Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with zero access rootkit


  • This topic is locked This topic is locked
57 replies to this topic

#1 JimSid

JimSid

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 31 October 2016 - 07:39 AM

Hello, I have an asus laptop running windows 8.1. When my Panda free antivirus stopped working, I began looking for a fix. After removing old antivirus and trying to download a new one, I received "file contained a virus and was deleted" messages at the bottom of my screen. After googling it, I believe I have the zero access rootkit Trojan and am hoping you can help me fix it.

 

Thank you  Jim



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:07 AM

Posted 02 November 2016 - 12:21 PM


It seems that your pc has a problem or could be infected with malware which is going to take some more work and a deeper look. No sense running a bunch of tools here.
Please follow this Preparation Guide. If have already done a step or you cannot complete a step, skip it and continue.
Pease include a link to this thread.

Let me know if all went well.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 JimSid

JimSid
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 02 November 2016 - 09:34 PM

Thanks for helping.

 

I am unable to download the Fabar recovery scan tool. When I tried with internet explorer, I received a message at the bottom of my screen that had a red shield with an x in it and words saying "FRST64.exe contained a virus and was deleted' followed by a blue link saying "learn more" and ending with a "view downloads" button.

 

I then closed internet explorer and attempted to download the FRST using google chrome and received a small message box in lower left corner saying "FRST64.exe

Failed - Virus scan failed"

 

Thanks again  Jim

 

P.S. I am not very computer savy and am unsure how to include a link to this thread.



#4 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:07 AM

Posted 03 November 2016 - 02:27 AM

The Fabar recovery scan tool is safe.

Disable all your antivirus and antimalware software - see how to do that here.

Download and run the tool, then enable your antivirus and antimalware Software.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 JimSid

JimSid
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 03 November 2016 - 09:07 AM

I have turned off windows defender and malwarebytes to no avail. I still get the same message as posted above. Before I posted to Bleeping computer, I found some information online that says this malware affects the windows defender program by changing the "symlinks" junction reparse point. I have tried renaming the windows defender program and downloading using chrome instead of internet explorer and still no luck.

 

thanks



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:07 PM

Posted 03 November 2016 - 09:12 AM

Moved to Virus, Trojan, Spyware, and Malware Removal Logs forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:07 AM

Posted 03 November 2016 - 09:20 AM

try this please:

How to use the F8 method to Start Your Computer in Safe Mode with Networking
  • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe Mode with Networking menu item
    • Press Enter.
  • Can you download now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 JimSid

JimSid
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 03 November 2016 - 10:50 PM

No luck. I have tried at least 3 times with the same result. When I hit the download button the browser redirects to the downloading page and within 3 to 5 seconds two windows pop up. one is the generic "Internet explorer has stopped working. A problem caused the program to stop. windows will close the program and notify you if a solution is available. The other says " Msg: iexplore.exe - Application error  The instruction at 0x6df0605b referenced memory at 0x00000000. the  memory could not be read. click ok to terminate the program"  and everytime I tried the instruction numbers 4th , 5th and 6th digits changed. Other examples  0x6dc9605b and 0x6e3d605b

 

Thanks Jim



#9 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:07 AM

Posted 04 November 2016 - 03:51 AM

Do you have another pc where you can download our tools and an USB-stick to transfer the downloaded files to the infected pc?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 JimSid

JimSid
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 04 November 2016 - 07:29 AM

I have a laptop currently in transit, coming back from the manufacturer after being repaired under warranty. It is scheduled to arrive late Monday. I also have access to computers at my local library but I am not sure if they allow downloading onto usb-sticks.



#11 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:07 AM

Posted 04 November 2016 - 07:55 AM

Public Computers are not safe, so this would be the last resort, if nothing else works.

---

Now we try a System Restore:

start the windows (Vista, 7 or 8 or 10) system restore and try to run system restore from there.

Choose a restore point that is more than 10 days old!

---

You need an empty USB-stick, because preparing it to prevent infection, deletes all files on the USB-stick. If we cannot solve the problem with a System Restore, please make sure, that you have an empty USB-stick til monday.


We need to vaccinate the USB drive to prevent infection:

Please download USBVaccineSetup.exe from Panda Software to the desktop of your clean / working computer.
note: the download mirror is called MajorGeeks and the download should start automatically. please do not click any advertisements.
  • Insert your USB flash drive into the clean / working computer
  • Double-click on USBVaccineSetup.exe to install the program
  • Select your language, read and accept the agreement to continue
  • Choose if you would like the program to run at all times, and for all newly inserted USB drives
  • Click Next then Finish to complete the installation, the program will launch
  • Select your USB drive from the list, then click Vaccinate USB
    note: optionally you can click Vaccinate computer as well, this disables removable items from automatically running on the system entirely
  • A message should appear that your USB drive was vaccinated. If not please report the error in your next post

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 JimSid

JimSid
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 08 November 2016 - 10:01 AM

Thanks for your patience,  I tried system restore twice. The first time I tried with the oldest restore point and the results said it could not completely restore because of something in the registry. I did not write down exact message. I tried system restore again with the next restore point and the computer got hung up in the process so I had to shut it down.  I do now have a clean computer and a vaccinated usb stick as recommended in your last post and am awaiting instructions. 

Thank you  Jim



#13 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:07 AM

Posted 08 November 2016 - 10:16 AM

Download the the following tools to the usb-stick and then transfer and copy them to the desktop of the infected pc. Make sure the infected pc runs in normal mode and then run the tools as instructed below:
 

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

--- ---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 JimSid

JimSid
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 10 November 2016 - 08:37 AM

Here are the logs requested. Malewarebytes Anti-rootkit did not find anything. I also did not click the clean button for the 17 infections found in AdwCleaner because you did not instruct to do so.

Thanks. Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 111
Java version 32-bit out of Date!
Adobe Flash Player 23.0.0.207
Google Chrome (54.0.2840.71)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Judy (administrator) on JACK (10-11-2016 07:49:19)
Running from D:\
Loaded Profiles: Judy & Jack & (Available Profiles: Judy & Jack)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cisco) C:\Users\Judy\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Microsoft Corporation) C:\Windows\System32\WpcMon.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> SecurityCheck.exe
(Oracle Corporation) C:\Users\Jack\Desktop\runtime\jre-x64\1.8.0_25\bin\java.exe
(Oracle Corporation) C:\Users\Jack\Desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
() C:\Users\Judy\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officec2rclient.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-04-21] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-07-10] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-09-13] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-10-25] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Run: [PCShowServer] => C:\Users\Judy\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1631088 2014-09-16] (Cisco)
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Judy\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-10-25] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\...\MountPoints2: {3a175b46-a026-11e3-be89-0c8bfd59d048} - "D:\TLBootstrap_WPP.exe"
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PCShowServer] => C:\Users\Judy\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1631088 2014-09-16] (Cisco)
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Octoshape Streaming Services] => C:\Users\Judy\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-10-25] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {3a175b46-a026-11e3-be89-0c8bfd59d048} - "D:\TLBootstrap_WPP.exe"
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-10-25] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicyUsers\S-1-5-21-2734846572-2477187224-418570047-1004\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2734846572-2477187224-418570047-1001\User: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{73C85B92-1916-4476-990C-E5152D06ABD0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B412A80E-E6C2-4CA9-BDDB-83DEA2F43CCF}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2734846572-2477187224-418570047-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/
HKU\S-1-5-21-2734846572-2477187224-418570047-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/
HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2734846572-2477187224-418570047-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2734846572-2477187224-418570047-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2734846572-2477187224-418570047-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_466c6ccf_1201_1401_20160706_US_ie_ds_&tag=bds-p10-serp-us-ie-20&query={searchTerms}
SearchScopes: HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_466c6ccf_1201_1401_20160706_US_ie_ds_&tag=bds-p10-serp-us-ie-20&query={searchTerms}
SearchScopes: HKU\S-1-5-21-2734846572-2477187224-418570047-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2734846572-2477187224-418570047-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-08-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-06] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-27] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-27] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2734846572-2477187224-418570047-1001: @nds.com/PlayerPlugin -> C:\Users\Judy\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-09-16] (Cisco)
FF Plugin HKU\S-1-5-21-2734846572-2477187224-418570047-1001: @nds.com/PlayerPlugin64 -> C:\Users\Judy\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll [2014-09-16] (Cisco)
FF Plugin HKU\S-1-5-21-2734846572-2477187224-418570047-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Judy\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll [2013-12-18] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-2734846572-2477187224-418570047-1001: NDS.com/PlayerPlugin -> C:\Users\Judy\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-09-16] (Cisco)
FF Plugin HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nds.com/PlayerPlugin -> C:\Users\Judy\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-09-16] (Cisco)
FF Plugin HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nds.com/PlayerPlugin64 -> C:\Users\Judy\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll [2014-09-16] (Cisco)
FF Plugin HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Judy\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll [2013-12-18] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-2734846572-2477187224-418570047-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: NDS.com/PlayerPlugin -> C:\Users\Judy\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-09-16] (Cisco)
FF Plugin HKU\S-1-5-21-2734846572-2477187224-418570047-1004: @nsroblox.roblox.com/launcher -> C:\Users\Jack\AppData\Local\Roblox\Versions\version-23a05f622b7b47a6\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2734846572-2477187224-418570047-1004: @nsroblox.roblox.com/launcher64 -> C:\Users\Jack\AppData\Local\Roblox\Versions\version-23a05f622b7b47a6\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\Jack\AppData\Local\Roblox\Versions\version-23a05f622b7b47a6\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2734846572-2477187224-418570047-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Users\Jack\AppData\Local\Roblox\Versions\version-23a05f622b7b47a6\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Judy\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2014-12-02] (Octoshape ApS)

Chrome:
=======
CHR Profile: C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default [2016-11-07]
CHR Extension: (Google Slides) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-28]
CHR Extension: (Google Docs) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-28]
CHR Extension: (Google Drive) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-28]
CHR Extension: (YouTube) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-28]
CHR Extension: (Google Sheets) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-28]
CHR Extension: (Skype) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-28]
CHR Extension: (Gmail) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-28]
CHR Extension: (Chrome Media Router) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-19] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-06-28] (Intel Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3037424 2016-10-03] (Microsoft Corporation)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-03-27] (Nuance Communications, Inc.)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [83032 2013-04-21] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe [100032 2013-04-21] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [84568 2013-04-21] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [92864 2013-04-21] (Intel Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [985616 2016-10-25] (Garmin Ltd. or its subsidiaries)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2621448 2016-09-13] (LogMeIn Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156616 2013-06-26] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-05-30] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-08-31] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 vmicguestinterface; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
S3 vmicheartbeat; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
S3 vmickvpexchange; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
S3 vmicshutdown; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
S3 vmictimesync; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [65784 2013-06-28] (ASUS Corporation)
R3 btmaux; C:\WINDOWS\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1385272 2013-04-23] (Motorola Solutions, Inc.)
R3 DptfDevDram; C:\WINDOWS\system32\DRIVERS\DptfDevDram.sys [68072 2013-04-21] (Intel Corporation)
R3 DptfDevPch; C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys [57216 2013-04-21] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [120256 2013-04-21] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [200808 2013-04-21] (Intel Corporation)
S0 ebdrv; C:\WINDOWS\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2016-08-31] (LogMeIn Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [115656 2013-06-03] (Intel Corporation)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21048 2013-05-30] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21048 2013-05-30] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-05-30] ()
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-31] (Intel Corporation)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\WINDOWS\system32\DRIVERS\Netwew02.sys [3648480 2013-10-09] (Intel Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [18232 2013-06-19] (ASUSTek Computer Inc.)
S3 sscdserd; C:\WINDOWS\system32\DRIVERS\sscdserd.sys [141384 2012-06-27] (MCCI Corporation)
S3 ssmirrdr; C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys [10112 2011-03-15] (support.com, Inc)
R3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WPRO_41_2001; C:\WINDOWS\System32\drivers\WPRO_41_2001.sys [34752 2016-11-07] ()
U0 SR; no ImagePath
U2 srservice; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-10 07:49 - 2016-11-10 07:49 - 00000000 ____D C:\FRST
2016-11-10 07:47 - 2016-11-10 07:47 - 00003935 _____ C:\Users\Judy\Desktop\AdwCleaner[S0].txt
2016-11-10 07:40 - 2016-11-10 07:44 - 00000000 ____D C:\AdwCleaner
2016-11-09 10:48 - 2016-11-09 23:28 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-09 10:47 - 2016-11-09 23:28 - 00000000 ____D C:\Users\Judy\Desktop\mbar
2016-11-09 10:18 - 2016-11-09 10:18 - 00000998 _____ C:\Users\Judy\Desktop\checkup security check.txt
2016-11-09 10:09 - 2016-11-09 10:09 - 00000676 _____ C:\Users\Judy\Desktop\mbar-1.09.3.1001 - Shortcut.lnk
2016-11-09 10:09 - 2016-11-09 10:09 - 00000634 _____ C:\Users\Judy\Desktop\AdwCleaner - Shortcut.lnk
2016-11-09 10:09 - 2016-11-09 10:09 - 00000604 _____ C:\Users\Judy\Desktop\FRST64 - Shortcut.lnk
2016-11-09 09:58 - 2016-11-09 09:58 - 00000316 _____ C:\Users\Judy\Desktop\SecurityCheck - Shortcut.lnk
2016-11-07 09:19 - 2016-11-07 09:19 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2016-11-05 14:02 - 2016-11-09 14:41 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-05 14:02 - 2016-11-05 14:02 - 00002029 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-11-05 14:02 - 2016-11-05 14:02 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-11-05 11:43 - 2016-11-07 13:57 - 00003558 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2016-11-05 07:20 - 2016-11-05 07:20 - 00001868 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2016-11-05 07:20 - 2016-11-05 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-11-04 14:39 - 2016-11-04 14:39 - 00000069 _____ C:\Users\Jack\Desktop\Rockin' Around The Christmas Tree (Christmas Trap Remix) - YouTube.url
2016-11-04 14:39 - 2016-11-04 14:39 - 00000069 _____ C:\Users\Jack\Desktop\Aliev Beatz - Merry Christmas - YouTube.url
2016-11-04 13:38 - 2016-11-04 13:38 - 00000069 _____ C:\Users\Jack\Desktop\Nightmare Before Christmas Trap (Nate Maelz & StickyBeats) - YouTube.url
2016-11-04 13:37 - 2016-11-04 13:37 - 00000069 _____ C:\Users\Jack\Desktop\Ronettes - Sleigh Bells (PhatCap! Trap Remix) - YouTube.url
2016-11-04 13:37 - 2016-11-04 13:37 - 00000069 _____ C:\Users\Jack\Desktop\Jingle Bells (Steviie Wonder & Keanu Trap Remix) - YouTube.url
2016-11-04 13:37 - 2016-11-04 13:37 - 00000069 _____ C:\Users\Jack\Desktop\Christmas Trap (Dopant Beats Remix) - YouTube.url
2016-10-28 08:03 - 2016-11-09 19:08 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-28 08:03 - 2016-11-09 09:08 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-28 08:03 - 2016-10-28 08:29 - 00000000 ____D C:\Users\Judy\AppData\Local\Google
2016-10-28 08:03 - 2016-10-28 08:03 - 00003876 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-10-28 08:03 - 2016-10-28 08:03 - 00003640 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-10-28 08:03 - 2016-10-28 08:03 - 00002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-28 08:03 - 2016-10-28 08:03 - 00002237 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-28 08:03 - 2016-10-28 08:03 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-28 08:02 - 2016-10-28 08:03 - 00000000 ____D C:\Users\Judy\AppData\Local\Deployment
2016-10-28 08:02 - 2016-10-28 08:02 - 00000000 ____D C:\Users\Judy\AppData\Local\Apps\2.0
2016-10-27 09:56 - 2016-10-27 09:56 - 00002227 _____ C:\Users\Public\Desktop\Panda Free Antivirus.lnk
2016-10-27 09:56 - 2016-10-27 09:56 - 00002174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus.lnk
2016-10-27 09:56 - 2016-10-27 09:56 - 00000000 ____D C:\Program Files (x86)\Panda Security
2016-10-27 09:35 - 2016-10-27 09:35 - 00978072 _____ (Panda Security, S.L.) C:\Users\Judy\Downloads\uninstaller.exe
2016-10-21 21:19 - 2016-10-21 21:19 - 03405669 _____ C:\Users\Jack\Downloads\forge-1.7.10-10.13.4.1614-1.7.10-installer-win.exe
2016-10-21 17:30 - 2016-10-21 17:30 - 00000000 ____D C:\Users\Jack\AppData\Local\HirezLauncherUI
2016-10-21 17:28 - 2010-05-26 10:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2016-10-21 17:28 - 2010-05-26 10:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2016-10-21 17:28 - 2010-02-04 09:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2016-10-21 17:28 - 2007-04-04 17:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2016-10-21 17:20 - 2016-11-07 09:19 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2016-10-21 17:20 - 2016-10-21 17:33 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2016-10-21 17:20 - 2016-10-21 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2016-10-19 17:00 - 2016-10-19 17:00 - 00000069 _____ C:\Users\Jack\Desktop\Santa Claus Is Coming To Town - The Crystals - YouTube.url
2016-10-19 16:44 - 2016-10-19 16:44 - 00000069 _____ C:\Users\Jack\Desktop\09 - Phil Spector - Darlene Love - Winter Wonderland - A Christmas Gift For You - 1963 - YouTube.url
2016-10-18 13:33 - 2016-10-18 13:33 - 00000069 _____ C:\Users\Jack\Desktop\The best Christmas Songs ever! - YouTube.url
2016-10-16 16:09 - 2016-10-16 16:09 - 00000222 _____ C:\Users\Jack\Desktop\Paladins.url
2016-10-14 21:33 - 2016-11-08 17:16 - 01002496 ___SH C:\Users\Jack\Downloads\Thumbs.db
2016-10-12 20:25 - 2016-10-12 20:25 - 00000069 _____ C:\Users\Jack\Desktop\Five Nights at Freddy's Song (TLT) Epic Orchestral Remix REMASTERED - YouTube.url
2016-10-12 19:34 - 2016-10-12 19:34 - 00001759 _____ C:\Users\Jack\Desktop\Pictures - Shortcut.lnk
2016-10-12 18:51 - 2016-10-24 16:54 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-12 18:51 - 2016-10-24 16:54 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-12 14:39 - 2016-09-12 18:48 - 00085680 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-12 14:39 - 2016-09-09 08:38 - 01629184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-12 14:39 - 2016-09-09 08:38 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-12 14:39 - 2016-09-09 08:38 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-12 14:39 - 2016-09-09 08:38 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-12 14:39 - 2016-09-09 08:38 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-12 14:39 - 2016-09-09 08:38 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-10-12 14:39 - 2016-09-09 08:38 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-12 14:39 - 2016-09-09 08:38 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-12 14:39 - 2016-08-27 14:44 - 22360288 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-10-12 14:39 - 2016-08-27 14:44 - 02755504 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-10-12 14:39 - 2016-08-27 14:44 - 00133256 _____ (Microsoft Corporation) C:\WINDOWS\system32\RestoreOptIn.exe
2016-10-12 14:39 - 2016-08-27 13:26 - 19789232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-10-12 14:39 - 2016-08-27 13:26 - 02411048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-10-12 14:39 - 2016-08-27 13:26 - 00113656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RestoreOptIn.exe
2016-10-12 14:39 - 2016-08-27 11:33 - 02881536 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-10-12 14:39 - 2016-08-27 11:11 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-10-12 14:39 - 2016-08-27 11:09 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-10-12 14:39 - 2016-08-27 10:55 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-10-12 14:39 - 2016-08-20 17:24 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-10-12 14:39 - 2016-08-20 17:12 - 02463744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-10-12 13:46 - 2016-09-30 19:22 - 07444312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-12 13:46 - 2016-09-30 02:55 - 25765376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-12 13:46 - 2016-09-30 01:25 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-12 13:46 - 2016-09-30 01:25 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-12 13:46 - 2016-09-30 01:09 - 06048256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-12 13:46 - 2016-09-30 00:47 - 20306944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-10-12 13:46 - 2016-09-30 00:42 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-10-12 13:46 - 2016-09-30 00:41 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-12 13:46 - 2016-09-30 00:38 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-10-12 13:46 - 2016-09-30 00:33 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-10-12 13:46 - 2016-09-30 00:33 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-10-12 13:46 - 2016-09-30 00:32 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-12 13:46 - 2016-09-30 00:31 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-10-12 13:46 - 2016-09-30 00:21 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-12 13:46 - 2016-09-30 00:17 - 02920960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-12 13:46 - 2016-09-30 00:12 - 04608512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-10-12 13:46 - 2016-09-30 00:11 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-10-12 13:46 - 2016-09-30 00:06 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-10-12 13:46 - 2016-09-30 00:05 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-10-12 13:46 - 2016-09-30 00:05 - 01544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-12 13:46 - 2016-09-30 00:05 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-10-12 13:46 - 2016-09-30 00:03 - 13653504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-10-12 13:46 - 2016-09-29 23:46 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-10-12 13:46 - 2016-09-29 23:43 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-10-12 13:46 - 2016-09-17 13:16 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-10-12 13:46 - 2016-09-17 12:53 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-10-12 13:46 - 2016-09-17 12:21 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-10-12 13:46 - 2016-09-17 12:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-10-12 13:46 - 2016-09-17 12:02 - 01446400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-12 13:46 - 2016-09-13 20:53 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-12 13:46 - 2016-09-13 20:53 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-12 13:46 - 2016-09-13 20:53 - 01490112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-12 13:46 - 2016-09-13 20:53 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-12 13:46 - 2016-09-12 17:03 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-10-12 13:46 - 2016-09-12 16:01 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-10-12 13:46 - 2016-09-09 09:17 - 04170752 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-10-12 13:46 - 2016-09-08 15:41 - 00121176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-10-12 13:46 - 2016-09-08 09:00 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-10-12 13:46 - 2016-09-08 09:00 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-10-12 13:46 - 2016-09-07 17:07 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-12 13:46 - 2016-09-07 16:59 - 01754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-12 13:46 - 2016-09-07 16:59 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-12 13:46 - 2016-09-07 16:57 - 01560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-12 13:46 - 2016-09-07 16:56 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-10-12 13:46 - 2016-08-31 12:22 - 03754496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-10-12 13:46 - 2016-08-31 11:33 - 02410496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-10-12 13:46 - 2016-08-25 15:50 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-10-12 13:46 - 2016-08-25 14:40 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-10-12 13:46 - 2016-08-12 19:05 - 09323008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-10-12 13:46 - 2016-08-12 19:03 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifibus.sys
2016-10-12 13:46 - 2016-08-12 19:02 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2016-10-12 13:46 - 2016-08-12 19:01 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2016-10-12 13:46 - 2016-08-12 17:35 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2016-10-12 13:46 - 2016-08-12 17:19 - 09323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-10-12 13:46 - 2016-08-12 16:47 - 15431168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-10-12 13:46 - 2016-08-12 16:17 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2016-10-12 13:46 - 2016-08-12 15:52 - 13317120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-10-12 13:46 - 2016-08-11 20:58 - 02315496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-10-12 13:46 - 2016-08-11 20:58 - 01946176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-10-12 13:46 - 2016-08-11 13:33 - 00096256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys
2016-10-12 13:46 - 2016-08-11 13:33 - 00083456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-10-12 13:46 - 2016-08-11 13:33 - 00023040 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys
2016-10-12 13:46 - 2016-08-11 12:17 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-10-12 13:46 - 2016-08-11 08:39 - 00445765 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-10-12 13:46 - 2016-08-11 00:46 - 00420184 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-12 13:46 - 2016-08-03 10:42 - 01317888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-10-12 13:46 - 2016-08-03 10:36 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2016-10-12 13:46 - 2016-08-03 10:36 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-10-12 13:46 - 2016-08-03 10:33 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-10-12 13:46 - 2016-07-30 12:12 - 02896384 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-12 13:46 - 2016-07-30 11:36 - 02537472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-10-12 13:46 - 2016-07-23 13:18 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-10-12 13:46 - 2016-07-23 13:12 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-10-12 13:45 - 2016-09-30 01:12 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-10-12 13:45 - 2016-09-30 00:32 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-10-12 13:45 - 2016-09-29 23:54 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-10-12 13:45 - 2016-09-29 23:42 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-10-12 13:45 - 2016-07-26 08:40 - 00162850 _____ C:\WINDOWS\SysWOW64\C_932.NLS
2016-10-12 13:45 - 2016-07-26 08:40 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-10-12 13:42 - 2016-10-12 13:42 - 00000069 _____ C:\Users\Jack\Desktop\Adele - Rolling in the Deep - YouTube.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-10 07:52 - 2014-11-18 18:52 - 00000919 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Update {64CEE56F-69C9-44DB-8AE8-59BC04A5EDE0}.job
2016-11-10 07:52 - 2014-11-18 18:52 - 00000733 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {64CEE56F-69C9-44DB-8AE8-59BC04A5EDE0}.job
2016-11-10 07:49 - 2016-01-10 12:29 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Skype
2016-11-10 07:39 - 2016-07-08 08:54 - 00000000 ____D C:\Users\Judy\AppData\Local\LogMeIn Hamachi
2016-11-09 23:28 - 2014-12-02 11:17 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-09 18:37 - 2014-11-18 18:37 - 00000919 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Update {A4A47B8D-17F0-4597-B6E3-496F42A3B8C9}.job
2016-11-09 18:37 - 2014-11-18 18:37 - 00000733 _____ C:\WINDOWS\Tasks\EPSON XP-410 Series Invitation {A4A47B8D-17F0-4597-B6E3-496F42A3B8C9}.job
2016-11-09 17:34 - 2015-05-06 17:42 - 00000000 ____D C:\Users\Jack\AppData\Roaming\.minecraft
2016-11-09 17:32 - 2016-03-13 18:25 - 00001047 _____ C:\Users\Jack\Desktop\nativelog.txt
2016-11-09 16:13 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2016-11-09 14:49 - 2015-03-07 10:11 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2734846572-2477187224-418570047-1004
2016-11-09 14:49 - 2015-02-23 08:15 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2734846572-2477187224-418570047-1001
2016-11-09 12:11 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 12:09 - 2013-12-25 19:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 11:53 - 2013-12-25 19:01 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 10:48 - 2014-08-10 21:15 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-09 10:03 - 2015-04-20 08:01 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-09 08:28 - 2014-12-02 11:17 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-11-09 08:28 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-09 08:28 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-08 19:59 - 2014-11-01 18:31 - 00175104 ___SH C:\Users\Jack\Desktop\Thumbs.db
2016-11-08 09:59 - 2015-10-25 14:38 - 00000000 ____D C:\Users\Judy\AppData\LocalLow\Adblock Plus for IE
2016-11-07 14:45 - 2015-03-17 14:00 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-07 13:58 - 2016-09-13 11:18 - 00003548 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2016-11-07 09:45 - 2016-02-18 10:57 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-07 09:41 - 2014-08-10 21:15 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-07 09:20 - 2014-03-13 21:00 - 00000000 ___DO C:\Users\Judy\SkyDrive
2016-11-07 09:19 - 2016-05-15 17:25 - 00034752 _____ C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2016-11-07 09:19 - 2013-12-25 07:06 - 00000074 _____ C:\Users\Judy\AppData\Roaming\sp_data.sys
2016-11-07 09:18 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-06 11:36 - 2014-02-02 11:01 - 00000000 ____D C:\Users\Judy\AppData\Local\Adobe
2016-11-06 10:00 - 2015-03-16 08:42 - 00000402 ____H C:\WINDOWS\Tasks\{A20DDB30-FBAF-4A9D-986E-E45586B755F2}.job
2016-11-05 14:02 - 2013-07-10 21:07 - 00000000 ____D C:\ProgramData\Adobe
2016-11-05 08:54 - 2015-07-07 09:46 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-11-05 07:20 - 2015-07-07 09:46 - 00003552 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-11-05 06:49 - 2013-10-21 15:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-04 13:29 - 2013-12-25 07:37 - 00000074 _____ C:\Users\Jack\AppData\Roaming\sp_data.sys
2016-11-04 08:24 - 2013-08-22 08:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-11-03 09:53 - 2013-12-25 21:49 - 00000000 ____D C:\Users\Judy
2016-11-02 20:10 - 2013-12-25 21:49 - 00000000 ____D C:\Users\Jack
2016-10-30 15:37 - 2015-05-31 14:20 - 00000000 ____D C:\Users\Jack\AppData\Local\Google
2016-10-28 15:15 - 2015-09-01 13:38 - 00002267 _____ C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-28 15:15 - 2015-09-01 13:38 - 00002237 _____ C:\Users\Jack\Desktop\Google Chrome.lnk
2016-10-28 08:17 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-10-27 20:22 - 2013-12-25 19:01 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-27 09:56 - 2016-02-07 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2016-10-27 09:56 - 2015-01-13 11:14 - 00000000 ____D C:\ProgramData\Panda Security
2016-10-27 09:48 - 2015-01-18 12:20 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Panda Security
2016-10-27 09:48 - 2015-01-13 11:20 - 00000000 ____D C:\Users\Judy\AppData\Roaming\Panda Security
2016-10-27 09:25 - 2016-07-06 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-27 09:25 - 2016-07-06 20:56 - 00000000 ____D C:\ProgramData\Oracle
2016-10-27 09:25 - 2016-07-06 20:56 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-27 09:24 - 2016-07-06 20:57 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-10-27 09:06 - 2016-07-06 20:59 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-10-27 09:04 - 2016-07-23 23:52 - 00000993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-10-27 09:04 - 2016-07-23 23:52 - 00000975 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-10-27 09:04 - 2016-07-01 19:53 - 00000894 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2016-10-27 09:04 - 2016-02-18 10:57 - 00000931 _____ C:\Users\Public\Desktop\Steam.lnk
2016-10-27 09:04 - 2016-01-10 12:28 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2016-10-27 09:04 - 2015-04-12 10:08 - 00000874 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-10-27 09:04 - 2015-02-24 10:25 - 00000872 _____ C:\Users\Public\Desktop\Savings Bond Wizard.lnk
2016-10-27 09:04 - 2015-01-06 19:59 - 00001193 _____ C:\Users\Public\Desktop\Animate It Express.lnk
2016-10-27 09:04 - 2014-11-18 18:33 - 00000942 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2016-10-27 09:04 - 2014-08-10 21:15 - 00001070 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-27 09:04 - 2014-08-04 08:34 - 00001078 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-10-27 09:04 - 2014-08-03 13:13 - 00001392 _____ C:\Users\Public\Desktop\CyberLink Media Suite 10.lnk
2016-10-27 09:04 - 2014-07-06 22:35 - 00001791 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-10-27 09:04 - 2014-03-27 07:21 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-10-27 09:04 - 2013-12-26 08:19 - 00001420 _____ C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-27 09:04 - 2013-12-25 21:51 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-27 09:04 - 2013-10-21 15:11 - 00002024 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® WiDi.lnk
2016-10-27 09:04 - 2013-10-21 15:04 - 00002074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AT Service.lnk
2016-10-27 09:04 - 2013-07-10 21:09 - 00001376 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-10-27 09:04 - 2013-07-10 21:09 - 00001307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-10-27 09:03 - 2015-02-24 10:25 - 00000884 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Savings Bond Wizard.lnk
2016-10-27 09:03 - 2014-02-17 10:38 - 00001142 _____ C:\Users\Judy\Desktop\Welcome to ASUS Product Registration.lnk
2016-10-27 08:23 - 2014-08-10 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-27 08:23 - 2014-08-10 21:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-26 18:39 - 2016-03-13 18:25 - 00000000 ____D C:\Users\Jack\Desktop\game
2016-10-25 13:58 - 2014-09-26 14:32 - 00003718 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2016-10-25 09:50 - 2014-09-26 14:32 - 00003476 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2016-10-25 09:27 - 2016-01-10 12:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-23 12:49 - 2016-07-01 19:54 - 00000000 ____D C:\Users\Jack\AppData\Local\LogMeIn Hamachi
2016-10-22 06:19 - 2016-07-06 20:58 - 00000000 ____D C:\Users\Jack\.oracle_jre_usage
2016-10-21 17:32 - 2016-09-23 21:15 - 00000000 ____D C:\Users\Jack\Documents\My Games
2016-10-21 17:20 - 2013-10-21 14:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-18 07:31 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-18 06:51 - 2014-04-04 08:14 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-10-16 16:09 - 2016-02-18 21:23 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-10-15 21:47 - 2013-12-25 07:37 - 00000000 ____D C:\Users\Jack\AppData\Local\VirtualStore
2016-10-13 14:52 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2016-10-13 09:10 - 2014-01-23 12:09 - 00000000 ____D C:\WINDOWS\Minidump
2016-10-12 18:48 - 2013-08-22 09:44 - 00528104 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-12 18:39 - 2014-12-15 06:01 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-12 18:39 - 2014-07-14 19:22 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-10-12 18:39 - 2013-08-22 10:36 - 00000000 ___RD C:\WINDOWS\ToastData

==================== Files in the root of some directories =======

2013-12-26 09:35 - 2013-12-26 09:35 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2014-02-27 23:06 - 2014-02-27 23:06 - 0000021 _____ () C:\Users\Judy\AppData\Roaming\my_intel.sys
2013-12-25 07:06 - 2016-11-07 09:19 - 0000074 _____ () C:\Users\Judy\AppData\Roaming\sp_data.sys
2014-02-27 22:35 - 2014-08-03 15:28 - 0005632 _____ () C:\Users\Judy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-03-19 13:32 - 2013-03-19 13:32 - 0010011 _____ () C:\ProgramData\regid.2012-01.com.intel.discover-at_512FCF1B-3685-45F2-A1E9-63AEF7F79B35.swidtag
2013-07-10 21:06 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-07-10 21:06 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-07-10 21:06 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2014-08-10 22:45 - 2014-08-10 22:45 - 0032618 _____ () C:\ProgramData\xportnchk.ini

Files to move or delete:
====================
C:\Windows\Tasks\{A20DDB30-FBAF-4A9D-986E-E45586B755F2}.job


Some files in TEMP:
====================
C:\Users\Jack\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Jack\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jack\AppData\Local\Temp\vsredistsetup.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-09 09:50

==================== End of FRST.txt ============================
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Attached Files



#15 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:07 AM

Posted 10 November 2016 - 09:34 AM

Your log shows a lot of (group) policies, did you make those settings:

HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-10-25] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [NoStartMenuSubFolders] 0

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users