\System32\Tasks\{EB3F97D8-9FB9-469D-AD83-E7F9C1923D10}
2016-05-28 14:03 - 2014-01-18 23:06 - 00002998 _____ C:\Windows\System32\Tasks\{C7325F75-DFE2-487E-A79B-8FA22ADDC295}
2016-05-28 14:03 - 2014-01-18 14:34 - 00002998 _____ C:\Windows\System32\Tasks\{BC856BE3-89AC-464D-B042-CAFC61251A3D}
2016-05-28 14:02 - 2010-08-04 22:08 - 00003286 _____ C:\Windows\System32\Tasks\{B80A0C41-4684-4B6B-8300-84280D8D7B6A}
2016-05-28 14:00 - 2014-01-18 14:33 - 00002998 _____ C:\Windows\System32\Tasks\{9631BFDF-DBA3-4478-A9AE-9B40BB10A4E8}
2016-05-28 14:00 - 2010-08-21 23:44 - 00003318 _____ C:\Windows\System32\Tasks\{9B81CA92-B3F6-432F-96AB-6CB6CB054AA0}
2016-05-28 13:59 - 2014-01-18 14:47 - 00002998 _____ C:\Windows\System32\Tasks\{6B4BD30B-4FE3-469C-854A-833E792349D2}
2016-05-28 13:59 - 2013-02-05 14:40 - 00003046 _____ C:\Windows\System32\Tasks\{8B138222-1F62-4EEB-81ED-39577FE0E5F1}
2016-05-28 13:59 - 2010-12-20 22:47 - 00002960 _____ C:\Windows\System32\Tasks\{81DB00D3-C94A-4C40-8AC8-ADB326154E66}
2016-05-28 13:58 - 2014-01-18 14:47 - 00002998 _____ C:\Windows\System32\Tasks\{5AD17F73-F9DE-4893-A1DD-97EBD3ED9F94}
2016-05-28 13:58 - 2011-10-16 21:59 - 00003318 _____ C:\Windows\System32\Tasks\{58262087-6E19-46A9-874E-5D320C156DC8}
2016-05-28 13:57 - 2015-05-16 14:31 - 00003720 _____ C:\Windows\System32\Tasks\Registration
2016-05-28 13:55 - 2015-12-04 23:38 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d12e99b514014
2016-05-28 13:55 - 2015-10-19 10:43 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d10a0734baf054
2016-05-28 13:55 - 2015-03-30 12:25 - 00003630 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Officejet Pro 8610
2016-05-28 13:55 - 2013-11-17 20:00 - 00003638 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Photosmart 6520 series
2016-05-28 13:55 - 2012-02-13 20:02 - 00003640 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series
2016-05-28 13:54 - 2015-07-16 13:34 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d0bf784ee7ed34
2016-05-28 13:54 - 2015-05-15 23:31 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d08f137ff39476
2016-05-28 13:54 - 2015-02-14 22:25 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d04851567442e8
2016-05-28 13:54 - 2014-10-23 07:19 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfee3de79bee15
2016-05-28 13:54 - 2014-05-08 19:59 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf6aa43132f7d5
2016-05-28 13:53 - 2015-12-04 23:38 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d12e99b3be304
2016-05-28 13:53 - 2015-10-19 10:43 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d10a07342036e2
2016-05-28 13:53 - 2015-08-31 22:25 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0e3e8310882f1
2016-05-28 13:52 - 2015-05-15 23:31 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d08f137fc3f8f0
2016-05-28 13:52 - 2015-02-14 22:25 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0485155c03518
2016-05-28 13:52 - 2014-05-08 19:59 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf6aa430804708
2016-05-28 13:50 - 2013-11-29 15:18 - 00003434 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2016-05-27 23:36 - 2010-07-21 18:03 - 00000000 ____D C:\Users\Andreas\AppData\Local\CrashDumps
2016-05-27 17:48 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\inf
2016-05-27 00:14 - 2015-04-04 19:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-27 00:14 - 2015-04-04 19:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-26 23:16 - 2010-07-21 15:44 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Skype
2016-05-26 19:50 - 2014-03-26 08:05 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-26 12:18 - 2009-07-14 15:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-05-26 10:32 - 2014-03-26 08:05 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-26 10:32 - 2014-03-26 08:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-26 10:32 - 2014-03-26 08:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-24 17:55 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\rescache
2016-05-24 14:38 - 2012-11-15 21:32 - 00116576 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2016-05-24 14:36 - 2013-01-04 15:07 - 00116576 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2016-05-24 14:34 - 2009-07-14 14:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-24 13:58 - 2015-10-27 12:19 - 00003516 _____ C:\Windows\System32\Tasks\Andreas DBAgent 2 0
2016-05-24 11:11 - 2014-08-28 17:33 - 00000000 ____D C:\Users\Andreas\AppData\Local\Adobe
2016-05-24 00:12 - 2015-07-31 12:18 - 00004132 _____ C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2016-05-23 22:01 - 2009-07-14 15:13 - 00006450 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-23 21:57 - 2010-07-19 20:01 - 00116576 _____ C:\Users\Andreas\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-23 21:51 - 2009-07-14 14:45 - 00427032 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-23 21:47 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-05-23 21:47 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\Dism
2016-05-23 21:47 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-05-23 17:15 - 2013-11-16 22:05 - 00000000 ____D C:\Windows\system32\MRT
2016-05-23 17:15 - 2010-07-28 14:06 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-23 10:40 - 2010-07-22 10:43 - 00000000 ____D C:\Users\Andreas\AppData\Local\ElevatedDiagnostics
2016-05-23 00:45 - 2011-11-02 23:03 - 00000000 ____D C:\Program Files\WinZip
2016-05-22 22:19 - 2009-07-14 15:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-05-22 22:19 - 2009-07-14 15:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2016-05-22 22:19 - 2009-07-14 13:20 - 00000000 ____D C:\Users\Public\Libraries
2016-05-22 22:12 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-05-22 22:10 - 2010-03-04 13:40 - 00000000 ____D C:\Windows\SHELLNEW
2016-05-22 22:07 - 2010-04-17 19:48 - 00001614 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-05-22 22:07 - 2010-04-17 19:48 - 00001435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-05-21 18:48 - 2010-07-19 19:55 - 00000000 ____D C:\Users\Andreas
2016-05-21 18:44 - 2016-03-30 17:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-05-21 18:44 - 2016-02-29 11:42 - 00000000 ____D C:\Windows\System32\Tasks\Auslogics
2016-05-21 18:44 - 2014-12-18 10:20 - 00000000 ___RD C:\Users\Andreas\iCloudDrive
2016-05-21 18:44 - 2013-02-22 18:49 - 00000000 ____D C:\Program Files\iTunes
2016-05-21 18:44 - 2012-12-28 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-05-21 18:44 - 2012-12-19 09:11 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-05-21 18:44 - 2012-12-19 09:10 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-21 18:44 - 2011-11-24 22:33 - 00000000 ____D C:\ProgramData\Apple Computer
2016-05-21 18:44 - 2010-07-21 17:40 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Advanced Time Synchronizer
2016-05-21 18:43 - 2010-04-17 19:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-05-21 18:42 - 2016-03-04 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-05-21 18:42 - 2009-07-14 13:20 - 00000000 ____D C:\Windows\registration
2016-05-21 18:41 - 2016-03-04 23:35 - 00000000 ____D C:\Program Files (x86)\Auslogics
2016-05-21 18:41 - 2014-03-26 08:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-21 18:41 - 2012-12-19 09:12 - 00000000 ____D C:\Program Files\iPod
2016-05-21 18:41 - 2010-07-29 00:38 - 00000000 ____D C:\ProgramData\HILTI
2016-05-21 18:41 - 2010-03-04 13:39 - 00000000 __RHD C:\MSOCache
2016-05-20 13:37 - 2010-07-19 20:09 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\HpUpdate
2016-05-16 13:26 - 2015-10-22 12:41 - 00000000 ____D C:\ProgramData\UAB
2016-05-14 17:22 - 2015-10-27 12:34 - 00002170 _____ C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-05-14 17:22 - 2015-10-27 12:34 - 00000000 ___RD C:\Users\Andreas\OneDrive
2016-05-14 14:37 - 2013-02-05 21:16 - 00000000 ____D C:\Users\Andreas\Dropbox
2016-05-13 18:24 - 2011-10-15 17:50 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Dropbox
2016-05-13 17:22 - 2012-03-30 18:31 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 17:22 - 2012-03-30 18:31 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-13 17:22 - 2011-07-09 17:25 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-13 10:52 - 2014-10-27 08:55 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 10:52 - 2014-10-27 08:55 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 18:33 - 2014-12-25 07:57 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-12 18:32 - 2015-11-04 09:32 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-12 15:42 - 2014-12-10 21:16 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 10:54 - 2013-11-29 15:19 - 00000000 ____D C:\Users\Andreas\AppData\Local\8FC4C536-9DAA-4B90-BDA9-838F9043C06A.aplzod
2016-05-06 22:52 - 2015-03-30 12:53 - 00001966 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2016-04-30 21:12 - 2015-10-27 12:18 - 00003528 _____ C:\Windows\System32\Tasks\Seagate_Install_Launch
2016-04-30 21:10 - 2015-10-27 12:17 - 00002067 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
2016-04-30 21:10 - 2015-10-27 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard

==================== Files in the root of some directories =======

2011-01-03 15:48 - 2011-06-19 19:27 - 0001854 _____ () C:\Users\Andreas\AppData\Roaming\GhostObjGAFix.xml
2016-05-24 12:24 - 2016-05-24 12:28 - 0000115 _____ () C:\Users\Andreas\AppData\Roaming\LogFile.txt
2012-01-31 17:36 - 2014-03-06 10:27 - 0003584 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-22 02:54 - 2016-01-22 02:54 - 0004096 ____H () C:\Users\Andreas\AppData\Local\keyfile3.drm
2010-08-01 22:22 - 2015-08-01 17:11 - 0007613 _____ () C:\Users\Andreas\AppData\Local\Resmon.ResmonCfg
2012-02-13 19:59 - 2012-02-13 19:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-07-20 00:07 - 2013-11-17 10:05 - 0041193 _____ () C:\ProgramData\hpzinstall.log
2010-04-17 20:32 - 2010-04-17 20:32 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-03-04 15:04 - 2010-03-04 15:04 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-04-17 20:31 - 2010-04-17 20:31 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-03-04 15:00 - 2010-03-04 15:01 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-04-17 20:31 - 2010-04-17 20:31 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-04-17 20:32 - 2010-04-17 20:32 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-03-04 14:59 - 2010-03-04 15:00 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-03-04 15:01 - 2010-03-04 15:04 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-04-17 20:32 - 2010-04-17 20:32 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Files to move or delete:
====================
C:\Users\Andreas\PhotoshopElements_8_MUL.exe

Some files in TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\certutil.exe
C:\Users\Andreas\AppData\Local\Temp\msvcr71.dll
C:\Users\Andreas\AppData\Local\Temp\nspr4.dll
C:\Users\Andreas\AppData\Local\Temp\nss3.dll
C:\Users\Andreas\AppData\Local\Temp\plc4.dll
C:\Users\Andreas\AppData\Local\Temp\plds4.dll
C:\Users\Andreas\AppData\Local\Temp\smime3.dll
C:\Users\Andreas\AppData\Local\Temp\softokn3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-21 13:45

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-05-2016
Ran by Andreas (2016-05-29 14:14:29)
Running from C:\Users\Andreas\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-07-19 09:55:23)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3457447332-2947019377-471414506-500 - Administrator - Enabled) => C:\Users\Administrator
Andreas (S-1-5-21-3457447332-2947019377-471414506-1000 - Administrator - Enabled) => C:\Users\Andreas
Guest (S-1-5-21-3457447332-2947019377-471414506-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3457447332-2947019377-471414506-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}) (Version: 11.5.1.601 - Adobe Systems, Inc.)
Advanced Time Synchronizer (Remove or Repair) (HKLM\...\Advanced Time Synchronizer) (Version: 3.0.0.704 - Southsoftware.com)
Akamai NetSession Interface (HKU\S-1-5-21-3457447332-2947019377-471414506-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
AVS Image Converter 4.0.1.280 (HKLM-x32\...\AVS Image Converter_is1) (Version: 4.0.1.280 - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3700 - Broadcom Corporation)
Carbonite (HKLM-x32\...\{D7D8E032-6C0D-4D12-9F60-5D6F4D4FF20A}) (Version: 5.8.8 build 6212 (Apr-14-2016) - Carbonite)
Carbonite Mirror Image (64-bit) (Version: 5.1.14703.2115 - x64) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Corel AfterShot 2 (Version: 2.00.0000 - Corel Corporation) Hidden
Corel AfterShot 2(64-bit) (HKLM-x32\...\InstallShield_{BAA5BA4A-6F64-4592-BF53-298FB063A73D}) (Version: 2.1.2.10 - Corel Corporation)
Corel AfterShot HDR (HKLM\...\{E871EA56-F403-4B5C-A90C-9A133F31E3AE}) (Version: 1.00.0000 - Corel Corporation)
Corel KPT Collection (HKLM-x32\...\_{5ACF958F-3106-4F13-B947-FC6DF23E1A53}) (Version: 1.0.0.103 - Corel Corporation)
Corel KPT Collection (x32 Version: 1.0.0.103 - Corel Corporation) Hidden
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation)
Corel PaintShop Pro X6 (x32 Version: 16.2.0.20 - Corel Corporation) Hidden
Creative Content (x32 Version: 1.0.0.103 - Corel Corporation) Hidden
Crystal Reports for .NET Framework 2.0 (x86) (HKLM-x32\...\{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}) (Version: 10.2.0 - Business Objects)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3457447332-2947019377-471414506-1000\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.0.3715 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Smart Security (HKLM\...\{92172C3C-7BCF-4DA3-8263-6617B13E897F}) (Version: 8.0.319.0 - ESET, spol s r. o.)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.7 - Gadwin Systems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hilti PROFIS Anchor (HKLM-x32\...\{8B0D3D62-2E33-4056-87B8-804B02E0DFFD}) (Version: 2.6.4 - Hilti Corp.)
Hilti PROFIS AutoUpdate (HKLM-x32\...\{E3FFC1C5-1157-48EC-A197-29F00BFF01DE}) (Version: 2.0.4 - Hilti corp.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.)
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.12850.3526 - Hewlett-Packard)
HP Deskjet 3070 B611 series Help (HKLM-x32\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3070 B611 series Product Improvement Study (HKLM\...\{CA522FAB-F516-44BD-B035-1387E25BF5E2}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.3727 - Hewlett-Packard)
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.2.2513 - Hewlett-Packard)
HP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.0.3722 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.0.3722 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.0.3722 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.2511 - Hewlett-Packard)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 6520 series Product Improvement Study (HKLM\...\{F144E07C-4019-4092-BE25-B57819C97D2F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Quick Launch (HKLM\...\{10F539B1-31AF-43BF-9F0C-0EB66E918922}) (Version: 1.0.18 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{E2831862-F131-4327-B9CC-FA30F587EB6C}) (Version: 1.2.3988.3281 - Hewlett-Packard)
HP SimplePass Identity Protection (HKLM\...\{5BF97E02-2F6A-412A-BB4D-B6E2DC65FCA7}) (Version: 5.20.205 - DigitalPersona, Inc.)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP Tone Control (HKLM\...\{9207D4A1-586E-49CA-A002-FC9F475AB1A3}) (Version: 2.0.2 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP User Guides 0177 (HKLM-x32\...\{8DA0CD14-79DF-49BF-B133-409C004F27E1}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{0279C882-B150-44B6-A769-A7C8A2F31CE3}) (Version: 4.0.3.2 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICA (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6498.0 - IDT)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
IPM_PSP_COM (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 16.1.0.48 - Corel Corporation) Hidden
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Japanese Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2515 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{07E49BC1-24FF-4D7A-AC74-727BE95801AF}) (Version: 1.18.16.1 - LightScribe)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Logitech SetPoint 6.65 (HKLM\...\SP6) (Version: 6.65.62 - Logitech)
LoiLoScope Download (HKLM-x32\...\{C2A254F4-AC74-482F-8F09-DB2843AC2AAE}_is1) (Version: 2.0 - LoiLo inc)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access 2010 (HKLM-x32\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3457447332-2947019377-471414506-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.0.3715 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.0.3715 - Hewlett-Packard) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multiframe64 14.01 (HKLM-x32\...\Multiframe64 14.01) (Version: 14.01 - FormSys)
PDF Suite 2015 (HKLM-x32\...\{6C296082-AD1D-49E3-BDFD-C53219121297}) (Version: 12.0.3.19718 - Interactive Brands Malta Limited)
PHOTOfunSTUDIO 9.6 PE (HKLM-x32\...\{7113ACE0-A2FA-463B-969A-E3FD7BF42573}) (Version: 9.06.724.1033 - Panasonic Corporation)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PipeClass v1.2.3 (HKLM-x32\...\{2AC45163-43EC-4590-BCAD-3C0BE427177E}) (Version: 1.2.3.0 - Concrete Pipe Association of Australasia)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3715 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.3715 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2514 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2514 - CyberLink Corp.) Hidden
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
PSPPContent (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
PSPPro64 (Version: 16.2.0.20 - Corel Corporation) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.11.1127.2009 - Realtek)
Realtek PC Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10259 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Reckon Accounts 2016 (HKLM-x32\...\{18519592-4CDF-4894-B264-4ED16F08259C}) (Version: 24.1.1.41 - Reckon Software ©Intuit Inc, 2014)
Recovery Manager (x32 Version: 5.5.2512 - CyberLink Corp.) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.4.1102.0 - Seagate)
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (x32 Version: 16.1.0.48 - Corel Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Skyvox (HKLM-x32\...\{5BED1C4E-D0D2-406D-9441-267F1717DB80}) (Version: 3.0.0 - Skyvox)
Smilebox (HKU\S-1-5-21-3457447332-2947019377-471414506-1000\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
SoftStylus (HKLM-x32\...\{385C3762-F200-4B0E-A320-46D4BB73C244}) (Version: 2.2.126.2 - Motorola)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Telstra Mobile Broadband Manager (HKLM-x32\...\Telstra Mobile Broadband Manager) (Version: 3.1.909 - Telstra)
Telstra Mobile Broadband Manager (x32 Version: 3.1.909 - Telstra) Hidden
Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.1.1 - Topaz Labs, LLC)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.5.1 - Tweaking.com)
Validity WBF DDK (HKLM\...\{DA83578A-7DB2-4CF6-9453-CF24C7917AB8}) (Version: 4.3.301.0 - Validity Sensors, Inc.)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Cmotech (cmusbnet) Net  (06/11/2007 2.0.0.9) (HKLM\...\51208688C66699298C32E38B6BFF92816EE798CA) (Version: 06/11/2007 2.0.0.9 - Cmotech)
Windows Driver Package - Cmotech Modem  (06/08/2007 2.0.3.9) (HKLM\...\7404D4336C2B621F88A2B25CE6577572A8BBD25A) (Version: 06/08/2007 2.0.3.9 - Cmotech)
Windows Driver Package - Cmotech Ports  (06/08/2007 2.0.3.9) (HKLM\...\2021A90B4F2D70AB98CFBF428E09767703FD455E) (Version: 06/08/2007 2.0.3.9 - Cmotech)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
WinZip Courier (HKLM-x32\...\{D011655B-0753-4C2A-B870-946C5B02F54E}) (Version: 6.5.11568 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3457447332-2947019377-471414506-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3457447332-2947019377-471414506-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Andreas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-3457447332-2947019377-471414506-1000_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files (x86)\WinZip Courier\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3457447332-2947019377-471414506-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Andreas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3457447332-2947019377-471414506-1000_Classes\CLSID\{943F19B2-32F9-4373-8D4C-DBE62B95F2CF}\InprocServer32 -> C:\Program Files (x86)\WinZip Courier\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3457447332-2947019377-471414506-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-3457447332-2947019377-471414506-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3457447332-2947019377-471414506-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3457447332-2947019377-471414506-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3457447332-2947019377-471414506-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3457447332-2947019377-471414506-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3457447332-2947019377-471414506-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3457447332-2947019377-471414506-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3457447332-2947019377-471414506-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3457447332-2947019377-471414506-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3457447332-2947019377-471414506-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Andreas\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A124D50-9FE4-4CB6-B787-EC1F9A45B1CD} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Andreas logon => C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe [2016-02-26] (Auslogics)
Task: {0F38B2E2-8A04-4374-B55D-727215753D81} - System32\Tasks\{EB3F97D8-9FB9-469D-AD83-E7F9C1923D10} => Chrome.exe
Task: {14EF0119-7DC5-4CF9-9F4C-DE49D47CF435} - System32\Tasks\{9631BFDF-DBA3-4478-A9AE-9B40BB10A4E8} => Chrome.exe
Task: {16435A99-BC2A-47EE-B50A-1E36E3F37495} - System32\Tasks\{58262087-6E19-46A9-874E-5D320C156DC8} => pcalua.exe -a "C:\Users\Andreas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LY2VUWJ8\jre-6u27-windows-i586-iftw.exe" -d C:\Users\Andreas\Desktop
Task: {180F5406-1550-4A63-BD72-43864459A8B0} - System32\Tasks\{26B20613-D6D4-4381-BC36-7BEF223D812F} => I:\TDK Lock USB 3.0.exe
Task: {1A1FB5CA-861D-4133-B792-115F9B834121} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {1D8B7B0B-1686-4246-9B64-2A31EB20305A} - System32\Tasks\{EEFA5B0D-EB40-4101-AFB2-2D6A09680756} => I:\TDK Lock USB 3.0.exe
Task: {2606F04F-C77A-49AA-8695-210932F5BAC4} - System32\Tasks\GoogleUpdateTaskMachineUA1d10a0734baf054 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {2B444F31-84EB-4A41-8503-AE508533FA29} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2016-04-05] (Seagate Technology LLC)
Task: {36EA2411-970D-4E3A-A4C6-13BEA16A946E} - System32\Tasks\{D015EE6C-AB37-401C-9D73-40089DC33164} => pcalua.exe -a "C:\Users\Andreas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HAEYADO9\sp52354.exe" -d C:\Users\Andreas\Desktop
Task: {37A46C2B-B375-48D0-BE1D-FA66745C473C} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bf784ee7ed34 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {3B31A7A7-B12C-4577-8747-4B5CBEF3D774} - System32\Tasks\{56D62DFA-4227-4252-9EF6-85D7E3393195} => C:\Program Files (x86)\Hp\Diagnostics\PSDR\HPPSDr.exe [2016-04-09] ()
Task: {431BCED8-F0AF-4201-8D7B-52C61A7A5554} - System32\Tasks\{0FAE7640-BD69-4F86-B0EE-619A5426F2DB} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.20.0.104&amp;LastError=12007
Task: {48BD9D19-69D4-4DE3-9A5F-62AAF399887F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {48E79FB9-A68F-4606-B95B-19E390CB9713} - System32\Tasks\{34474973-1932-4E5A-BFAA-8B5146F8B441} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.271/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {4A1C034B-3CDD-44B5-99CD-DDBFB01C71E9} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-04-22] (Apple Inc.)
Task: {511BC2AC-5D97-44C8-BD69-A54AA3CA7DE3} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e3e8319818cf => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {51BE85C1-7E2F-4189-8112-15739AA595E5} - System32\Tasks\GoogleUpdateTaskMachineUA1d04851567442e8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {5327E9F4-1410-481D-B561-D877ABDE66F1} - System32\Tasks\{DAE76E6C-FB00-44B3-893F-3198CCD2209C} => I:\TDK Lock USB 3.0.exe
Task: {55FFBB35-A261-465C-A7CD-D909CBD4D7F4} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {5C98038E-0F6C-4167-9314-854F56091B5F} - System32\Tasks\GoogleUpdateTaskMachineCore1d12e99b3be304 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {5DBA2B54-26FA-46AC-A601-BCAEBCED3FB4} - System32\Tasks\GoogleUpdateTaskMachineUA1d08f137ff39476 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {5F16A902-CB31-4AEA-B970-2271E5A11559} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-01-27] ()
Task: {6012124B-B42E-414A-AAEC-D6133E5AC322} - System32\Tasks\{5DEE21A3-1899-4EE7-B40B-FA21D9EC77EE} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.10.0.104&amp;LastError=12002
Task: {613A21A2-81D5-4406-8E4F-D6AD8688FE21} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-14] (Piriform Ltd)
Task: {643E7336-930F-4881-A600-0558D0CC5494} - System32\Tasks\GoogleUpdateTaskMachineUA1d12e99b514014 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {68791D4A-E927-4924-A8BC-829CEA46C75B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3457447332-2947019377-471414506-1000Core1d0c1a74ef7f579 => C:\Users\Andreas\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {73C19301-FAAE-45BD-8171-E2B8473A4586} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\Kernel\CLML\CLMLSvc.exe
Task: {7946796F-8A83-4000-A39D-130E76AA0841} - System32\Tasks\{DBDE6F84-7884-4422-A1A8-AC6A28655B5F} => C:\Program Files (x86)\Hp\Diagnostics\PSDR\HPPSDr.exe [2016-04-09] ()
Task: {79E59FEC-8CA9-4FBF-863E-918AC1F2CDA8} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7C310E56-874D-499D-9568-9AEE539A2C1C} - System32\Tasks\hpUrlLauncher.exe_{D784815C-9D89-45AD-81AE-1CA3018F5784} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\utils\hpUrlLauncher.exe
Task: {7E5B7A1F-D3AA-4707-A3D4-FFE3C1C9385D} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {7F78268F-5999-4751-B4DE-193BCA2B30F2} - System32\Tasks\{5AD17F73-F9DE-4893-A1DD-97EBD3ED9F94} => Chrome.exe
Task: {802552F9-4F7B-4B8D-A9AF-6B90127490D4} - System32\Tasks\{BC856BE3-89AC-464D-B042-CAFC61251A3D} => Chrome.exe
Task: {8114F50B-89CD-4AF9-9EAD-EF3B3A820F16} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => Rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule"
Task: {889C781C-6FD3-4C2C-BF3D-93338065DD34} - System32\Tasks\{CD9AC924-BD0C-4C2E-8EC5-74588AB7DC9F} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2016-03-10] (Malwarebytes)
Task: {8E196D15-4CF3-4058-998A-5EFDBE4B3EE4} - System32\Tasks\{81DB00D3-C94A-4C40-8AC8-ADB326154E66} => C:\Program Files (x86)\Skyvox\Skyvox.exe [2009-12-02] (Skyvox)
Task: {950959CB-4A5E-4D51-AD32-74C2CFE4C0E5} - System32\Tasks\{1181D41E-74DF-4980-8071-DB0B6A98FB77} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2016-03-10] (Malwarebytes)
Task: {983A32F6-1B36-42ED-88A1-EF63DA8F26BD} - System32\Tasks\GoogleUpdateTaskMachineUA1cf6aa43132f7d5 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {98C86AAE-F6CC-4666-80ED-A4BA14726D02} - System32\Tasks\{B80A0C41-4684-4B6B-8300-84280D8D7B6A} => pcalua.exe -a "C:\Users\Andreas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWUIJ35M\sp47394[1].exe" -d C:\Users\Andreas\Desktop
Task: {99EB6F68-4A9C-4DF9-B29B-E97CA5595D43} - System32\Tasks\{6B4BD30B-4FE3-469C-854A-833E792349D2} => Chrome.exe
Task: {9FCEDB2A-E970-4FE7-8D29-CDADBDAD9159} - System32\Tasks\GoogleUpdateTaskMachineUA1cfee3de79bee15 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {A8376A94-CAA4-46B8-B99E-F54CB90E356C} - System32\Tasks\GoogleUpdateTaskMachineCore1d0485155c03518 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {A9620948-104B-4007-B4A0-8C43C1453018} - System32\Tasks\{8B138222-1F62-4EEB-81ED-39577FE0E5F1} => pcalua.exe -a G:\Setup.exe -d G:\
Task: {B1409C31-A87F-48B4-A22A-2F149E7FEF7E} - System32\Tasks\{8B250859-F72D-4E7C-88BC-03F04D028840} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [2016-03-10] (Malwarebytes)
Task: {B25053DE-24F2-4345-9795-6EE76F0EF3C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {B4467B10-7F65-4512-8BB6-DE4228AD1C86} - System32\Tasks\{4E059AC3-8AC8-484F-B087-79A2F027BE98} => C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [2016-04-20] (Microsoft Corporation)
Task: {B7FFD8D7-7606-4EA8-9489-18C52C97D09C} - System32\Tasks\GoogleUpdateTaskMachineCore1cf6aa430804708 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {BF203F45-6607-4DF9-8F25-448345D0CF27} - System32\Tasks\Carbonite Upgrade Check => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {BF2365F6-07FB-4A6E-A645-BC18F1BCEA17} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {C0BD0AB6-9EF5-4503-BE6E-0163F59DDCBD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3457447332-2947019377-471414506-1000UA1d0c1a74f12249c => C:\Users\Andreas\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {C4A19166-7D53-46CF-8A84-6FDCA682D2CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-04-06] ()
Task: {C6AA14D2-72B5-4C79-863B-1F93C2ABD8AF} - System32\Tasks\{649AA953-F7A6-4732-8011-197B71AE83FD} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.1.0.179.271/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded
Task: {C915B591-A670-4808-B3C7-FEEA5B9072E2} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f137fc3f8f0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {CBD7FC53-3F0F-46A6-9042-F4269FE9FC8A} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e3e8310882f1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {CBE8CB66-70B3-4571-91B4-6C070C49DA34} - System32\Tasks\Andreas1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-04-05] (Seagate Technology LLC)
Task: {CF00D4AB-B77D-4E78-990A-9C3DBB3BA21D} - System32\Tasks\{C7325F75-DFE2-487E-A79B-8FA22ADDC295} => Chrome.exe
Task: {CFC5EEE3-AB2F-4712-AC2E-7CBD8AD89D5E} - System32\Tasks\Andreas1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-04-05] (Seagate Technology LLC)
Task: {D7601A8A-6454-4EF7-B4B0-EE8C201CFB21} - System32\Tasks\{19948066-D596-477E-8C4E-3310A0AB216D} => I:\TDK Lock USB 3.0.exe
Task: {E4ECEE03-D5E1-4F08-9E66-F4FE0EDFFFD8} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {ED9BD20E-3CA0-4AF3-AA80-9FE1795211DB} - System32\Tasks\GoogleUpdateTaskMachineCore1d10a07342036e2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {EDA61083-E0C0-45D0-A5D6-A431E0B67969} - System32\Tasks\{EF416EF9-4338-488B-9A32-25E4CE5DDD3C} => C:\SwSetup\sp56957\WBFDDKSetup.exe [2012-03-08] (Validity Sensors, Inc.)
Task: {F348BE9B-DFA6-4BF6-A0D5-2781AA386A72} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {F66842CA-E82E-4200-AEFF-1320C9943F58} - System32\Tasks\{9B81CA92-B3F6-432F-96AB-6CB6CB054AA0} => pcalua.exe -a "C:\Users\Andreas\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRGDZE9E\ENU_Desktop_Setup_4.0.1[1].exe" -d C:\Users\Andreas\Desktop
Task: {FC92FAA7-0613-44BB-85C6-966294507AEF} - System32\Tasks\Andreas DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2016-04-05] (Seagate Technology LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3457447332-2947019377-471414506-1000Core1d0c1a74ef7f579.job => C:\Users\Andreas\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3457447332-2947019377-471414506-1000UA1d0c1a74f12249c.job => C:\Users\Andreas\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf6aa430804708.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0485155c03518.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08f137fc3f8f0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e3e8310882f1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d10a07342036e2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12e99b3be304.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6aa43132f7d5.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfee3de79bee15.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04851567442e8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08f137ff39476.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf784ee7ed34.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e3e8319818cf.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d10a0734baf054.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12e99b514014.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FullHD Video Editor LoiLoScope Download.lnk -> C:\Program Files (x86)\LoiLo\LoiLoScope Download\WebShortcut.exe () -> hxxp://loilo.tv/product/20?partner_id=14
ShortcutWithArgument: C:\Users\Public\Desktop\FullHD Video Editor LoiLoScope Download.lnk -> C:\Program Files (x86)\LoiLo\LoiLoScope Download\WebShortcut.exe () -> hxxp://loilo.tv/product/20?partner_id=14

==================== Loaded Modules (Whitelisted) ==============

2010-07-02 16:00 - 2010-07-02 16:00 - 00679936 _____ () C:\Program Files\Advanced Time Synchronizer\svctimesync.exe
2010-07-02 16:00 - 2010-07-02 16:00 - 00573952 _____ () C:\Program Files\Advanced Time Synchronizer\advtimesync.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-01-21 09:20 - 2010-01-21 09:20 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2010-01-19 08:04 - 2010-01-19 08:04 - 00020480 _____ () C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
2010-07-02 16:00 - 2010-07-02 16:00 - 00802816 _____ () C:\Program Files\Advanced Time Synchronizer\advtimesync.exe
2016-05-14 17:21 - 2016-05-14 17:21 - 00959168 _____ () C:\Users\Andreas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-05-13 18:27 - 2016-05-13 18:27 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\5084d8079b59fb95678c57cdee13464b\IsdiInterop.ni.dll
2010-07-28 13:12 - 2010-04-13 09:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:618D0840 [406]
AlternateDataStreams: C:\ProgramData\Temp:BEC0D766 [130]
AlternateDataStreams: C:\ProgramData\Temp:F378DBC6 [372]
AlternateDataStreams: C:\Users\Andreas\Downloads\Susan Teh - Assessment Form - Relevant Pages.pdf.z63nsz4 (1).partial:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Andreas\Downloads\Susan Teh - Assessment Form - Relevant Pages.pdf.z63nsz4.partial:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DpHost => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3457447332-2947019377-471414506-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3457447332-2947019377-471414506-1000\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3457447332-2947019377-471414506-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FAH.lnk => C:\Windows\pss\FAH.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Notifier.lnk => C:\Windows\pss\Update Notifier.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Preloader.lnk => C:\Windows\pss\WinZip Preloader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Update Manager.lnk => C:\Windows\pss\WinZip Update Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Andreas^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Advanced Time Synchronizer => "C:\Program Files\Advanced Time Synchronizer\advtimesync.exe" noshow
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Andreas\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: HP Officejet Pro 8610 (NET) => "C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe" -deviceID "CN4BJE3261:NW" -scfn "HP Officejet Pro 8610 (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iolo Startup => "C:\Program Files (x86)\iolo\common\Lib\ioloLManager.exe" /lbstartup
MSCONFIG\startupreg: ISUSPM => "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PROFIS AutoUpdate => C:\Program Files (x86)\Hilti\PROFIS AutoUpdate\Hilti.AutoUpdate.Tray.exe -hidden
MSCONFIG\startupreg: QuickenScheduledUpdates => C:\Program Files (x86)\Reckon Accounts Personal\bagent.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Uploader => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{A2683D68-341B-487D-97CA-0B0AD83462D2}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{8B04642F-4613-47F7-99C9-2D9B9CCE56CC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{0A44B5C1-20AA-4F01-ADE9-025C460B976A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\iTV\HPiTV.exe
FirewallRules: [{4C023DBA-5568-474A-B374-810FC5480ADD}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{70B273A5-B631-496B-A048-64BB1FA8673C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B4FF4B6A-A0F5-4BEC-A551-ECD326F20765}] => (Allow) LPort=2869
FirewallRules: [{36C847A9-906D-4F44-AC52-3FA3DD609BCF}] => (Allow) LPort=1900
FirewallRules: [{D68F5392-D9F6-4C90-9E38-B6B575A2ED4D}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{87B8E382-466C-44F3-9983-4D08E7CAEBFD}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{F2B1E41F-CE54-43AF-8715-685C82EC5A16}] => (Allow) C:\Users\Andreas\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{07FA6E02-62A3-43F9-8AFC-604DC9700C57}] => (Allow) C:\Users\Andreas\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [TCP Query User{D406783D-0775-4338-9EB8-367C5EFE3181}C:\users\andreas\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\andreas\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{B526256B-B42A-4524-AF99-66B29D651139}C:\users\andreas\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\andreas\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{48F09473-3768-4BAF-9FFC-33989AAAF123}C:\users\andreas\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\andreas\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{D5827499-63BB-4668-A193-AA89063492DA}C:\users\andreas\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\andreas\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{C7F6B3C5-EA34-4993-8643-14B171FA3F90}] => (Allow) C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C0F2D71A-C848-4738-85C3-4D45353B42F9}] => (Allow) C:\Users\Andreas\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B257A775-405C-4C55-B6AD-ABAAC7DCF65E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{EB4F8CA7-05DC-48D0-A7E0-C8042B743ED1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{C5461A65-E75F-49A6-8028-76FB20DFFFFE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{CC04D095-534C-4ECB-AD44-C43D71E1D555}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{15982197-CCBF-4278-B8E2-79286C6FC737}] => (Allow) LPort=5357
FirewallRules: [{6DE66DB6-B78E-4070-B2A4-B10FE04447DC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{52361EA7-B19E-493A-BED7-19BAB76636AD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F1340C79-D00C-4DDF-B85D-ED365E552C7A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{11DE621E-4930-4F15-A1CF-437105234646}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FC01D02A-301E-4D4B-8F75-62C43060BCB0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A26A4AD9-59ED-49DA-8F56-E948B2A9E45D}] => (Allow) LPort=8888
FirewallRules: [{F58A9499-6914-4386-8034-12355654F38B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FF4D9DD0-040A-4E8F-BA91-4B05045C4044}] => (Allow) LPort=8888
FirewallRules: [{414A7283-3CE7-40E1-8DF4-E6F55DEA591E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Telstra\Mobile Broadband Manager\SwiApiMuxX.exe] => Enabled:SwiApiMuxX

==================== Restore Points =========================

28-05-2016 14:10:09 Removed Acrobat.com
28-05-2016 14:17:08 Removed Acrobat.com
28-05-2016 16:18:54 Removed Java 8 Update 45
28-05-2016 16:21:38 Removed Product Improvement Study for HP Officejet Pro 8610
28-05-2016 16:22:38 Removed Skype Click to Call
28-05-2016 16:37:33 Removed Windows Live Mesh ActiveX Control for Remote Connections
28-05-2016 16:41:07 Removed Windows Live Mesh ActiveX Control for Remote Connections
28-05-2016 16:42:06 Removed Windows Live Sync
28-05-2016 16:44:23 Removed WinZip Update Manager.
28-05-2016 17:00:49 Windows Update
28-05-2016 22:09:03 Windows Backup
29-05-2016 00:53:03 Revo Uninstaller's restore point - Acrobat.com
29-05-2016 00:53:59 Removed Acrobat.com
29-05-2016 01:03:35 Revo Uninstaller's restore point - Auslogics BoostSpeed 8
29-05-2016 01:05:42 Revo Uninstaller's restore point - Akamai NetSession Interface
29-05-2016 01:07:48 Revo Uninstaller's restore point - Driver Detective
29-05-2016 01:10:50 Revo Uninstaller's restore point - Java 8 Update 45
29-05-2016 01:11:48 Removed Java 8 Update 45
29-05-2016 01:14:47 Revo Uninstaller's restore point - Skype Click to Call
29-05-2016 01:15:45 Removed Skype Click to Call
29-05-2016 01:17:59 Revo Uninstaller's restore point - Skype Click to Call
29-05-2016 01:18:58 Removed Skype Click to Call
29-05-2016 01:21:37 Revo Uninstaller's restore point - Uninstall Helper
29-05-2016 01:23:03 Revo Uninstaller's restore point - Windows Live Essentials
29-05-2016 01:25:53 Revo Uninstaller's restore point - Windows Live Essentials
29-05-2016 01:28:38 Revo Uninstaller's restore point - Windows Live Mesh ActiveX Control for Remote Connections
29-05-2016 01:30:05 Revo Uninstaller's restore point - Windows Live Sync
29-05-2016 01:31:05 Removed Windows Live Sync
29-05-2016 01:32:09 Revo Uninstaller's restore point - WinZip Update Manager
29-05-2016 02:32:12 Windows Update
29-05-2016 12:29:42 Windows Backup

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2016 11:55:40 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error

Error: (05/29/2016 11:49:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error

Error: (05/29/2016 11:49:59 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error

Error: (05/29/2016 11:49:58 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error

Error: (05/29/2016 11:49:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error

Error: (05/29/2016 01:34:52 AM) (Source: MsiInstaller) (EventID: 10005) (User: PAVILION-DV7)
Description: Product: WinZip Update Manager -- Error 2502. Called InstallFinalize when no install in progress.

Error: (05/29/2016 01:34:51 AM) (Source: MsiInstaller) (EventID: 10005) (User: PAVILION-DV7)
Description: Product: WinZip Update Manager -- Error 2503. Called RunScript when not marked in progress.

Error: (05/29/2016 01:31:15 AM) (Source: MsiInstaller) (EventID: 10005) (User: PAVILION-DV7)
Description: Product: Windows Live Sync -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,

Error: (05/29/2016 01:31:14 AM) (Source: MsiInstaller) (EventID: 10005) (User: PAVILION-DV7)
Description: Product: Windows Live Sync -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , ,

Error: (05/29/2016 01:28:48 AM) (Source: MsiInstaller) (EventID: 10005) (User: PAVILION-DV7)
Description: Product: Windows Live Mesh ActiveX Control for Remote Connections -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,

System errors:
=============
Error: (05/29/2016 01:29:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/29/2016 01:29:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/29/2016 01:29:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/29/2016 01:29:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/29/2016 01:29:39 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (05/29/2016 01:29:39 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (05/29/2016 01:26:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/29/2016 01:26:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (05/29/2016 01:26:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (05/29/2016 01:26:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

CodeIntegrity:
===================================
  Date: 2016-05-29 12:02:06.177
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-29 02:32:06.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-29 02:17:53.707
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-29 00:33:52.164
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-28 17:22:27.755
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-28 17:00:46.452
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-28 16:53:41.940
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-28 16:53:17.235
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-28 16:47:12.092
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-28 16:47:10.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 51%
Total physical RAM: 8125.86 MB
Available physical RAM: 3940.38 MB
Total Virtual: 16249.9 MB
Available Virtual: 12027.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:675.51 GB) (Free:536.87 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:698.63 GB) (Free:342.1 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:22.83 GB) (Free:3.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
Drive h: () (Fixed) (Total:1863.01 GB) (Free:1468.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 60B4CA22)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=675.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=22.8 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 286CED4E)
Partition 1: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 22C8B1D3)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

The contents of these files are gobbledygook for me, but I hope someone is able to help me solve my problems.  Many thanks in advance!

 

AndreasO



BC AdBot (Login to Remove)

 


#2 AndreasO

AndreasO
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 29 May 2016 - 03:49 AM

Dear Forum members.  My name is Andreas and I am a laptop user, but not at all expert in solving problems.  I started off with the 'Am I infected' forum, where I posted 'Urgent help needed'.  There, buddy215 tried to solve my problems, but finally advised me to post my case on this Forum.  My issues are many, including

 

  • My C:\Users\Andreas is unavailable.
  • I cannot open IE by going through START (I am running Windows 7) or my taskbar icon.  It opens as "Internet Explorer (not responding) and then disappears after some 15 seconds.  The only way I can get into IE is to start the 'Carbonite InfoCenter' which does opens the IE.  While the InfoCenter loads, I click on 'new Tab' and open Outlook.
  • I cannot open 'Windows Update' and the program refuses to install updates waiting to be installed.
  • I cannot open 'Action Center' to make a backup.
  • I cannot access my Seagate 2TB external drive to backup or retrieve files.
  • My continuous backup in the cloud (Carbonite) seems to be corrupted.  I have yet to contact them to see what can be done.

There a other problems, and I have run the FRST64 software and created the two files required in the Preparation Guide.  They are attached hereunder.

 

I hope you can help me to recover from my predicament and thank you all in advance.  Kind regards,

 

AndreasO

 

Attached Files



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:49 PM

Posted 29 May 2016 - 09:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

KLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-3457447332-2947019377-471414506-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Telstra Broadband Assistant\1.0.2.45\ma\bin\npMotive.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-24]
S4 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 cpuz134; \??\C:\Users\Andreas\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Task: {6012124B-B42E-414A-AAEC-D6133E5AC322} - System32\Tasks\{5DEE21A3-1899-4EE7-B40B-FA21D9EC77EE} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.10.0.104&amp;LastError=12002
AlternateDataStreams: C:\ProgramData\Temp:618D0840 [406]
AlternateDataStreams: C:\ProgramData\Temp:BEC0D766 [130]
AlternateDataStreams: C:\ProgramData\Temp:F378DBC6 [372]
AlternateDataStreams: C:\Users\Andreas\Downloads\Susan Teh - Assessment Form - Relevant Pages.pdf.z63nsz4 (1).partial:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Andreas\Downloads\Susan Teh - Assessment Form - Relevant Pages.pdf.z63nsz4.partial:com.dropbox.attributes [168]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the logs and let me know what problem persists.

p.s.
Your topics were merged.
Please keep the correspondence in this topic.

#4 AndreasO

AndreasO
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 30 May 2016 - 07:39 AM

Hi nasdaq - thank you for coming on board!

 

The Fixlog.txt file contents is below :

 

Fix result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Andreas (2016-05-30 22:06:45) Run:1
Running from C:\Users\Andreas\Downloads
Loaded Profiles: Andreas (Available Profiles: Andreas & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

KLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-3457447332-2947019377-471414506-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Telstra Broadband Assistant\1.0.2.45\ma\bin\npMotive.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-24]
S4 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 cpuz134; \??\C:\Users\Andreas\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Task: {6012124B-B42E-414A-AAEC-D6133E5AC322} - System32\Tasks\{5DEE21A3-1899-4EE7-B40B-FA21D9EC77EE} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.10.0.104&amp;LastError=12002
AlternateDataStreams: C:\ProgramData\Temp:618D0840 [406]
AlternateDataStreams: C:\ProgramData\Temp:BEC0D766 [130]
AlternateDataStreams: C:\ProgramData\Temp:F378DBC6 [372]
AlternateDataStreams: C:\Users\Andreas\Downloads\Susan Teh - Assessment Form - Relevant Pages.pdf.z63nsz4 (1).partial:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Andreas\Downloads\Susan Teh - Assessment Form - Relevant Pages.pdf.z63nsz4.partial:com.dropbox.attributes [168]

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\KLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3457447332-2947019377-471414506-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3457447332-2947019377-471414506-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKCR\PROTOCOLS\Handler\livecall" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
"HKCR\PROTOCOLS\Handler\msnim" => key removed successfully
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Motive.com/NpMotive,version=1.0" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader" => key removed successfully
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
IDriverT => service removed successfully
btwl2cap => service removed successfully
btwrchid => service removed successfully
cpuz134 => service removed successfully
MREMP50 => service removed successfully
MREMP50a64 => service removed successfully
MREMPR5 => service removed successfully
MRENDIS5 => service removed successfully
MRESP50 => service removed successfully
MRESP50a64 => service removed successfully
"C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6012124B-B42E-414A-AAEC-D6133E5AC322}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6012124B-B42E-414A-AAEC-D6133E5AC322}" => key removed successfully
C:\Windows\System32\Tasks\{5DEE21A3-1899-4EE7-B40B-FA21D9EC77EE} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5DEE21A3-1899-4EE7-B40B-FA21D9EC77EE}" => key removed successfully
C:\ProgramData\Temp => ":618D0840" ADS removed successfully.
C:\ProgramData\Temp => ":BEC0D766" ADS removed successfully.
C:\ProgramData\Temp => ":F378DBC6" ADS removed successfully.
C:\Users\Andreas\Downloads\Susan Teh - Assessment Form - Relevant Pages.pdf.z63nsz4 (1).partial => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Andreas\Downloads\Susan Teh - Assessment Form - Relevant Pages.pdf.z63nsz4.partial => ":com.dropbox.attributes" ADS removed successfully.
EmptyTemp: => 267.4 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 22:08:18 ====

 

I'm looking forward to the next instalment - Thanks - Andreas



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:49 PM

Posted 30 May 2016 - 08:23 AM

What problem persists?

#6 AndreasO

AndreasO
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 30 May 2016 - 09:16 PM

nasdaq,

 

In reply to your question 'what problem persists', please find below some previous problems I had, copied from my post of May 29th.  My comments of the current state of affairs is given in grey :

 

  • My C:\Users\Andreas is unavailableI can access C:\, but only through START - Computer -OS(C:)
  • I cannot open IE by going through START (I am running Windows 7) or my taskbar icon.  It opens as "Internet Explorer (not responding) and then disappears after some 15 seconds.  The only way I can get into IE is to start the 'Carbonite InfoCenter' which does opens the IE.  While the InfoCenter loads, I click on 'new Tab' and open Outlook.  This is still the same.
  • I cannot open 'Windows Update' and the program refuses to install updates waiting to be installed.  I can access through START only, typing Windows Update.
  • I cannot open 'Action Center' to make a backup. As above,  only access is through START and typing
  • I cannot access my Seagate 2TB external drive to backup or retrieve files.  If I access through START, the message 'The Seagate drive management service has not started.  The application will now close'. Generally, I can access some programs through my desktop, but not all.  For example, Acrobat Reader DC comes up saying 'The item referred to by this shortcut cannot be accessed. You may not have the appropriate permission'.
  • My continuous backup in the cloud (Carbonite) seems to be corrupted.  I have yet to contact them to see what can be done.  I have tried to get things going again on my own, but so far without success.
  • In START, when I select 'all programs' only some come up.  If I go into OS(C:) - Computer - Program Files (x86), a lot of other programs become visible, but they are mostly not opening.

 

Can I switch to Windows 10 to overcome this mess, or is this not recommended for my laptop in the current state?

 

My laptop is anyway getting on a bit and sometimes closes unexpectedly through overheating.  I'm happy to purchase another one, but don't know whether I can transfer my program software as it stands now.

 

Regards, Andreas


Edited by AndreasO, 30 May 2016 - 09:20 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:49 PM

Posted 31 May 2016 - 08:14 AM

Updating to Windows 10 will probably not solve your problems.

Lets reset some of the service in Windows 7.

Please Download Tweaking.com - Windows Repair from Here


  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    06 - Repair Windows Firewall
    07 - Repair Internet Explorer
    08 - Repair MDAC/MS Jet
    10 - Remove Policies Set By Infections
    11 - Repair Start Menu Icons Removed by Infections
    12 - Repair Icons
    17 - Repair Windows Updates
    19 - Repair Volume Shadow Copy Service
    21 - Repair MSI (Windows Installer)
    22 - Repair Windows Snipping tool
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?



#8 AndreasO

AndreasO
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 31 May 2016 - 12:18 PM

]nasdaq - the Tweaking.com files are attached.

 

It's too late to check out the workings of the laptop - 03:00 here in Australia - but I know that my IE only works through START and when I click 'run as Administrator'.

 

Attached File  _Windows_Repair_Log.txt   6.58KB   1 downloads

Attached File  HKLM_Set_Owner_Error_Log.txt   59.17KB   0 downloads

Attached File  HKLM_Set_Permissions_Error_Log.txt   59.17KB   0 downloads

Attached File  HKU_Set_Owner_Error_Log.txt   848bytes   0 downloads

Attached File  HKU_Set_Permissions_Error_Log.txt   848bytes   0 downloads

Attached File  Repair_Icons.txt   642bytes   0 downloads

Attached File  Repair_MSI_Windows_Installer.txt   480bytes   0 downloads

Attached File  Repair_Volume_Shadow_Copy_Service.txt   504bytes   0 downloads

Attached File  Repair_Windows_Updates.txt   4.33MB   0 downloads

Attached File  Services_Set_Permissions_Error_Log.txt   1.3KB   0 downloads



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:49 PM

Posted 01 June 2016 - 07:49 AM


How to repair or reinstall Internet Explorer in Windows
https://support.microsoft.com/en-us/kb/318378

The principle is to remove the IE 11 and reinstall it.

Hope it helps.

===

#10 AndreasO

AndreasO
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 01 June 2016 - 09:58 AM

nasdac - hi

 

This procedure does not work for me.  I get Error 2503, followed by Error 2502 when I try to uninstall IE11.  I also tried to delete and then reinstall Adobe Acrobat Reader DC, which came up with the same Errors.

 

  • Generally, my laptop is very slow, particularly at start-up. 
  • I cannot print PDF's
  • Windows Update is not in my list of programs.  To open it, I have to click START, type in 'windows update', right-click the program when it appears, and the select 'run as Administrator'. This - and only this - procedure locates and opens the program. There are currently 3 updates waiting to be installed.  They download, but then I'm notified that the installation has failed.
  • The above process is the same for many more (but not all) programs I want to open. Only very few programs open from the desktop or the taskbar.
  • When I click on START and click on 'All Programs' the list that appears is very small (15 items only), although I have many more programs on my machine, which is confirmed by the list of software in C:\Program Files and C:\Program Files (x86)

Is there anything else I can try to improve my situation ??  My machine is presently only a shadow of its former self ! It runs - in a fashion - but is very frustrating to use.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:49 PM

Posted 01 June 2016 - 12:51 PM

Run the Suggested fix on this page.
You must use IE.

Fix problems that programs cannot be installed or uninstalled
https://support.microsoft.com/en-us/mats/program_install_and_uninstall

Keep me posted.

#12 AndreasO

AndreasO
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 01 June 2016 - 09:06 PM

nasdaq,

 

This is the report running FIX IT for problems uninstalling programs :

Issues found
Corrupt Patch Registry keys
Detects corrupt or missing patch cache
Fixed
Fixing patch registry problems
Succeeded
Cannot install or uninstall a program
Looks for problems that can stop you installing and uninstalling a program
Fixed
Uninstall and cleanup? Adobe Acrobat Reader DC
Succeeded

 

Issues checked
Problem registry key
Detects problems with the registry (Wow64 issue)
Checked

 

Issues found Detection details
6
Corrupt Patch Registry keys Fixed
Detects corrupt or missing patch cache
Fixing patch registry problems
Succeeded
Detected patch registry problems
6
Cannot install or uninstall a program Fixed
Looks for problems that can stop you installing and uninstalling a program
Uninstall and cleanup? Adobe Acrobat Reader DC
Succeeded
Looks for problems that can stop you installing and uninstalling a program
Registry Backup
  This XML document contains the registry backup for the product removed
File Backup
  This document contains the File backup for the product removed.
Recovery File
  This document contains the File and Registry recovery script.
Issues checked Detection details
6
Problem registry key Checked
Detects problems with the registry (Wow64 issue)
Fixing the problem registry key (Wow64 issue)
Not Run
 
Finding and removing the problem registry key (Wow64 issue)
Detection details
Collection information Computer Name: PAVILION-DV7 Windows Version:
6.1
Architecture:
amd64
Time:
Thursday, June 02, 2016 10:59:48 AM
Publisher details
Program Install and Uninstall troubleshooter Looks for problems that can stop you installing and uninstalling a program Package Version:
1.3
Publisher:
Microsoft Corporation

 

I then wanted to run FIX IT for problems installing programs, but it didn't let me do it, saying that all problems had been fixed.

 

I then tried to open MS WORD from the START menu, but this and other programs now no longer open !!  I looked at the Properties of a few of those, and find that the Target Location box and the Start-In box is blank.  I will therefore restore my last Restore Point and see whether that will allow me to use MS WORD again.  I need it !!



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:49 PM

Posted 02 June 2016 - 08:18 AM

This is the list of restore points reported on the Addition.txt file.
I suggest you restore your computer to a date prior to the start of your problems.

If ome Windows updates were removed go to the Windows updates page and reinstall them.

The run the Farbar tool and post the logs for my review.
Let me know what problems persists.

==================== Restore Points =========================
28-05-2016 14:10:09 Removed Acrobat.com
28-05-2016 14:17:08 Removed Acrobat.com
28-05-2016 16:18:54 Removed Java 8 Update 45
28-05-2016 16:21:38 Removed Product Improvement Study for HP Officejet Pro 8610
28-05-2016 16:22:38 Removed Skype Click to Call
28-05-2016 16:37:33 Removed Windows Live Mesh ActiveX Control for Remote Connections
28-05-2016 16:41:07 Removed Windows Live Mesh ActiveX Control for Remote Connections
28-05-2016 16:42:06 Removed Windows Live Sync
28-05-2016 16:44:23 Removed WinZip Update Manager.
28-05-2016 17:00:49 Windows Update
28-05-2016 22:09:03 Windows Backup
29-05-2016 00:53:03 Revo Uninstaller's restore point - Acrobat.com
29-05-2016 00:53:59 Removed Acrobat.com
29-05-2016 01:03:35 Revo Uninstaller's restore point - Auslogics BoostSpeed 8
29-05-2016 01:05:42 Revo Uninstaller's restore point - Akamai NetSession Interface
29-05-2016 01:07:48 Revo Uninstaller's restore point - Driver Detective
29-05-2016 01:10:50 Revo Uninstaller's restore point - Java 8 Update 45
29-05-2016 01:11:48 Removed Java 8 Update 45
29-05-2016 01:14:47 Revo Uninstaller's restore point - Skype Click to Call
29-05-2016 01:15:45 Removed Skype Click to Call
29-05-2016 01:17:59 Revo Uninstaller's restore point - Skype Click to Call
29-05-2016 01:18:58 Removed Skype Click to Call
29-05-2016 01:21:37 Revo Uninstaller's restore point - Uninstall Helper
29-05-2016 01:23:03 Revo Uninstaller's restore point - Windows Live Essentials
29-05-2016 01:25:53 Revo Uninstaller's restore point - Windows Live Essentials
29-05-2016 01:28:38 Revo Uninstaller's restore point - Windows Live Mesh ActiveX Control for Remote Connections
29-05-2016 01:30:05 Revo Uninstaller's restore point - Windows Live Sync
29-05-2016 01:31:05 Removed Windows Live Sync
29-05-2016 01:32:09 Revo Uninstaller's restore point - WinZip Update Manager
29-05-2016 02:32:12 Windows Update
29-05-2016 12:29:42 Windows Backup

#14 AndreasO

AndreasO
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 04 June 2016 - 10:13 AM

nasdaq,

 

Thank you for your suggestion.  My comments are as follows :

 

(1) The earliest Restore Point is AFTER I contacted BleepingComputer with my problem.  Hence this may not succeed ??

 

(2) After starting System Restore (I wanted to see whether earlier Restore Points are available) I got the following message : System Restore does not appear to be functioning correctly on this system.  Access is denied. (0x80070005)

 

WHAT NOW ??



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:49 PM

Posted 05 June 2016 - 07:22 AM

It's too bad about the restore point.
There was one supposedly created when you run the FARBAR fix

Restore point was successfully created.

There should have been one created when your executed the Tweaking.com tool see post mo no 7.
Step one was the key to creating it, do you remember seeing a error message?

===


Find out if the System Restore ON - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7
===

How to perform a clean boot in Windows Vista, W7, W8.
http://support.microsoft.com/kb/929135

Read and follow the instructions on the page before proceeding.

Did you find any conflicting issues?
===

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users