Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MAchine running erratically. Chrome opening new tabs/windows/redirects randomly.


  • Please log in to reply
2 replies to this topic

#1 rmhuntley

rmhuntley

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hillsboro, OR
  • Local time:03:32 AM

Posted 22 January 2017 - 09:37 PM

Recently I've noticed that chrome will open a new tab anytime I click on a page. IE also refuses to search for anything or go to any links, 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by Me (administrator) on R-DESKTOP (22-01-2017 18:12:55)
Running from C:\Users\Roy Huntley\Downloads
Loaded Profiles: Roy Huntley & C (Available Profiles: Roy Huntley & Admin & Mcx1-ROYHUNTLEY-HP & C & Mcx2-R-DESKTOP & Kids & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(HP) C:\Program Files (x86)\Hp\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7714.42031.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7714.42031.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM\...\Run: [lammers] => "C:\Program Files (x86)\Garble\insipid.exe"
HKLM\...\Run: [lammerslammers] => "C:\Program Files (x86)\Cutworm\insipid.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499896 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960248 2015-10-26] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112200 2016-11-11] (VMware, Inc.)
HKLM-x32\...\Run: [MapsGalaxy] => C:\Users\Roy Huntley\AppData\Local\Temp\333828\ic-0.21f1cc110923dc.exe [974352 2017-01-16] () <===== ATTENTION
HKLM-x32\...\Run: [unintelligent] => "C:\Program Files (x86)\Garble\insipid.exe"
HKLM-x32\...\Run: [unintelligentunintelligent] => "C:\Program Files (x86)\Cutworm\insipid.exe"
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [Google Update] => C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-28] ()
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [Dropbox Update] => C:\Users\Roy Huntley\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [uTorrent] => C:\Users\Roy Huntley\AppData\Roaming\uTorrent\uTorrent.exe [1979072 2016-12-19] (BitTorrent Inc.)
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1046064 2017-01-04] ()
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [charcoals] => "C:\Program Files (x86)\Garble\insipid.exe"
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [charcoalscharcoals] => "C:\Program Files (x86)\Cutworm\insipid.exe"
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [brousseau] => "C:\Program Files (x86)\Garble\insipid.exe"
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [brousseaubrousseau] => "C:\Program Files (x86)\Cutworm\insipid.exe"
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [weta] => "C:\Program Files (x86)\ono\weta.exe"
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [vive] => "C:\Program Files (x86)\Garble\insipid.exe"
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\RunOnce: [Uninstall C:\Users\Roy Huntley\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Roy Huntley\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64"
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\RunOnce: [Uninstall C:\Users\Roy Huntley\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Roy Huntley\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1"
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\RunOnce: [Uninstall C:\Users\Roy Huntley\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Roy Huntley\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\MountPoints2: {73339764-a470-11e6-9da9-2c27d71a8251} - "F:\INSTALL\SETUP.EXE"
HKU\S-1-5-21-1890039412-520281353-3741268676-1008\...\Run: [DAEMON Tools Lite] => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1890039412-520281353-3741268676-1008\...\Run: [Google Update] => C:\Users\C\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1890039412-520281353-3741268676-1008\...\MountPoints2: {73339764-a470-11e6-9da9-2c27d71a8251} - "F:\vs_enterprise.exe"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Roy Huntley\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Roy Huntley\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Roy Huntley\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roy Huntley\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roy Huntley\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roy Huntley\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roy Huntley\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Roy Huntley\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Roy Huntley\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Roy Huntley\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roy Huntley\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roy Huntley\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Roy Huntley\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-02-04]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk [2016-01-25]
ShortcutTarget: Universal Media Server.lnk -> C:\Program Files (x86)\Universal Media Server\UMS.exe (Universal Media Server)
Startup: C:\Users\C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-08-18]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Roy Huntley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-27]
ShortcutTarget: Dropbox.lnk -> C:\Users\Roy Huntley\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Roy Huntley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-05-20]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Roy Huntley\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\Roy Huntley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pentathlon.lnk [2017-01-16]
ShortcutTarget: pentathlon.lnk -> C:\Program Files (x86)\Garble\insipid.exe (No File)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0e50d84c-5998-4504-a16b-615974bb470e}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{67e57d6c-2aa7-41f7-9170-f42fe86e7ef0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{68479f98-14c0-49bb-b98a-6c3e142fe7e4}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{68479f98-14c0-49bb-b98a-6c3e142fe7e4}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{7c160b3a-5445-4256-9fc0-e44e6feddd46}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{85042c5c-e5a4-477d-892f-16aa5a7d3d8c}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8cf3d788-df1c-4e67-865e-a8d45a39dc55}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{d9c051ce-38d7-45c4-bd47-af6a35d386c9}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{e61be3d9-bb4e-4cc5-b2dc-3e4937333dbc}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{e61be3d9-bb4e-4cc5-b2dc-3e4937333dbc}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKU\S-1-5-21-1890039412-520281353-3741268676-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-1890039412-520281353-3741268676-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {DEC43A78-825B-457A-A231-B2B25B8E119D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {FF8812AD-9042-42EB-ADEE-B7A0BF35E4DC} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1890039412-520281353-3741268676-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1890039412-520281353-3741268676-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1890039412-520281353-3741268676-1008 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1890039412-520281353-3741268676-1008 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-1890039412-520281353-3741268676-1008 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-12-06] (HP Inc.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-10-26] (Wondershare)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll [2014-08-26] (PasswordBox, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-13] (Oracle Corporation)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-13] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-12-06] (HP Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1890039412-520281353-3741268676-1008 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-1890039412-520281353-3741268676-1008 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF DefaultProfile: cvccge2f.default
FF ProfilePath: C:\Users\Roy Huntley\AppData\Roaming\TomTom\HOME\Profiles\nmt2817y.default [2016-01-18]
FF Extension: (Emulator) - C:\Users\Roy Huntley\AppData\Roaming\TomTom\HOME\Profiles\nmt2817y.default\Extensions\Navcore.9.061.576030@tomtom.com [2016-01-18] [not signed]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2016-01-18] [not signed]
FF ProfilePath: C:\Users\Roy Huntley\AppData\Roaming\Mozilla\SeaMonkey\Profiles\cvccge2f.default [2017-01-17]
FF Extension: (DOM Inspector) - C:\Users\Roy Huntley\AppData\Roaming\Mozilla\SeaMonkey\Profiles\cvccge2f.default\Extensions\inspector@mozilla.org [2015-02-12] [not signed]
FF Extension: (ChatZilla) - C:\Users\Roy Huntley\AppData\Roaming\Mozilla\SeaMonkey\Profiles\cvccge2f.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2015-02-12] [not signed]
FF ProfilePath: C:\Users\Roy Huntley\AppData\Roaming\Mozilla\Firefox\Profiles\t1wtxqte.default [2017-01-22]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\t1wtxqte.default -> Google
FF Extension: (Fast search) - C:\Users\Roy Huntley\AppData\Roaming\Mozilla\Firefox\Profiles\t1wtxqte.default\Extensions\amcontextmenu@loucypher [2017-01-16]
FF Extension: (Video DownloadHelper) - C:\Users\Roy Huntley\AppData\Roaming\Mozilla\Firefox\Profiles\t1wtxqte.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-01-02]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-02-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: (PasswordBox) - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-08-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2016-05-24] [not signed]
FF HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-13] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll [2011-10-26] (Millisecond Software)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-01-28] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-02-17] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1890039412-520281353-3741268676-1000: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll [2011-10-26] (Millisecond Software)
FF Plugin HKU\S-1-5-21-1890039412-520281353-3741268676-1000: @nsroblox.roblox.com/launcher -> C:\Users\Roy Huntley\AppData\Local\Roblox\Versions\version-d0c46c562fb34e08\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1890039412-520281353-3741268676-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Roy Huntley\AppData\Local\Roblox\Versions\version-d0c46c562fb34e08\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1890039412-520281353-3741268676-1000: @stonetrip.com/ShiVaWebPlayer,version=1.8.1.0 -> C:\Users\Roy Huntley\AppData\LocalLow\StoneTrip\WebPlayer1.8.1\npShiVa3D_1.8.1.dll [2010-03-04] (Stonetrip)
FF Plugin HKU\S-1-5-21-1890039412-520281353-3741268676-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Roy Huntley\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1890039412-520281353-3741268676-1000: @talk.google.com/O1DPlugin -> C:\Users\Roy Huntley\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1890039412-520281353-3741268676-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1890039412-520281353-3741268676-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1890039412-520281353-3741268676-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Roy Huntley\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1890039412-520281353-3741268676-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-01-28] (Pando Networks)
FF Plugin HKU\S-1-5-21-1890039412-520281353-3741268676-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [2013-05-05] (The Happy Cloud)
FF Plugin HKU\S-1-5-21-1890039412-520281353-3741268676-1008: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll [No File]
FF Plugin HKU\S-1-5-21-1890039412-520281353-3741268676-1008: @talk.google.com/GoogleTalkPlugin -> C:\Users\C\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1890039412-520281353-3741268676-1008: @talk.google.com/O1DPlugin -> C:\Users\C\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1890039412-520281353-3741268676-1008: @tools.google.com/Google Update;version=3 -> C:\Users\C\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1890039412-520281353-3741268676-1008: @tools.google.com/Google Update;version=9 -> C:\Users\C\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013-06-26] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Roy Huntley\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Roy Huntley\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://search.conduit.com/?ctid=CT3309350&SearchSource=48&CUI=UN19845586419159290&UM=2","hxxp://mysearch.avg.com?cid={C28D9D64-AE33-4C47-8B3E-A50433C744AF}&mid=6e88976d4a9847d0bcdad16f13aca389-0fd92c6cea6536e866d1791b444f16886ad5590e&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-06 08:26:02&v=18.1.9.799&pid=safeguard&sg=0&sap=hp"
CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\WidevineCdm\_platform_specific\win_x64\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\pepflashplayer64_24_0_0_194.dll ()
CHR Profile: C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default [2017-01-21]
CHR Extension: (Google Slides) - C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-16]
CHR Extension: (Google Docs) - C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-16]
CHR Extension: (Google Drive) - C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-13]
CHR Extension: (YouTube) - C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Bookmarks Organizer) - C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjdenbocfdbjohomdaojaokiffjbnaca [2016-12-07]
CHR Extension: (Google Search) - C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-13]
CHR Extension: (Adobe Acrobat) - C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-09]
CHR Extension: (Google Sheets) - C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-16]
CHR Extension: (iCloud Bookmarks) - C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2016-01-29]
CHR Extension: (Google Docs Offline) - C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-12-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-13]
CHR HKU\S-1-5-21-1890039412-520281353-3741268676-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-05-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-01-10] (Microsoft Corporation)
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-02-27] (WildTangent)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-08] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-03-29] (Nalpeiron Ltd.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119176 2017-01-13] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2181648 2017-01-13] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1317104 2017-01-04] (Overwolf LTD)
S4 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2015-11-19] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S4 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12472904 2016-11-11] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)
S3 ArcService; G:\Neverwinter\Arc\ArcService.exe [X]
S2 GTFAVENUE Updater; C:\Program Files (x86)\GTFAVENUE Updater\GTFAVENUE Updater.exe [X]
S2 WindowService; "C:\Users\Roy Huntley\AppData\Local\Temp\WS\WindowService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
S3 CpqDfw; C:\WINDOWS\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 cqcpu; C:\WINDOWS\System32\drivers\cqcpu.sys [24376 2010-03-01] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-01-16] (Malwarebytes)
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-29] (Realtek                                            )
R3 SensorsSimulatorDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [216064 2015-10-29] (Microsoft Corporation)
S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX64.sys [57312 2008-06-14] (Ray Hinchliffe)
U5 usbfilter; C:\Windows\System32\Drivers\usbfilter.sys [38456 2009-12-22] (Advanced Micro Devices)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131096 2016-11-23] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [203856 2016-11-23] (Oracle Corporation)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
S3 DisplayLinkUsbIo_x64; \SystemRoot\system32\DRIVERS\DisplayLinkUsbIo_x64_7.9.1589.0.sys [X]
U4 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-22 18:12 - 2017-01-22 18:14 - 00046706 _____ C:\Users\Roy Huntley\Downloads\FRST.txt
2017-01-22 18:12 - 2017-01-22 18:12 - 00000000 ____D C:\FRST
2017-01-22 18:11 - 2017-01-22 18:11 - 00243552 _____ C:\Users\Roy Huntley\Downloads\Firefox Setup Stub 50.1.0.exe
2017-01-22 17:01 - 2017-01-22 17:01 - 00002692 _____ C:\Users\Roy Huntley\Desktop\JRT.txt
2017-01-22 16:50 - 2017-01-22 16:53 - 01663040 _____ (Malwarebytes) C:\Users\Roy Huntley\Downloads\JRT.exe
2017-01-22 16:49 - 2017-01-22 16:49 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Roy Huntley\Downloads\rkill.exe
2017-01-22 16:47 - 2017-01-22 18:12 - 02420736 _____ (Farbar) C:\Users\Roy Huntley\Downloads\FRST64.exe
2017-01-22 16:45 - 2017-01-22 16:45 - 07801424 _____ (Tweaking.com) C:\Users\Roy Huntley\Downloads\tweaking.com_hardware_identify_setup.exe
2017-01-22 16:43 - 2017-01-22 17:04 - 02915320 _____ (Google) C:\Users\Roy Huntley\Downloads\chrome_cleanup_tool.exe
2017-01-22 12:31 - 2017-01-22 12:31 - 01146368 _____ (Microsoft Corporation) C:\Users\Roy Huntley\AppData\Roaming\GoogleInc.exe
2017-01-21 09:08 - 2017-01-21 12:08 - 00055007 _____ C:\WINDOWS\system32\avgrep.txt
2017-01-21 09:06 - 2017-01-21 09:06 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-21 09:05 - 2017-01-21 09:08 - 00231358 _____ C:\WINDOWS\ntbtlog.txt
2017-01-18 19:23 - 2017-01-18 19:23 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2017-01-18 19:23 - 2017-01-18 19:23 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2017-01-17 19:41 - 2017-01-17 19:41 - 00000000 ____D C:\Users\C\AppData\Roaming\AVG
2017-01-17 19:36 - 2017-01-17 19:36 - 00000000 ____D C:\Users\C\AppData\Local\CEF
2017-01-17 19:35 - 2017-01-18 19:21 - 00000000 ____D C:\Users\C\AppData\Local\Avg
2017-01-17 17:58 - 2017-01-17 17:58 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\AVG
2017-01-17 17:55 - 2017-01-18 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-01-17 17:55 - 2017-01-17 17:55 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\TuneUp Software
2017-01-17 17:50 - 2017-01-17 17:50 - 00000000 ___HD C:\$AVG
2017-01-17 17:45 - 2017-01-22 08:14 - 00000000 ____D C:\ProgramData\MFAData
2017-01-17 17:45 - 2017-01-17 17:45 - 00000000 ____D C:\Users\Roy Huntley\AppData\Local\MFAData
2017-01-17 17:42 - 2017-01-21 23:12 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-01-17 17:42 - 2017-01-17 17:46 - 00000000 ____D C:\Program Files (x86)\AVG
2017-01-17 17:41 - 2017-01-18 19:21 - 00000000 ____D C:\Users\Roy Huntley\AppData\Local\Avg
2017-01-17 17:41 - 2017-01-17 17:50 - 00000000 ____D C:\ProgramData\Avg
2017-01-17 17:41 - 2017-01-17 17:44 - 00000000 ____D C:\Users\Roy Huntley\AppData\Local\AvgSetupLog
2017-01-17 17:41 - 2017-01-17 17:41 - 03312000 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Roy Huntley\Downloads\AVG_Antivirus_Free_692.exe
2017-01-17 14:25 - 2017-01-21 01:22 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-17 14:25 - 2017-01-17 14:25 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-17 13:47 - 2017-01-17 13:47 - 00000000 __SHD C:\found.003
2017-01-17 13:21 - 2017-01-22 13:11 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\dclogs
2017-01-17 13:09 - 2017-01-16 15:52 - 00000324 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170117-130948.backup
2017-01-17 02:12 - 2017-01-17 02:12 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-17 01:43 - 2017-01-17 01:43 - 01200744 _____ (Adobe Systems Incorporated) C:\Users\Roy Huntley\Downloads\flashplayer24pp_xa_install.exe
2017-01-17 01:43 - 2017-01-17 01:43 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-01-17 01:42 - 2017-01-17 02:12 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-17 01:42 - 2017-01-17 01:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-01-17 01:42 - 2017-01-17 01:42 - 00000000 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-01-17 01:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-01-17 01:39 - 2017-01-17 01:41 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Roy Huntley\Downloads\spybot-2.4.exe
2017-01-17 01:27 - 2017-01-17 13:11 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-17 01:27 - 2017-01-17 01:46 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2017-01-17 01:06 - 2017-01-17 01:26 - 16409960 _____ (Safer Networking Limited ) C:\Users\Roy Huntley\Downloads\spybotsd162.exe
2017-01-16 19:36 - 2017-01-22 14:45 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A587E0E9-D527-4AD7-B209-66D16134FED4}
2017-01-16 17:43 - 2017-01-16 17:43 - 00000258 __RSH C:\Users\C\ntuser.pol
2017-01-16 17:17 - 2017-01-16 17:17 - 00000000 ____D C:\Users\Admin\AppData\Local\Comms
2017-01-16 17:03 - 2017-01-16 17:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2017-01-16 17:02 - 2017-01-16 17:04 - 00002406 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-16 17:02 - 2017-01-16 17:04 - 00000000 ___RD C:\Users\Admin\OneDrive
2017-01-16 16:58 - 2017-01-16 16:58 - 00000258 __RSH C:\Users\Admin\ntuser.pol
2017-01-16 16:09 - 2017-01-16 16:09 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\0F426646.sys
2017-01-16 15:56 - 2017-01-16 15:56 - 00001114 _____ C:\Users\Roy Huntley\Desktop\Install Setup.lnk
2017-01-16 15:55 - 2017-01-16 15:55 - 00021578 _____ C:\WINDOWS\System32\Tasks\GTFAVENUE
2017-01-16 15:55 - 2017-01-16 15:55 - 00000195 _____ C:\Users\Roy Huntley\Desktop\Amazon.url
2017-01-16 15:55 - 2017-01-16 15:55 - 00000000 ____D C:\Users\Roy Huntley\AppData\Local\Shortcut Installer
2017-01-16 15:54 - 2017-01-16 15:55 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\Interstatnogui
2017-01-16 15:52 - 2017-01-16 15:53 - 00003864 _____ C:\WINDOWS\System32\Tasks\k74833565
2017-01-16 15:52 - 2017-01-16 15:53 - 00003858 _____ C:\WINDOWS\System32\Tasks\64509409
2017-01-16 15:52 - 2017-01-16 15:53 - 00003850 _____ C:\WINDOWS\System32\Tasks\74833565
2017-01-16 15:52 - 2017-01-16 15:53 - 00003848 _____ C:\WINDOWS\System32\Tasks\14733305
2017-01-16 15:52 - 2017-01-16 15:53 - 00003738 _____ C:\WINDOWS\System32\Tasks\gak74833565k74833565
2017-01-16 15:52 - 2017-01-16 15:53 - 00003730 _____ C:\WINDOWS\System32\Tasks\ga6450940964509409
2017-01-16 15:52 - 2017-01-16 15:53 - 00003722 _____ C:\WINDOWS\System32\Tasks\ga7483356574833565
2017-01-16 15:52 - 2017-01-16 15:53 - 00003720 _____ C:\WINDOWS\System32\Tasks\ga1473330514733305
2017-01-16 15:52 - 2017-01-16 15:52 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\Note-UP
2017-01-16 15:50 - 2017-01-16 15:57 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-01-16 15:47 - 2017-01-16 17:08 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-16 15:47 - 2017-01-16 15:47 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\AGData
2017-01-16 15:47 - 2017-01-16 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
2017-01-16 15:42 - 2017-01-16 17:08 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-16 15:42 - 2017-01-16 15:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-01-16 15:42 - 2017-01-16 15:42 - 00000258 __RSH C:\Users\Roy Huntley\ntuser.pol
2017-01-16 15:08 - 2017-01-16 15:08 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Karmacoin
2017-01-16 15:08 - 2017-01-16 15:08 - 00000000 ____D C:\Users\Admin\AppData\Roaming\GoldCoin (GLD)
2017-01-16 15:03 - 2017-01-16 15:03 - 00000000 ____D C:\Users\Admin\AppData\Local\Publishers
2017-01-16 15:03 - 2017-01-16 15:03 - 00000000 ____D C:\Users\Admin\AppData\Local\ActiveSync
2017-01-16 15:01 - 2017-01-16 17:17 - 00000000 ____D C:\Users\Admin\AppData\Local\Packages
2017-01-16 15:01 - 2017-01-16 15:01 - 00000020 ___SH C:\Users\Admin\ntuser.ini
2017-01-16 15:01 - 2017-01-16 15:01 - 00000000 ____D C:\Users\Admin\AppData\Local\TileDataLayer
2017-01-15 16:20 - 2017-01-15 16:21 - 00000000 ___HD C:\$WINDOWS.~BT
2017-01-15 16:20 - 2017-01-15 16:21 - 00000000 ____D C:\WINDOWS\Panther
2017-01-15 16:03 - 2016-12-21 01:01 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-15 16:03 - 2016-12-21 01:01 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-01-15 16:03 - 2016-12-21 00:25 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-01-15 16:03 - 2016-12-20 23:18 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-01-15 16:03 - 2016-12-20 22:56 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-01-15 16:03 - 2016-12-20 21:41 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-01-15 16:03 - 2016-12-20 21:39 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-15 16:03 - 2016-12-20 21:15 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-15 16:03 - 2016-12-20 21:06 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-01-15 16:03 - 2016-12-20 21:03 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-15 16:03 - 2016-12-20 20:48 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-15 16:03 - 2016-11-22 01:30 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2017-01-15 16:03 - 2016-11-22 01:15 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2017-01-15 16:03 - 2016-11-22 00:35 - 03293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2017-01-15 16:03 - 2016-11-22 00:10 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2017-01-15 16:03 - 2016-11-21 23:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2017-01-15 16:03 - 2016-11-21 23:26 - 02470912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2017-01-15 16:03 - 2016-10-24 22:55 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-01-15 16:03 - 2016-10-24 22:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2017-01-15 16:03 - 2016-10-24 22:43 - 01073664 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2017-01-15 16:03 - 2016-10-24 22:43 - 00727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2017-01-15 16:03 - 2016-10-24 22:39 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2017-01-15 16:03 - 2016-10-24 22:29 - 05667840 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-01-15 16:03 - 2016-10-24 22:26 - 05562880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2017-01-15 16:03 - 2016-10-24 22:08 - 08574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2017-01-15 16:03 - 2016-10-24 21:39 - 00763904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll
2017-01-15 16:03 - 2016-10-24 21:39 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll
2017-01-15 16:03 - 2016-10-24 21:36 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe
2017-01-15 16:03 - 2016-10-24 21:30 - 04533760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-01-15 16:03 - 2016-10-24 21:27 - 04445696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe
2017-01-15 16:03 - 2016-10-24 21:15 - 06584832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll
2017-01-15 16:03 - 2016-09-06 20:32 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2017-01-15 16:03 - 2016-09-06 20:28 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll
2017-01-15 16:03 - 2016-09-06 20:11 - 01064960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll
2017-01-15 16:03 - 2016-06-30 19:46 - 00180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2017-01-15 16:03 - 2016-06-30 19:29 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll
2017-01-15 16:03 - 2016-06-30 19:29 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll
2017-01-15 16:03 - 2016-06-30 19:24 - 01001984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2017-01-15 16:03 - 2016-06-30 19:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2017-01-15 16:03 - 2015-11-12 21:57 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2017-01-15 16:03 - 2015-11-12 21:31 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll
2017-01-15 13:17 - 2017-01-15 14:46 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\Creatio
2017-01-15 13:15 - 2017-01-15 13:15 - 00000000 ____D C:\Users\Roy Huntley\Downloads\CreatioWinQt
2017-01-15 13:13 - 2017-01-15 13:13 - 03271347 _____ C:\Users\Roy Huntley\Downloads\cgminer-3.7.2-windows.rar
2017-01-15 13:09 - 2017-01-15 13:10 - 10664624 _____ C:\Users\Roy Huntley\Downloads\Mooncoin-qt.zip
2017-01-15 12:45 - 2017-01-15 12:45 - 38197464 _____ C:\Users\Roy Huntley\Downloads\CreatioWinQt.zip
2017-01-15 11:34 - 2017-01-15 11:34 - 01335296 _____ C:\Users\Roy Huntley\AppData\Roaming\AdobeReaderUpdate.exe
2017-01-14 22:03 - 2017-01-22 13:13 - 00000000 ____D C:\Users\Roy Huntley\AppData\LocalLow\uTorrent
2017-01-14 16:28 - 2017-01-14 16:28 - 00000000 ____D C:\ProgramData\Orbit
2017-01-13 14:19 - 2017-01-13 14:19 - 00000000 __SHD C:\found.001
2017-01-12 15:58 - 2017-01-12 15:58 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\Boole & Partners
2017-01-12 15:58 - 2017-01-12 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boole & Partners
2017-01-12 15:58 - 2017-01-12 15:58 - 00000000 ____D C:\ProgramData\Boole & Partners
2017-01-12 15:58 - 2017-01-12 15:58 - 00000000 ____D C:\Program Files (x86)\Boole & Partners
2017-01-12 14:12 - 2017-01-12 14:12 - 00002181 _____ C:\Users\Roy Huntley\Desktop\Assassin's Creed III - Digital Deluxe Edition.lnk
2017-01-12 14:11 - 2017-01-12 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-01-12 13:44 - 2017-01-12 13:44 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-01-12 10:28 - 2017-01-12 10:28 - 02834619 _____ C:\WINDOWS\786587306f53ea933061dba3e454ba04.exe
2017-01-12 00:57 - 2017-01-18 18:39 - 00000000 ____D C:\Users\C\AppData\Local\Deployment
2017-01-12 00:57 - 2017-01-12 00:57 - 00000000 ____D C:\Users\C\AppData\Local\Apps\2.0
2017-01-12 00:44 - 2017-01-14 21:14 - 00000000 ____D C:\Program Files\DisplayLink Graphics
2017-01-11 20:29 - 2017-01-11 20:29 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-10 23:34 - 2017-01-10 23:34 - 00001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-01-10 23:22 - 2017-01-10 23:22 - 00000000 ____D C:\ProgramData\Microsoft Visual Studio
2017-01-10 23:20 - 2017-01-10 23:20 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\NuGet
2017-01-10 22:47 - 2017-01-10 22:47 - 00000000 ____D C:\Users\Roy Huntley\AppData\Local\GitHubVisualStudio
2017-01-10 22:46 - 2017-01-10 22:46 - 00000000 ____D C:\Users\Roy Huntley\.dnx
2017-01-10 22:45 - 2017-01-10 22:45 - 00000000 ____D C:\Users\Roy Huntley\AppData\Local\Xamarin
2017-01-10 22:45 - 2017-01-10 22:45 - 00000000 ____D C:\ProgramData\MonoTouch
2017-01-10 22:45 - 2017-01-10 22:45 - 00000000 ____D C:\ProgramData\Mono for Android
2017-01-10 21:52 - 2017-01-10 23:22 - 00000000 ____D C:\Users\Roy Huntley\Documents\Visual Studio 2015
2017-01-10 21:30 - 2017-01-21 22:18 - 00000000 ____D C:\Users\Roy Huntley\AppData\Local\VSIXInstaller
2017-01-10 21:22 - 2017-01-10 21:23 - 00000000 ____D C:\ProgramData\Monodoc
2017-01-10 21:22 - 2017-01-10 21:22 - 00000000 ____D C:\Program Files (x86)\Xamarin
2017-01-10 21:19 - 2017-01-10 21:19 - 00000000 ____D C:\ProgramData\VsTelemetry
2017-01-10 21:14 - 2017-01-10 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2017-01-10 21:14 - 2017-01-10 21:14 - 00000000 ____D C:\ProgramData\Git
2017-01-10 21:13 - 2017-01-10 21:14 - 00000000 ____D C:\Program Files\Git
2017-01-10 21:12 - 2017-01-10 21:12 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js
2017-01-10 21:12 - 2017-01-10 21:12 - 00000000 ____D C:\Program Files (x86)\nodejs
2017-01-10 20:15 - 2017-01-10 20:40 - 00000000 ____D C:\Users\Roy Huntley\.android
2017-01-10 20:06 - 2017-01-10 20:06 - 00000000 ____D C:\ProgramData\Windows App Certification Kit
2017-01-10 20:06 - 2017-01-10 20:06 - 00000000 ____D C:\Program Files\Application Verifier
2017-01-10 20:06 - 2017-01-10 20:06 - 00000000 ____D C:\Program Files (x86)\Application Verifier
2017-01-10 19:59 - 2017-01-10 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android SDK Tools
2017-01-10 19:58 - 2017-01-10 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-01-10 19:58 - 2017-01-10 19:58 - 00000000 ____D C:\Program Files (x86)\Android
2017-01-10 19:53 - 2017-01-10 19:53 - 00371912 _____ C:\Users\C\Documents\Roy Huntley Contact.pdf
2017-01-10 19:53 - 2017-01-10 19:53 - 00102814 _____ C:\Users\C\Documents\PPSpaystub.pdf
2017-01-10 19:47 - 2017-01-10 19:47 - 00000000 ____D C:\Program Files\Windows Identity Foundation
2017-01-10 19:47 - 2017-01-10 19:47 - 00000000 ____D C:\Program Files\Microsoft Identity Extensions
2017-01-10 19:46 - 2017-01-10 19:46 - 00000000 ____D C:\Program Files\SharePoint Client Components
2017-01-10 19:37 - 2017-01-21 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-01-10 19:34 - 2017-01-10 19:34 - 00000000 ____D C:\ProgramData\Microsoft DNX
2017-01-10 19:30 - 2017-01-21 21:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2017-01-10 19:28 - 2017-01-10 19:28 - 00000000 ____D C:\Program Files\IIS Express
2017-01-10 19:28 - 2017-01-10 19:28 - 00000000 ____D C:\Program Files (x86)\IIS Express
2017-01-10 19:27 - 2017-01-10 19:27 - 00000000 ____D C:\Program Files\IIS
2017-01-10 19:27 - 2017-01-10 19:27 - 00000000 ____D C:\Program Files (x86)\IIS
2017-01-10 19:23 - 2017-01-21 21:58 - 00000000 ____D C:\Program Files (x86)\Windows Phone Kits
2017-01-10 19:18 - 2017-01-21 22:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-01-10 19:11 - 2017-01-10 19:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2017-01-10 19:06 - 2015-10-29 20:12 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll
2017-01-10 19:06 - 2015-10-29 20:12 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll
2017-01-10 19:06 - 2015-10-29 19:38 - 00369152 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2017-01-10 19:06 - 2015-10-29 19:37 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll
2017-01-10 19:06 - 2015-10-29 19:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2017-01-10 19:06 - 2015-10-29 19:36 - 00349184 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2017-01-10 19:06 - 2015-10-29 19:35 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXGIDebug.dll
2017-01-10 19:06 - 2015-10-29 19:35 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll
2017-01-10 19:06 - 2015-10-29 19:34 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll
2017-01-10 19:06 - 2015-10-29 19:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll
2017-01-10 19:06 - 2015-10-29 19:12 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2017-01-10 19:04 - 2017-01-21 22:30 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2017-01-10 19:04 - 2017-01-10 19:40 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2017-01-10 19:04 - 2017-01-10 19:40 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-01-10 18:57 - 2017-01-21 22:39 - 00000000 ____D C:\WINDOWS\system32\1033
2017-01-10 18:57 - 2017-01-10 18:57 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SensorsSimulatorDriver_01_11_00.Wdf
2017-01-10 18:55 - 2017-01-21 22:31 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2017-01-10 18:55 - 2017-01-21 22:31 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-01-10 18:17 - 2017-01-10 18:17 - 00000000 ____D C:\Users\Roy Huntley\Downloads\Microsoft Visual Studio 2015.1 Enterprise 14.0.24720 (x86x64)
2017-01-09 23:46 - 2017-01-09 23:46 - 00000000 ____D C:\Users\Roy Huntley\Downloads\Chummer5.188.0
2017-01-09 23:43 - 2017-01-09 23:46 - 00000000 ____D C:\Users\Roy Huntley\AppData\Local\Chummer_for_4th_edition_b
2017-01-09 23:42 - 2017-01-09 23:43 - 00000000 ____D C:\Users\Roy Huntley\Desktop\Chummer5
2017-01-09 23:41 - 2017-01-09 23:42 - 04064598 _____ C:\Users\Roy Huntley\Downloads\Chummer5.188.0.zip
2017-01-07 16:11 - 2017-01-07 16:14 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-01-07 16:11 - 2017-01-07 16:11 - 00000910 _____ C:\Users\Roy Huntley\Desktop\The Witcher 3 Wild Hunt.lnk
2017-01-07 15:07 - 2017-01-07 15:07 - 00002306 _____ C:\Users\Roy Huntley\Desktop\Discord.lnk
2017-01-07 15:07 - 2017-01-07 15:07 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-01-07 15:06 - 2017-01-07 15:08 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\discord
2017-01-07 15:06 - 2017-01-07 15:07 - 00000000 ____D C:\Users\Roy Huntley\AppData\Local\SquirrelTemp
2017-01-07 15:06 - 2017-01-07 15:07 - 00000000 ____D C:\Users\Roy Huntley\AppData\Local\Discord
2017-01-06 17:19 - 2017-01-06 17:29 - 00000000 ____D C:\Users\Roy Huntley\Desktop\New folder
2017-01-05 23:11 - 2017-01-05 23:11 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reddcoin Core
2017-01-05 23:11 - 2017-01-05 23:11 - 00000000 ____D C:\Program Files\Reddcoin
2017-01-03 06:52 - 2017-01-03 07:24 - 01102336 _____ (Microsoft Corporation) C:\Users\Roy Huntley\AppData\Roaming\Nxupdater.exe
2017-01-02 22:53 - 2017-01-17 21:34 - 00000000 ____D C:\Claymore
2017-01-02 22:27 - 2017-01-04 18:00 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\bytecoin
2016-12-31 23:37 - 2016-12-31 23:37 - 00000000 ____D C:\Users\C\AppData\LocalLow\Nvizzio Creations
2016-12-31 23:28 - 2016-12-31 23:28 - 00000000 ____D C:\Users\Roy Huntley\AppData\LocalLow\Nvizzio Creations
2016-12-31 21:44 - 2016-12-31 21:44 - 00000000 ____D C:\Program Files (x86)\Nvizzio Creations
2016-12-31 21:32 - 2016-12-31 21:32 - 00000000 ____D C:\Users\Roy Huntley\Downloads\rufus_files
2016-12-31 19:09 - 2016-12-31 19:09 - 00003680 _____ C:\WINDOWS\System32\Tasks\uqxzod
2016-12-31 19:09 - 2016-12-31 19:09 - 00000000 __SHD C:\Users\Roy Huntley\uqxzod
2016-12-31 19:09 - 2015-10-29 23:19 - 00045216 ___SH (Microsoft Corporation) C:\Users\Roy Huntley\RegSvcs.exe
2016-12-28 17:20 - 2016-12-28 17:20 - 07181202 _____ C:\Users\Roy Huntley\Documents\breadmaker[3588].pdf
2016-12-28 09:39 - 2016-12-28 09:39 - 00000000 ____D C:\Users\C\AppData\Roaming\hpqLog
2016-12-27 22:32 - 2016-12-27 22:32 - 00008996 _____ C:\Users\Roy Huntley\Documents\keith spreadsheet.xlsx
2016-12-27 09:39 - 2016-12-27 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-12-27 09:30 - 2016-12-27 09:34 - 00000000 ____D C:\Users\Kids\AppData\Roaming\hpqLog
2016-12-26 22:10 - 2016-12-26 22:10 - 00000000 ____D C:\Users\Roy Huntley\Downloads\C For Dummies(4 Books)BBS
2016-12-26 22:03 - 2016-12-26 22:06 - 00000000 ____D C:\Users\Roy Huntley\Downloads\Programming Books
2016-12-26 13:01 - 2016-12-26 13:01 - 00000000 ____D C:\Program Files\EaseUS
2016-12-25 11:01 - 2016-12-25 11:01 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator
2016-12-25 11:01 - 2016-12-25 11:01 - 00000000 ____D C:\Program Files (x86)\LinuxLive USB Creator
2016-12-24 10:22 - 2016-12-25 11:00 - 00000000 ____D C:\Users\Roy Huntley\Documents\New Unity Project 1

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-22 17:43 - 2013-03-11 13:07 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-22 17:27 - 2015-07-05 14:01 - 00000942 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1890039412-520281353-3741268676-1000UA.job
2017-01-22 16:57 - 2015-12-27 13:47 - 00000000 __SHD C:\ProgramData\578167
2017-01-22 16:55 - 2016-07-21 22:19 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\uTorrent
2017-01-22 16:39 - 2014-09-24 19:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-22 16:39 - 2012-10-17 23:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-22 05:27 - 2015-07-05 14:01 - 00000890 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1890039412-520281353-3741268676-1000Core.job
2017-01-22 02:00 - 2012-08-07 16:41 - 00000000 ____D C:\Users\Roy Huntley\AppData\Local\Adobe
2017-01-22 01:32 - 2013-02-18 19:20 - 00000000 ____D C:\Users\C\AppData\Roaming\uTorrent
2017-01-21 22:39 - 2016-05-02 01:06 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-21 22:39 - 2015-10-29 23:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-21 22:39 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-21 22:23 - 2016-05-02 01:42 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-01-21 20:37 - 2013-02-27 17:33 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-21 20:10 - 2016-02-13 05:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-21 20:09 - 2015-10-29 22:28 - 01835008 ___SH C:\WINDOWS\system32\config\BBI
2017-01-21 01:40 - 2016-05-02 01:10 - 00000000 ____D C:\Users\C
2017-01-21 01:35 - 2013-01-31 19:10 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-20 22:34 - 2015-04-14 19:34 - 00000000 ____D C:\Users\Roy Huntley\AppData\Local\Steam
2017-01-19 21:19 - 2014-01-12 15:26 - 00000000 _RSHD C:\Users\Roy Huntley\xuwir
2017-01-19 20:59 - 2015-05-20 22:03 - 00000000 ___RD C:\Users\Roy Huntley\Documents\MEGA
2017-01-19 19:25 - 2015-08-04 23:50 - 00000000 ____D C:\quark
2017-01-18 19:53 - 2016-12-12 19:51 - 00003270 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-18 19:53 - 2016-05-02 05:36 - 00002394 _____ C:\Users\C\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-18 19:53 - 2016-05-02 05:36 - 00000000 ___RD C:\Users\C\OneDrive
2017-01-18 18:53 - 2016-05-02 01:10 - 00000000 ____D C:\Users\Roy Huntley
2017-01-18 18:50 - 2016-12-03 17:30 - 00000000 ____D C:\ProgramData\VMware
2017-01-18 18:40 - 2016-12-09 15:03 - 00000000 ____D C:\Users\C\Documents\Plex Contents
2017-01-18 18:32 - 2013-03-12 03:48 - 00000000 ____D C:\ProgramData\Origin
2017-01-18 18:13 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\rescache
2017-01-17 21:35 - 2015-03-26 19:00 - 00000000 ____D C:\Program Files (x86)\Sid Meiers Civilization Beyond Earth
2017-01-17 21:34 - 2013-10-02 07:15 - 00000000 ____D C:\Program Files (x86)\Legends of Aethereus
2017-01-17 21:33 - 2014-01-12 15:01 - 00000000 _RSHD C:\Users\Roy Huntley\fnqyj
2017-01-17 17:59 - 2015-10-29 22:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2017-01-17 17:53 - 2015-10-29 23:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-01-17 14:25 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-17 14:25 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-17 01:46 - 2016-05-02 01:10 - 00000000 ____D C:\Users\Admin
2017-01-16 19:45 - 2015-03-16 21:18 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-16 19:45 - 2015-03-16 21:18 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-16 17:22 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-16 17:08 - 2016-05-02 01:10 - 00000000 ____D C:\Users\Mcx2-R-DESKTOP
2017-01-16 17:08 - 2016-05-02 01:10 - 00000000 ____D C:\Users\Mcx1-ROYHUNTLEY-HP
2017-01-16 17:08 - 2016-05-02 01:10 - 00000000 ____D C:\Users\Kids
2017-01-16 17:03 - 2016-05-09 10:02 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-16 16:51 - 2015-05-25 12:39 - 00000000 ____D C:\ProgramData\Auslogics
2017-01-16 15:55 - 2015-10-29 23:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-01-16 15:33 - 2012-08-07 16:34 - 00001313 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2017-01-16 15:24 - 2016-05-02 01:09 - 01018060 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-16 15:24 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF
2017-01-16 15:21 - 2014-12-27 21:17 - 00000000 ___RD C:\Dropbox
2017-01-16 15:08 - 2013-07-05 21:03 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-16 15:01 - 2016-02-13 05:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-16 15:01 - 2014-08-20 19:57 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2017-01-16 13:09 - 2013-03-02 04:47 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\vlc
2017-01-15 22:43 - 2015-10-29 23:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-15 22:26 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-15 22:24 - 2014-08-26 11:56 - 00000000 ___RD C:\Users\Roy Huntley\OneDrive
2017-01-15 16:18 - 2013-07-12 02:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-15 16:08 - 2012-08-07 18:15 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-14 22:29 - 2016-01-29 18:32 - 00000000 ____D C:\Users\Roy Huntley\AppData\Local\47DC4A34-8799-4637-A29D-14F4D3F2BD42.aplzod
2017-01-14 22:27 - 2016-01-29 18:32 - 00000000 ___RD C:\Users\Roy Huntley\iCloudDrive
2017-01-14 16:28 - 2013-02-02 21:10 - 00000000 ____D C:\Users\Roy Huntley\AppData\Local\SKIDROW
2017-01-14 09:13 - 2016-05-15 20:53 - 00000000 ____D C:\Users\C\AppData\Roaming\TeamViewer
2017-01-14 01:49 - 2015-04-13 19:13 - 00000000 ____D C:\ProgramData\Citrix
2017-01-14 01:45 - 2015-12-17 18:57 - 00000000 ____D C:\Users\Kids\AppData\Local\Citrix
2017-01-14 01:45 - 2015-05-23 21:15 - 00000000 ____D C:\Users\Admin\AppData\Local\Citrix
2017-01-14 01:45 - 2015-04-16 18:05 - 00000000 ____D C:\Users\C\AppData\Local\Citrix
2017-01-14 01:45 - 2015-04-13 19:11 - 00000000 ____D C:\Users\Roy Huntley\AppData\Local\Citrix
2017-01-14 01:44 - 2012-10-20 17:45 - 00000000 ____D C:\Users\Roy Huntley\Documents\My Games
2017-01-14 01:18 - 2013-02-04 12:41 - 00000000 ____D C:\Games
2017-01-13 23:07 - 2015-08-31 15:38 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\TeamViewer
2017-01-13 18:17 - 2016-11-06 20:27 - 00000000 ____D C:\Users\C\AppData\Roaming\Origin
2017-01-13 18:16 - 2013-03-12 03:50 - 00000000 ____D C:\Program Files (x86)\Origin
2017-01-12 18:04 - 2009-07-13 21:32 - 00000000 ___RD C:\Users\C\Desktop\Games
2017-01-12 17:02 - 2016-07-09 17:00 - 00000000 ____D C:\Users\Roy Huntley\Desktop\dsktop Pics
2017-01-12 15:28 - 2016-11-09 21:26 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-01-12 14:31 - 2016-02-13 05:11 - 04935824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-12 10:02 - 2015-07-13 14:25 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 20:30 - 2012-10-17 21:15 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\Dropbox
2017-01-10 23:34 - 2015-08-31 15:38 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-10 19:57 - 2013-03-20 10:26 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-10 19:40 - 2012-10-23 11:45 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2017-01-10 19:40 - 2011-06-17 06:15 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-01-07 21:52 - 2015-06-04 19:38 - 00000000 ____D C:\Users\Roy Huntley\Documents\The Witcher 3
2017-01-07 16:16 - 2012-08-07 18:11 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-01-07 16:11 - 2015-06-04 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2017-01-07 12:17 - 2016-05-02 05:24 - 00000000 ____D C:\Users\Roy Huntley\AppData\Local\Packages
2017-01-07 12:17 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-05 23:10 - 2013-07-26 11:23 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\Infinitecoin
2017-01-03 21:18 - 2012-10-23 12:04 - 00000000 ____D C:\Users\Roy Huntley\Documents\Outlook Files
2017-01-03 01:03 - 2015-02-03 17:47 - 00000509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4.lnk
2017-01-02 22:07 - 2016-11-06 15:13 - 00000509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4 - Get to Work.lnk
2016-12-31 21:38 - 2012-10-06 09:54 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-12-31 19:36 - 2016-10-22 17:22 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-30 23:17 - 2013-02-06 17:43 - 00000000 ___RD C:\Users\C\Pictures
2016-12-30 22:07 - 2016-10-24 20:56 - 00003236 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForKids
2016-12-30 22:07 - 2016-10-24 20:56 - 00000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForKids.job
2016-12-30 19:54 - 2012-09-10 14:38 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\hpqLog
2016-12-29 21:19 - 2016-06-13 20:47 - 00003212 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForC
2016-12-29 21:19 - 2016-06-13 20:47 - 00000336 _____ C:\WINDOWS\Tasks\HPCeeScheduleForC.job
2016-12-27 19:45 - 2011-06-17 05:58 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-12-27 19:45 - 2011-06-17 05:49 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-12-27 19:35 - 2016-12-19 21:01 - 00000000 ____D C:\Users\Kids\AppData\Local\Battle.net
2016-12-27 10:59 - 2016-10-24 20:56 - 00000000 ____D C:\Users\Kids\AppData\Local\Hewlett-Packard
2016-12-27 09:39 - 2011-06-17 05:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-27 09:39 - 2011-06-17 05:48 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-12-27 09:33 - 2011-06-17 05:57 - 00000000 ____D C:\Program Files (x86)\Hp
2016-12-27 09:30 - 2016-05-02 01:10 - 00000000 ____D C:\Users\Kids\AppData\Roaming
2016-12-27 09:29 - 2011-02-10 14:39 - 00000000 ____D C:\swsetup
2016-12-26 13:08 - 2013-02-19 17:12 - 00000000 ____D C:\ProgramData\Army Builder
2016-12-26 05:45 - 2013-01-24 21:26 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-12-26 05:44 - 2014-07-10 09:19 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-24 18:18 - 2015-12-21 15:36 - 00000000 ____D C:\Users\Kids\AppData\Local\Warframe
2016-12-24 10:25 - 2014-07-27 13:06 - 00000000 ____D C:\Users\Roy Huntley\AppData\Roaming\Unity
2016-12-24 10:22 - 2016-12-21 18:11 - 00000000 ____D C:\Users\Roy Huntley\AppData\LocalLow\DefaultCompany
2016-12-24 10:22 - 2016-12-21 18:00 - 00000000 ____D C:\ProgramData\Unity
2016-12-23 16:57 - 2013-02-27 17:43 - 00000000 ___RD C:\Users\Roy Huntley\Google Drive

==================== Files in the root of some directories =======

2015-03-26 03:48 - 2015-03-26 03:48 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-08-24 16:41 - 2013-02-18 17:46 - 4216840 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\vcredist_2008_sp1_x86.exe
2017-01-15 11:34 - 2017-01-15 11:34 - 1335296 _____ () C:\Users\Roy Huntley\AppData\Roaming\AdobeReaderUpdate.exe
2013-05-28 08:25 - 2013-09-28 18:57 - 0000000 _____ () C:\Users\Roy Huntley\AppData\Roaming\bitlord_log.txt
2013-03-07 21:26 - 2013-03-07 21:26 - 0000839 _____ () C:\Users\Roy Huntley\AppData\Roaming\Drives Meter_Settings.ini
2014-02-04 08:40 - 2014-02-04 11:01 - 0014901 _____ () C:\Users\Roy Huntley\AppData\Roaming\ekiga.conf
2017-01-22 12:31 - 2017-01-22 12:31 - 1146368 _____ (Microsoft Corporation) C:\Users\Roy Huntley\AppData\Roaming\GoogleInc.exe
2013-03-08 11:43 - 2013-07-10 16:33 - 0000282 _____ () C:\Users\Roy Huntley\AppData\Roaming\GPU MeterV2_Settings.ini
2016-11-01 07:43 - 2016-11-01 07:43 - 1473024 _____ () C:\Users\Roy Huntley\AppData\Roaming\MsPlugins.exe
2014-03-24 19:13 - 2014-03-24 19:13 - 0000954 _____ () C:\Users\Roy Huntley\AppData\Roaming\Network Meter_Settings.ini
2013-03-08 03:15 - 2015-10-19 17:21 - 0000030 _____ () C:\Users\Roy Huntley\AppData\Roaming\Network Meter_Usage.ini
2017-01-03 06:52 - 2017-01-03 07:24 - 1102336 _____ (Microsoft Corporation) C:\Users\Roy Huntley\AppData\Roaming\Nxupdater.exe
2014-01-12 15:26 - 2014-01-12 15:28 - 0000792 _____ () C:\Users\Roy Huntley\AppData\Roaming\Roy Huntley.txt
2014-04-04 09:27 - 2014-04-04 09:27 - 0000452 _____ () C:\Users\Roy Huntley\AppData\Roaming\Weather Meter_Settings.ini
2013-05-13 18:39 - 2013-05-13 18:39 - 0231718 _____ () C:\Users\Roy Huntley\AppData\Local\ars.cache
2013-05-13 18:40 - 2013-05-13 18:40 - 1034604 _____ () C:\Users\Roy Huntley\AppData\Local\census.cache
2013-05-13 00:29 - 2013-05-13 00:29 - 0000036 _____ () C:\Users\Roy Huntley\AppData\Local\housecall.guid.cache
2014-12-06 00:34 - 2016-03-20 19:59 - 0000173 _____ () C:\Users\Roy Huntley\AppData\Local\msmathematics.qat.Roy Huntley
2015-08-22 05:58 - 2015-08-22 05:58 - 0000218 _____ () C:\Users\Roy Huntley\AppData\Local\recently-used.xbel
2013-03-18 21:52 - 2016-08-31 18:01 - 0007637 _____ () C:\Users\Roy Huntley\AppData\Local\Resmon.ResmonCfg
2015-12-27 13:47 - 2015-12-27 13:47 - 0000006 ____S () C:\ProgramData\6b7e517dbd14d3e8bd2dd8fb52f411cd5830ff96
2012-10-23 13:25 - 2015-10-18 20:41 - 0004261 _____ () C:\ProgramData\hpzinstall.log
2015-12-27 13:47 - 2015-12-29 02:37 - 0001599 _____ () C:\ProgramData\XML

Files to move or delete:
====================
C:\Users\Roy Huntley\AppData\Local\Temp\333828\ic-0.21f1cc110923dc.exe
C:\Users\Roy Huntley\lead.bat
C:\Users\Roy Huntley\Network_Meter_Data.js
C:\Users\Roy Huntley\RegSvcs.exe


Some files in TEMP:
====================
2017-01-03 17:41 - 2017-01-03 17:41 - 0000000 _____ () C:\Users\C\AppData\Local\Temp\GUR2DF1.exe
2016-12-27 09:25 - 2016-12-07 13:21 - 0619656 _____ (HP Inc.) C:\Users\Kids\AppData\Local\Temp\HPSFUpdater.exe
2016-12-27 09:30 - 2016-12-07 03:29 - 0167456 _____ (HP Inc.) C:\Users\Kids\AppData\Local\Temp\UninstallHPSA.exe
2017-01-16 15:48 - 2017-01-16 15:52 - 0016384 _____ (LordeX) C:\Users\Roy Huntley\AppData\Local\Temp\cubecc.exe
2016-12-15 16:58 - 2013-11-12 07:48 - 0692632 _____ (Happy Cloud, Inc.) C:\Users\Roy Huntley\AppData\Local\Temp\hcuninstaller_20161215_165819_2828.exe
2012-07-20 18:23 - 2012-07-20 18:23 - 0587776 _____ (Igor Pavlov) C:\Users\Roy Huntley\AppData\Local\Temp\iiyq.exe
2017-01-16 15:42 - 2017-01-16 15:42 - 6042060 _____ () C:\Users\Roy Huntley\AppData\Local\Temp\mow.exe
2016-03-18 08:51 - 2016-03-18 08:51 - 22851472 _____ (Malwarebytes                                                ) C:\Users\Roy Huntley\AppData\Local\Temp\nvchlapv.exe
2016-12-08 13:02 - 2016-12-08 13:02 - 51969976 _____ (Malwarebytes                                                ) C:\Users\Roy Huntley\AppData\Local\Temp\qnziipmn.exe
2012-07-20 18:23 - 2012-07-20 18:23 - 0587776 _____ (Igor Pavlov) C:\Users\Roy Huntley\AppData\Local\Temp\qqcv.exe
2016-06-11 20:57 - 2016-06-11 20:57 - 0012067 ____T () C:\Users\Roy Huntley\AppData\Local\Temp\SIntf16.dll
2016-06-11 20:57 - 2016-06-11 20:57 - 0017212 ____T () C:\Users\Roy Huntley\AppData\Local\Temp\SIntf32.dll
2016-06-11 20:57 - 2016-06-11 20:57 - 0024516 ____T () C:\Users\Roy Huntley\AppData\Local\Temp\SIntfNT.dll
2016-12-16 15:41 - 2016-12-16 15:41 - 43878872 _____ (Skype Technologies S.A.) C:\Users\Roy Huntley\AppData\Local\Temp\SkypeSetup.exe
2016-12-31 19:13 - 2016-12-31 19:03 - 0099932 _____ () C:\Users\Roy Huntley\AppData\Local\Temp\Uninstall.exe
2016-11-09 21:25 - 2016-11-09 21:26 - 0065280 _____ () C:\Users\Roy Huntley\AppData\Local\Temp\utils.dll
2017-01-16 15:42 - 2017-01-16 15:46 - 0020480 _____ (GiveW) C:\Users\Roy Huntley\AppData\Local\Temp\vibesound.exe
2017-01-16 15:42 - 2017-01-16 15:46 - 0011285 _____ () C:\Users\Roy Huntley\AppData\Local\Temp\voi.exe
2017-01-16 15:42 - 2017-01-16 15:42 - 0020480 _____ (WoaleD) C:\Users\Roy Huntley\AppData\Local\Temp\wait.exe

Some zero byte size files/folders:
==========================
C:\Windows\System32\aticfx32.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-16 10:44

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:32 AM

Posted 23 January 2017 - 10:12 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
MyMemory (HKLM-x32\...\MyMemoryPackage) (Version: - ) <==== ATTENTION
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [lammers] => "C:\Program Files (x86)\Garble\insipid.exe"
HKLM\...\Run: [lammerslammers] => "C:\Program Files (x86)\Cutworm\insipid.exe"
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [MapsGalaxy] => C:\Users\Roy Huntley\AppData\Local\Temp\333828\ic-0.21f1cc110923dc.exe [974352 2017-01-16] () <===== ATTENTION
HKLM-x32\...\Run: [unintelligent] => "C:\Program Files (x86)\Garble\insipid.exe"
HKLM-x32\...\Run: [unintelligentunintelligent] => "C:\Program Files (x86)\Cutworm\insipid.exe"
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [Google Update] => C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [charcoals] => "C:\Program Files (x86)\Garble\insipid.exe"
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [charcoalscharcoals] => "C:\Program Files (x86)\Cutworm\insipid.exe"
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [brousseau] => "C:\Program Files (x86)\Garble\insipid.exe"
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [brousseaubrousseau] => "C:\Program Files (x86)\Cutworm\insipid.exe"
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [weta] => "C:\Program Files (x86)\ono\weta.exe"
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\...\Run: [vive] => "C:\Program Files (x86)\Garble\insipid.exe"
HKU\S-1-5-21-1890039412-520281353-3741268676-1008\...\Run: [Google Update] => C:\Users\C\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-1890039412-520281353-3741268676-1008\...\MountPoints2: {73339764-a470-11e6-9da9-2c27d71a8251} - "F:\vs_enterprise.exe"
Startup: C:\Users\Roy Huntley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pentathlon.lnk [2017-01-16]
ShortcutTarget: pentathlon.lnk -> C:\Program Files (x86)\Garble\insipid.exe (No File)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1890039412-520281353-3741268676-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1890039412-520281353-3741268676-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-1890039412-520281353-3741268676-1008 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
Toolbar: HKU\S-1-5-21-1890039412-520281353-3741268676-1008 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://search.conduit.com/?ctid=CT3309350&SearchSource=48&CUI=UN19845586419159290&UM=2","hxxp://mysearch.avg.com?cid={C28D9D64-AE33-4C47-8B3E-A50433C744AF}&mid=6e88976d4a9847d0bcdad16f13aca389-0fd92c6cea6536e866d1791b444f16886ad5590e&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-06 08:26:02&v=18.1.9.799&pid=safeguard&sg=0&sap=hp"
CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\WidevineCdm\_platform_specific\win_x64\widevinecdmadapter.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Chrome Media Router) - C:\Users\Roy Huntley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-13]
S3 ArcService; G:\Neverwinter\Arc\ArcService.exe [X]
S2 GTFAVENUE Updater; C:\Program Files (x86)\GTFAVENUE Updater\GTFAVENUE Updater.exe [X]
S2 WindowService; "C:\Users\Roy Huntley\AppData\Local\Temp\WS\WindowService.exe" [X]
S3 DisplayLinkUsbIo_x64; \SystemRoot\system32\DRIVERS\DisplayLinkUsbIo_x64_7.9.1589.0.sys [X]
U4 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Roy Huntley\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1008_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\C\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1008_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\C\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1008_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\C\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1008_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\C\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1008_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\C\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1008_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\C\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1008_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\C\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1008_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\C\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1008_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\C\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1008_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\C\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1008_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\C\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1008_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\C\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1008_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\C\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1890039412-520281353-3741268676-1008_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\C\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {1A84AEA6-286A-4224-BD38-361BF1E0B8CD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1FE7BB7A-5AD1-41DF-B236-5678C577ADFF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {23DC3CFE-7003-4E0D-85BA-E0CE4F85E892} - System32\Tasks\ga1473330514733305 => C:\Program Files (x86)\Garble\insipid.exe
Task: {4CAE73E9-ACB5-4E00-9999-53ACB5A14446} - \TidyNetwork Update -> No File <==== ATTENTION
Task: {549C149F-A071-47BD-ACDA-03EE9F44DDE2} - System32\Tasks\ga7483356574833565 => C:\Program Files (x86)\Cutworm\insipid.exe
Task: {5591AB38-52F7-44EF-B9D3-707255EF130F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {5FDA1982-B631-4155-B0B4-FD1AEE0B34B7} - System32\Tasks\uqxzod => C:\Users\Roy Huntley\uqxzod\tqcuv.exe [2016-10-09] (AutoIt Team)
Task: {817FB0D1-E30F-434A-819D-5655A783182E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {83AD16C0-4133-4009-8B6A-0B1C42A47A44} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
Task: {8E2FB405-5BAD-428B-8704-CF9B52AA0E7E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B27FE65B-DBCF-471D-88F1-80F2790396A4} - System32\Tasks\ga6450940964509409 => C:\Users\Roy Huntley\AppData\Local\insipid.exe
Task: {B6A79530-2898-4BC1-BCE9-26CF0D36A79A} - System32\Tasks\Windows Service => C:\ProgramData\578067\csrss.exe
Task: {B8B724FD-5E57-4FB6-8CAD-57A0A33E1B0A} - System32\Tasks\k74833565 => C:\Program Files (x86)\degeneres\degeneres.exe
Task: {C54A9E4E-6865-4CE3-8EE4-B503058E8766} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C5FE0D10-FF7A-4112-B210-8038B595DC41} - System32\Tasks\14733305 => C:\Program Files (x86)\Garble\insipid.exe <==== ATTENTION
Task: {CD411262-2C4B-415C-85E9-36FBE0C23C32} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D588F181-44C4-480E-9F0E-B26FFFAB5E51} - System32\Tasks\gak74833565k74833565 => C:\Program Files (x86)\degeneres\degeneres.exe
Task: {D840138A-7508-4BE8-A9B3-99D7184C8E70} - System32\Tasks\GTFAVENUE => gtfavenue.exe
Task: {F3629B14-F1F5-40FF-AFEC-C60CBB379434} - System32\Tasks\74833565 => C:\Program Files (x86)\Cutworm\insipid.exe <==== ATTENTION
Task: {F9E4BF43-5589-4C78-8A2D-5798A97F4EE9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FC614070-301B-4A5A-B2E4-B614AAA8827D} - System32\Tasks\64509409 => C:\Users\Roy Huntley\AppData\Local\insipid.exe <==== ATTENTION
C:\Program Files (x86)\Garble
C:\Program Files (x86)\Cutworm
C:\Users\Roy Huntley\uqxzod
C:\Users\Roy Huntley\AppData\Local\insipid.exe
C:\ProgramData\578067
C:\Program Files (x86)\degeneres
C:\Users\Roy Huntley\AppData\Local\Temp\333828
C:\Program Files (x86)\ono
C:\Users\Roy Huntley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pentathlon.lnk

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882
===

ADOBE AIR

Navigate to this page and follow the instructions and get the latest version.
https://get.adobe.com/air/
==============

ADOBE READER
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.
<<<>>>

If still present after the update remove the old version(s) via the Control Panel > Programs > Programs and Features.
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java SE Development Kit 7 Update 55 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
===

Please let me know what problem persists with this computer.

#3 rmhuntley

rmhuntley
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hillsboro, OR
  • Local time:03:32 AM

Posted 28 January 2017 - 05:16 PM

I"ll give this a try today. Sorry I've not responded sooner






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users