Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need to remove Searchlock from my Firefox browser???


  • This topic is locked This topic is locked
7 replies to this topic

#1 jwmghf

jwmghf

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 29 January 2017 - 04:27 PM

Hey guys:

 

I downloaded Chrome and I think I got this Searchlock from there?  It's now showing up in my Firefox browser and I want it gone.  I have downloaded the Farbar recovery scan tool. That's where I'm at.  I thought I'd ask what to do next so I wouldn't be jumping any important steps.

 

Thanks



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 29 January 2017 - 05:05 PM

Hello jwmghf and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

NOT : Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.

 

Thanks
  
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: Additional.txt
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Edited by olgun52, 19 January 2018 - 03:56 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 jwmghf

jwmghf
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 29 January 2017 - 07:53 PM

Ok Yilmaz, My name is John.

 

Here are the files:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by John Murray (administrator) on JOHNMURRAY-PC (29-01-2017 16:20:38)
Running from C:\Users\John Murray\Downloads\Programs
Loaded Profiles: John Murray (Available Profiles: John Murray)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) D:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Malwarebytes) G:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Malwarebytes) G:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) G:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Windows\System32\snmptrap.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Gadwin Systems, Inc) G:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(CANON INC.) C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_24_0_0_194.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-11] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [SoundMax] => C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [992056 2017-01-18] (Webroot)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2131856 2016-06-20] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2015-06-18] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Run: [Gadwin PrintScreen Pro] => G:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe [516096 2009-02-28] (Gadwin Systems, Inc)
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4015216 2016-12-15] (Tonec Inc.)
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Run: [NETGEARGenie] => d:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [986648 2016-09-29] (BlueStack Systems, Inc.)
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Run: [7A14BEF94BE3A226DA58C6998CBFFCDC23080FDB._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-01-25] (Google Inc.)
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Providers\Internet Print Provider: inetpp.dll
HKLM\...\Providers\LanMan Print Services: C:\Windows\SysWOW64\win32spl.dll [497152 2016-09-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll [2017-01-18] (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll [2017-01-18] (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll [2017-01-18] (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll [2017-01-18] (Webroot)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer Utility.lnk [2016-06-12]
ShortcutTarget: Image Transfer Utility.lnk -> C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe (CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-02-08]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-02-08]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-01-29]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-01-29]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5A22D5E7-A831-4792-BE0F-A60716AF42D4}: [NameServer] 78.46.223.24,162.242.211.137
Tcpip\..\Interfaces\{5A22D5E7-A831-4792-BE0F-A60716AF42D4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5BD5FE7A-13A4-4459-84DE-CD927D88213C}: [DhcpNameServer] 192.168.0.1 205.171.2.226
Tcpip\..\Interfaces\{BAB82DD8-E618-44BF-8188-9A983CF71003}: [NameServer] 78.46.223.24,162.242.211.137
Tcpip\..\Interfaces\{BAB82DD8-E618-44BF-8188-9A983CF71003}: [DhcpNameServer] 78.46.223.24 162.242.211.137
Tcpip\..\Interfaces\{C26528C3-EB50-469F-A8F5-B889D3450044}: [NameServer] 78.46.223.24,162.242.211.137
Tcpip\..\Interfaces\{C26528C3-EB50-469F-A8F5-B889D3450044}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://tehparadox.com/forum/f73/
HKU\S-1-5-21-536838509-1392972519-1708301710-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-536838509-1392972519-1708301710-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2016-02-08] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-01-27] (Webroot)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: iSkysoft Video Converter Ultimate 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-06-18] (Wondershare)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2016-02-08] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-01-27] (Webroot)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2016-02-08] (Webroot)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2016-02-08] (Webroot)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File

FireFox:
========
FF ProfilePath: C:\Users\John Murray\AppData\Roaming\Mozilla\Firefox\Profiles\uht4h9si.default-1455125683557 [2017-01-29]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\uht4h9si.default-1455125683557 -> Yahoo!
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\uht4h9si.default-1455125683557 -> Yahoo!
FF Homepage: Mozilla\Firefox\Profiles\uht4h9si.default-1455125683557 -> hxxp://tehparadox.com/forum/#resources-off-site
FF Session Restore: Mozilla\Firefox\Profiles\uht4h9si.default-1455125683557 -> is enabled.
FF Extension: (SearchLock) - C:\Users\John Murray\AppData\Roaming\Mozilla\Firefox\Profiles\uht4h9si.default-1455125683557\Extensions\@searchlock-fx.xpi [2017-01-23]
FF Extension: (Alldebrid extension) - C:\Users\John Murray\AppData\Roaming\Mozilla\Firefox\Profiles\uht4h9si.default-1455125683557\Extensions\alldebrid@alldebrid.com.xpi [2016-11-07]
FF Extension: (Adblock Plus) - C:\Users\John Murray\AppData\Roaming\Mozilla\Firefox\Profiles\uht4h9si.default-1455125683557\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16]
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2017-01-27]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
FF Extension: (iSkysoft Video Converter Ultimate) - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com [2016-03-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-08-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\John Murray\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\John Murray\AppData\Roaming\IDM\idmmzcc5 [2017-01-27] [not signed]
FF HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> D:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\John Murray\AppData\Local\Google\Chrome\User Data\Default [2017-01-29]
CHR Extension: (Google Slides) - C:\Users\John Murray\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-27]
CHR Extension: (Google Docs) - C:\Users\John Murray\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-27]
CHR Extension: (Google Drive) - C:\Users\John Murray\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-27]
CHR Extension: (YouTube) - C:\Users\John Murray\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-27]
CHR Extension: (Google Sheets) - C:\Users\John Murray\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-27]
CHR Extension: (Google Docs Offline) - C:\Users\John Murray\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-27]
CHR Extension: (Webroot Filtering Extension) - C:\Users\John Murray\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2017-01-27]
CHR Extension: (Skype) - C:\Users\John Murray\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-01-27]
CHR Extension: (IDM Integration Module) - C:\Users\John Murray\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-01-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John Murray\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-27]
CHR Extension: (Gmail) - C:\Users\John Murray\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-27]
CHR Extension: (Chrome Media Router) - C:\Users\John Murray\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-27]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-01-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-09-29] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-09-29] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [466456 2016-09-29] (BlueStack Systems, Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-16] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-01-04] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-11] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HTCMonitorService; d:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.)
R2 MBAMScheduler; G:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; G:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 NETGEARGenieDaemon; d:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-11] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-11] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [992056 2017-01-18] (Webroot)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-09-29] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-09-27] (Bluestack System Inc. )
S3 evserial8; C:\Windows\System32\DRIVERS\evserial8.sys [21128 2016-03-04] (ELTIMA Software)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R1 ISODrive; G:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2014-06-28] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-01-28] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [181040 2011-02-09] (Marvell Semiconductor, Inc.)
S3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2016-06-04] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11616 2000-06-24] () [File not signed]
S3 VSBC8; C:\Windows\System32\DRIVERS\evsbc8.sys [104584 2016-03-04] (ELTIMA Software)
S2 windrvNT; C:\Windows\SysWOW64\windrvNT.sys [35363 2016-01-18] () [File not signed]
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [139088 2017-01-25] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [66328 2016-09-29] (Webroot)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2057-01-18 03:12 - 2016-06-21 20:11 - 00000000 ____D C:\Users\John Murray\AppData\LocalLow\LastPass
2057-01-18 03:12 - 2016-06-21 20:11 - 00000000 ____D C:\Users\John Murray\AppData\Local\lptmp
2017-01-29 16:18 - 2017-01-29 16:20 - 00000000 ____D C:\FRST
2017-01-28 00:08 - 2017-01-28 00:08 - 02336291 _____ C:\Users\John Murray\Downloads\SuperSU.apk
2017-01-27 23:39 - 2017-01-27 23:39 - 00089756 _____ C:\Users\John Murray\Downloads\eu.chainfire.stickmount.apk
2017-01-27 16:37 - 2017-01-27 16:37 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-27 16:37 - 2017-01-27 16:37 - 00002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-27 16:36 - 2017-01-27 16:42 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-27 16:36 - 2017-01-27 16:42 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-26 22:23 - 2017-01-26 22:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-01-23 19:14 - 2017-01-23 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-23 16:33 - 2017-01-23 16:34 - 00016384 ___SH C:\Users\John Murray\Documents\Thumbs.db
2017-01-21 12:16 - 2017-01-21 12:16 - 00000000 ____D C:\Users\John Murray\AppData\Roaming\WindSolutions
2017-01-21 12:13 - 2017-01-21 12:13 - 00000000 ____D C:\ProgramData\WindSolutions
2017-01-16 22:32 - 2017-01-27 13:51 - 00000000 ___RD C:\Users\John Murray\Dropbox
2017-01-16 22:32 - 2017-01-16 22:32 - 00001226 _____ C:\Users\John Murray\Desktop\Dropbox.lnk
2017-01-16 22:27 - 2017-01-29 15:32 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-16 22:27 - 2017-01-28 22:38 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-16 22:27 - 2017-01-23 19:14 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-16 22:27 - 2017-01-16 22:32 - 00000000 ____D C:\Users\John Murray\AppData\Local\Dropbox
2017-01-16 22:27 - 2017-01-16 22:27 - 00003914 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2017-01-16 22:27 - 2017-01-16 22:27 - 00003662 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2017-01-16 22:27 - 2017-01-16 22:27 - 00000000 ____D C:\Users\John Murray\AppData\Roaming\Dropbox
2017-01-16 22:27 - 2017-01-16 22:27 - 00000000 ____D C:\ProgramData\Dropbox
2017-01-13 22:39 - 2017-01-14 15:29 - 00000058 _____ C:\Users\John Murray\Desktop\Fios Password and other.txt
2017-01-12 14:14 - 2017-01-12 14:14 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-01-12 14:14 - 2017-01-12 14:14 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-01-12 14:14 - 2017-01-12 14:14 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-01-12 13:51 - 2017-01-04 00:25 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-01-10 15:04 - 2017-01-05 13:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-10 15:04 - 2017-01-05 13:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-10 15:04 - 2017-01-05 13:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-10 15:04 - 2017-01-05 13:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-10 15:04 - 2017-01-05 12:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-10 15:04 - 2017-01-05 12:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 15:04 - 2017-01-05 12:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-10 15:04 - 2017-01-05 12:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 15:04 - 2017-01-05 12:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-10 15:04 - 2017-01-05 12:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-10 15:04 - 2017-01-05 12:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-10 15:04 - 2017-01-05 12:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-10 15:04 - 2017-01-05 12:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-10 15:04 - 2017-01-05 12:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-10 15:04 - 2017-01-05 12:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-10 15:04 - 2017-01-05 12:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-10 15:04 - 2017-01-05 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-10 15:04 - 2017-01-05 12:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-10 15:04 - 2017-01-05 12:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-10 15:04 - 2017-01-05 12:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-10 15:04 - 2017-01-05 12:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-10 15:04 - 2017-01-05 12:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-10 15:04 - 2017-01-05 12:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-10 15:04 - 2017-01-05 12:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-10 15:04 - 2017-01-05 12:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-10 15:04 - 2017-01-05 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-10 15:04 - 2017-01-05 12:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-08 02:01 - 2017-01-08 02:01 - 00000648 _____ C:\Users\John Murray\Desktop\Killer Hogs The BBQ Sauce.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-29 16:08 - 2009-07-13 23:45 - 00026368 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-29 16:08 - 2009-07-13 23:45 - 00026368 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-29 16:00 - 2015-01-29 17:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-29 11:44 - 2016-12-25 18:06 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForJohn Murray.job
2017-01-28 22:28 - 2016-11-30 21:26 - 00000000 ____D C:\Users\John Murray\AppData\Roaming\Kodi
2017-01-28 22:02 - 2015-01-29 18:25 - 00000000 ____D C:\ProgramData\WRData
2017-01-28 21:36 - 2015-01-28 17:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-28 21:13 - 2016-11-18 18:51 - 00000000 ____D C:\Users\John Murray\AppData\LocalLow\Mozilla
2017-01-28 21:13 - 2016-02-16 08:56 - 00000000 ____D C:\Users\John Murray\AppData\Local\CrashDumps
2017-01-28 00:12 - 2016-08-01 13:59 - 00000000 ____D C:\adbLink
2017-01-27 17:29 - 2015-01-29 19:22 - 00000000 ____D C:\Users\John Murray\AppData\Local\Google
2017-01-27 16:36 - 2015-01-29 19:22 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-27 14:10 - 2015-01-30 11:41 - 00000000 ____D C:\Users\John Murray\AppData\Roaming\vlc
2017-01-27 14:07 - 2015-01-28 16:04 - 00000000 ____D C:\Users\John Murray\Downloads\Video
2017-01-27 13:48 - 2016-11-17 19:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-27 13:48 - 2016-03-24 10:55 - 00000000 ____D C:\Users\John Murray\AppData\Local\HTC MediaHub
2017-01-27 13:48 - 2015-08-07 14:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-27 13:48 - 2015-01-28 15:09 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-27 13:48 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-26 23:09 - 2015-01-28 16:04 - 00000000 ____D C:\Users\John Murray\AppData\Roaming\DMCache
2017-01-26 22:56 - 2015-08-08 15:41 - 00000000 ____D C:\Users\John Murray\AppData\Roaming\Skype
2017-01-26 22:51 - 2016-08-18 17:21 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2017-01-26 22:23 - 2015-08-08 15:41 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2017-01-26 22:23 - 2015-08-08 15:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-01-26 22:23 - 2015-08-08 15:41 - 00000000 ____D C:\ProgramData\Skype
2017-01-26 20:49 - 2016-08-01 15:04 - 00001077 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2017-01-26 20:49 - 2015-01-28 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2017-01-25 19:07 - 2015-01-29 18:25 - 00139088 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2017-01-24 14:52 - 2015-01-28 16:04 - 00000000 ____D C:\Users\John Murray\Downloads\Compressed
2017-01-21 14:16 - 2016-01-19 14:22 - 00000000 ____D C:\Program Files\Java
2017-01-21 14:16 - 2015-01-31 00:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-21 14:15 - 2016-01-19 14:22 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-01-21 13:28 - 2016-01-18 04:09 - 00000000 ____D C:\Users\John Murray\AppData\Local\NETGEARGenie
2017-01-21 12:33 - 2009-07-14 00:13 - 00785942 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-21 12:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2017-01-18 00:09 - 2015-01-29 18:25 - 00193072 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2017-01-18 00:09 - 2015-01-29 18:25 - 00126696 _____ (Webroot) C:\Windows\system32\WRusr.dll
2017-01-16 22:32 - 2015-01-28 14:56 - 00000000 ____D C:\Users\John Murray
2017-01-15 17:44 - 2016-12-25 18:06 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJohn Murray
2017-01-11 22:30 - 2016-01-27 16:51 - 00000000 ____D C:\Users\John Murray\AppData\Roaming\HpUpdate
2017-01-11 04:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2017-01-11 03:04 - 2015-01-28 15:07 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 03:01 - 2015-01-28 15:07 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-11 03:00 - 2015-01-29 17:36 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-11 03:00 - 2015-01-29 17:36 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-11 03:00 - 2015-01-29 17:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-11 03:00 - 2015-01-29 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-11 03:00 - 2015-01-29 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-08 02:26 - 2016-10-09 15:33 - 00000000 ____D C:\Users\John Murray\AppData\Local\Bluestacks

==================== Files in the root of some directories =======

2015-03-26 06:48 - 2015-03-26 06:48 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2015-01-29 18:26 - 2016-02-08 21:03 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-01-28 16:34 - 2016-03-06 19:12 - 0007859 _____ () C:\Users\John Murray\AppData\Roaming\pcouffin.cat
2015-01-28 16:34 - 2016-03-06 19:12 - 0001167 _____ () C:\Users\John Murray\AppData\Roaming\pcouffin.inf
2015-01-28 16:34 - 2016-03-06 19:12 - 0000055 _____ () C:\Users\John Murray\AppData\Roaming\pcouffin.log
2015-01-28 16:34 - 2016-03-06 19:12 - 0082816 _____ (VSO Software) C:\Users\John Murray\AppData\Roaming\pcouffin.sys
2015-01-29 20:41 - 2015-01-29 20:41 - 0000088 _____ () C:\Users\John Murray\AppData\Local\8bda6e849dc107b9c5a6e87d8464269d
2015-04-11 19:11 - 2016-02-09 04:43 - 0003584 _____ () C:\Users\John Murray\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-05-29 21:38 - 2016-10-09 16:29 - 0007606 _____ () C:\Users\John Murray\AppData\Local\Resmon.ResmonCfg
2015-03-23 18:45 - 2015-03-23 18:45 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
2017-01-08 02:26 - 2016-09-29 08:57 - 0966168 _____ (BlueStack Systems, Inc.) C:\Users\John Murray\AppData\Local\Temp\BluestacksUninstaller.exe
2017-01-08 02:26 - 2016-09-29 08:56 - 0187416 _____ (BlueStack Systems) C:\Users\John Murray\AppData\Local\Temp\HD-LibraryHandler.dll
2017-01-08 02:26 - 2016-09-29 08:54 - 0246808 _____ (BlueStack Systems) C:\Users\John Murray\AppData\Local\Temp\HD-Logger-Native.dll
2016-11-15 19:46 - 2016-11-15 19:47 - 0035680 _____ () C:\Users\John Murray\AppData\Local\Temp\i4jdel0.exe
2016-10-23 11:58 - 2016-10-23 11:58 - 0737856 _____ (Oracle Corporation) C:\Users\John Murray\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-21 14:14 - 2017-01-21 14:14 - 0739904 _____ (Oracle Corporation) C:\Users\John Murray\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-10-04 19:51 - 2016-10-04 19:51 - 0040448 ____N () C:\Users\John Murray\AppData\Local\Temp\proxy_vole9044779627730681946.dll
2016-09-04 21:09 - 2016-09-04 21:09 - 41619584 _____ (Skype Technologies S.A.) C:\Users\John Murray\AppData\Local\Temp\SkypeSetup.exe
2016-11-30 20:34 - 2017-01-26 20:49 - 11523496 _____ (VS Revo Group                                               ) C:\Users\John Murray\AppData\Local\Temp\VSUSetup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD.

LastRegBack: 2017-01-23 12:17

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by John Murray (29-01-2017 16:21:47)
Running from C:\Users\John Murray\Downloads\Programs
Windows 7 Professional Service Pack 1 (X64) (2015-01-28 19:56:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-536838509-1392972519-1708301710-500 - Administrator - Disabled)
Guest (S-1-5-21-536838509-1392972519-1708301710-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-536838509-1392972519-1708301710-1003 - Limited - Enabled)
John Murray (S-1-5-21-536838509-1392972519-1708301710-1001 - Administrator - Enabled) => C:\Users\John Murray

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
ACDSee Photo Manager 2009 (HKLM-x32\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.85 - ACD Systems International)
adbLink version 2.04 (HKLM-x32\...\{284C09DA-1752-4856-BE41-52D34D3DBD11}_is1) (Version: 2.04 - jocala.com)
adbLink version 2.07 (HKLM-x32\...\{05CF1DD3-4A94-4219-B176-BB1796680A6C}_is1) (Version: 2.07 - jocala.com)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.61.6289 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{DD07C096-6D5C-4DC7-9604-C5B51C6B96D8}) (Version: 2.73.0 - Kovid Goyal)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.4.24 - Canon Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 18.4.32 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ffdshow x64 v1.3.4533 [2014-09-29] (HKLM\...\ffdshow64_is1) (Version: 1.3.4533.0 - )
FileZilla Client 3.22.2.2 (HKLM-x32\...\FileZilla Client) (Version: 3.22.2.2 - Tim Kosse)
Gadwin PrintScreen Professional (HKLM-x32\...\Gadwin PrintScreen Professional) (Version: 4.5 - Gadwin Systems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version:  - )
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.50.9 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.32.203 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.72.3 - HTC)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iSkysoft Helper Compact 2.5.0 (HKLM-x32\...\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1) (Version: 2.5.0 - iSkysoft)
iSkysoft Video Converter Ultimate(Build 5.6.0.0) (HKLM-x32\...\iSkysoft Video Converter Ultimate_is1) (Version: 5.6.0.0 - iSkysoft Software)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kodi (HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Kodi) (Version:  - XBMC-Foundation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
marvell 61xx (HKLM-x32\...\mv61xxDriver) (Version: 1.2.0.69 - Marvell)
MediaInfo 0.7.83 (HKLM\...\MediaInfo) (Version: 0.7.83 - MediaArea.net)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Combat Flight Simulator 2 (HKLM-x32\...\Combat Flight Simulator 2.0) (Version:  - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.17.2200 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MKVToolNix 7.5.0 (64bit) (HKLM-x32\...\MKVtoolnix) (Version: 7.5.0 - Moritz Bunkus)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.15.07 - NETGEAR Inc.)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
Qcma (HKLM\...\Qcma) (Version: 0.3.12 - codestation)
Revo Uninstaller Pro 3.1.2 (HKLM\...\Revo Uninstaller Pro PREACTIVATED by .:sHaRe:. @~1067B756_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SMC Karaoke Manager (HKLM-x32\...\{4F844B00-B138-4E42-89D1-037AD19D8830}_is1) (Version:  - Doblon)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
UltraISO Premium V9.61 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSO ConvertXToDVD 6 (HKLM-x32\...\{8FC36FA6-C508-44FB-B137-1CB46D8258B2}_is1) (Version: 6.0.0.27 - VSO Software)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.3.0 - Azureus Software, Inc.)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.15.40 - Webroot)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - libusb-win32 PS Vita Type B (02/23/2013 1.2.6.0) (HKLM\...\E88FB411ED92EFDB9BF3A5F94548DA4956C0D97B) (Version: 02/23/2013 1.2.6.0 - libusb-win32)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinX HD Video Converter Deluxe 5.9.2 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software, Inc.)
Xilisoft Video Converter Platinum (HKLM-x32\...\Xilisoft Video Converter Platinum) (Version: 7.8.12.20151119 - Xilisoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BAE9643-60C8-4FA8-9118-6D221B261596} - System32\Tasks\{CE7D1941-3E6D-493A-9662-B8CEA9C74A6E} => pcalua.exe -a C:\Users\JOHNMU~1\AppData\Local\Temp\Rar$EXa0.794\AMDCoolnQuiet_Utility_V21801_XPVistaWin7\setup.exe -d C:\Users\JOHNMU~1\AppData\Local\Temp\Rar$EXa0.794\AMDCoolnQuiet_Utility_V21801_XPVistaWin7\ <==== ATTENTION
Task: {2826CF96-B867-467B-8467-23DC19C08430} - System32\Tasks\{4706EEB1-3FCD-4A60-B684-AB32FFF39BFE} => pcalua.exe -a "L:\More Wii Hacks\Folder Lock.exe" -d "L:\More Wii Hacks"
Task: {2861E2F6-4146-4234-AEA0-481700594148} - System32\Tasks\{385E10F6-4355-4E19-A37E-DD5004E979B4} => pcalua.exe -a "C:\Users\John Murray\Downloads\Programs\lgs510.exe" -d "C:\Users\John Murray\Downloads\Programs"
Task: {2DA41E76-8EAB-478E-811D-E142CE2DF3E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-27] (Google Inc.)
Task: {37F077F5-4D69-4A2A-AC26-0DE7BA73F26E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {4493F27F-92A7-4A8E-8B64-C2606E276F06} - System32\Tasks\{A4033619-CA00-4C0A-97C7-C4D8AB149381} => pcalua.exe -a "C:\Users\John Murray\Downloads\Compressed\Intel_ChipsetInf_V9111014\AsusSetup.exe" -d "C:\Users\John Murray\Downloads\Compressed\Intel_ChipsetInf_V9111014"
Task: {59244C75-6BF0-47F9-92D2-E46BC702D041} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {5F097EC7-EBD8-4F9A-8D1B-7F5A987A532E} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {6B85CD64-DCD8-4C9D-ABF8-A250782C4B23} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {701D7DFC-619C-4E94-BA1B-2403BCF9517A} - System32\Tasks\HPCustParticipation HP Envy 100 D410 series => C:\Program Files\HP\HP Envy 100 D410 series\Bin\HPCustPartic.exe
Task: {75639D07-7F0D-4D7D-9B6E-4210E277B45F} - System32\Tasks\Check Updates => C:\Users\John Murray\AppData\Local\browser extensions\updater.exe
Task: {79991B24-CDB5-4FE6-9294-41DA832DFCE5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-16] (Dropbox, Inc.)
Task: {7CBE894E-38B5-47B1-B539-670113AA0015} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {86004375-542A-431D-A26A-569254FC8BF3} - System32\Tasks\Validate Installation => C:\Users\John Murray\AppData\Local\browser extensions\updater.exe
Task: {90BFB3EF-3C0E-4082-9F94-128115A64672} - System32\Tasks\{018E31CA-FFA6-48D9-BF64-385D99152C7D} => pcalua.exe -a C:\Users\JOHNMU~1\AppData\Local\Temp\Rar$EXa0.938\AMDCoolnQuiet_Utility_V21801_XPVistaWin7\setup.exe -d C:\Users\JOHNMU~1\AppData\Local\Temp\Rar$EXa0.938\AMDCoolnQuiet_Utility_V21801_XPVistaWin7\ <==== ATTENTION
Task: {969EA385-4D5B-458A-9897-0281030A9BDF} - System32\Tasks\{29CA0E79-C9B4-479A-BABF-A77D3CB3C650} => pcalua.exe -a "C:\Users\John Murray\Downloads\Programs\DAMN_NFO_Viewer_v2-10-0032-RC3.exe" -d "C:\Users\John Murray\Downloads\Programs"
Task: {98F4EC5B-C144-458B-B1B1-1AD14A6EFBE2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {9E994218-46AF-487B-8E3C-D54284A137B5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A422CDAC-9A47-4F24-95AD-47846DB75D22} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-27] (Google Inc.)
Task: {A9D70979-5372-489F-8294-D52A53A22A2F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {ACE95A40-0F6A-42AB-A8B9-E8853F7939A7} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {B453D9CD-CA1A-4BF7-9D34-C290B4F35837} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {B645FDE6-DE4B-4616-8B01-2C9E7745467A} - System32\Tasks\{1B53751F-0599-4837-B86F-22246A6500BB} => pcalua.exe -a "C:\Users\John Murray\Downloads\Programs\AUD_Vista_Win7_6620_PV_CNXT\setup.exe" -d "C:\Users\John Murray\Downloads\Programs\AUD_Vista_Win7_6620_PV_CNXT"
Task: {C00F88C4-ADD7-4DCC-AB50-B8AE4588F80C} - System32\Tasks\{F25C1BD7-1B05-43B2-B3AD-917265304DA4} => pcalua.exe -a H:\SETUP.EXE -d H:\
Task: {C03244B3-AF8C-4196-BE8F-8AC908D2205F} - System32\Tasks\{8374DF2E-A6E0-4F1F-B1FE-8022329D76D4} => pcalua.exe -a "C:\Users\John Murray\Downloads\Programs\jxpiinstall.exe" -d "C:\Users\John Murray\AppData\Roaming\IDM"
Task: {C10A0245-704E-43F3-80A1-DCD62FCC9075} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-16] (Dropbox, Inc.)
Task: {C2357873-441B-4C3A-9FEC-5E857C7B2A63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {D95E0D19-B66F-4DE5-8283-5F53F89225A5} - System32\Tasks\{FCA99922-13D5-4EAF-A585-F2F4CC4944CD} => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2016-12-15] (Tonec Inc.)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\SysWOW64\BthUdTask.exe [2009-07-13] (Microsoft Corporation)
Task: {FC67B32A-2E31-41FD-A20D-90AC71CAF07E} - System32\Tasks\HPCeeScheduleForJohn Murray => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJohn Murray.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\John Murray\AppData\Local\684d0\444b9.lnk -> C:\Users\John Murray\AppData\Local\684d0\f69bc.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2016-02-06 17:00 - 2016-01-22 20:04 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-01 13:10 - 2016-11-01 13:10 - 00052400 _____ () D:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () D:\Program Files\Unlocker\UnlockerCOM.dll
2016-03-17 11:06 - 2015-02-27 13:38 - 00721263 _____ () C:\Windows\SysWOW64\ISCM64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 17:38 - 2015-12-17 17:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-06 16:53 - 2016-01-11 23:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2016-03-09 13:40 - 2016-03-09 13:40 - 00030720 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2016-06-03 14:37 - 2016-06-03 14:37 - 00607016 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2016-03-09 13:40 - 2016-03-09 13:40 - 00059392 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2016-03-09 13:40 - 2016-03-09 13:40 - 00035864 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2016-03-09 13:40 - 2016-03-09 13:40 - 00079888 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2016-03-09 13:41 - 2016-03-09 13:41 - 00129016 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2016-03-09 13:42 - 2016-03-09 13:42 - 00223240 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-05-18 10:14 - 2016-01-11 23:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-03-17 11:06 - 2016-06-20 13:51 - 01506304 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2016-03-17 11:06 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2017-01-23 19:13 - 2017-01-18 13:39 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-01-23 19:13 - 2016-12-21 03:44 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-01-23 19:13 - 2016-12-21 03:44 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-01-23 19:13 - 2016-12-21 03:44 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-01-23 19:13 - 2016-12-21 03:44 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-01-23 19:13 - 2016-12-21 03:45 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-01-23 19:13 - 2016-12-21 03:44 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-01-23 19:13 - 2016-12-21 03:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-01-23 19:13 - 2016-12-21 03:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-01-23 19:13 - 2016-12-21 03:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00052032 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-01-23 19:13 - 2016-12-21 03:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-01-23 19:13 - 2016-12-21 03:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-01-23 19:13 - 2016-12-21 03:47 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-01-23 19:13 - 2016-12-21 03:47 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-01-23 19:13 - 2016-12-21 03:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-01-23 19:13 - 2016-12-21 03:47 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-01-23 19:13 - 2016-12-21 03:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-23 19:13 - 2016-12-21 03:47 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-01-23 19:13 - 2016-12-21 03:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-01-23 19:13 - 2017-01-18 13:42 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-01-23 19:13 - 2016-12-21 03:50 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-01-23 19:13 - 2016-12-21 03:50 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-01-23 19:13 - 2017-01-18 13:42 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-01-11 03:00 - 2017-01-11 03:00 - 19762776 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-08-24 16:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-536838509-1392972519-1708301710-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John Murray\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 78.46.223.24 - 162.242.211.137
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3444984E-352C-4AF9-A4BD-1D8FE34D6D1C}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EA261625-F04E-416E-A79B-FC0103D30C24}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FA38BDD0-CA17-4642-8AC4-F5C2624E0F2A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DC7E05E3-B172-412B-8F60-9E58F489FB9B}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C318DEDD-E2E0-4DFE-8AE9-2644221225DE}] => C:\Users\John Murray\AppData\Local\Temp\7zS1B8D\HPDiagnosticCoreUI.exe
FirewallRules: [{5264D55E-D346-4CC8-974D-29DADAAFB796}] => C:\Users\John Murray\AppData\Local\Temp\7zS1B8D\HPDiagnosticCoreUI.exe
FirewallRules: [{3D96A418-B82B-4845-AF68-FDFEB1037A24}] => C:\Users\John Murray\AppData\Local\Temp\7zS3C2E\HPDiagnosticCoreUI.exe
FirewallRules: [{7F655CCE-529A-4361-9643-968881E8DF0A}] => C:\Users\John Murray\AppData\Local\Temp\7zS3C2E\HPDiagnosticCoreUI.exe
FirewallRules: [{8ABF7FD2-3FA1-48AE-9EAC-170323A34E94}] => C:\Users\John Murray\AppData\Local\Temp\7zS6357\HPDiagnosticCoreUI.exe
FirewallRules: [{8F4906C3-1EE1-459A-A506-829F714895F6}] => C:\Users\John Murray\AppData\Local\Temp\7zS6357\HPDiagnosticCoreUI.exe
FirewallRules: [{D4613CCA-A63B-4C60-B708-3D35838DF2FF}] => C:\Users\John Murray\AppData\Local\Temp\7zS1E03\HPDiagnosticCoreUI.exe
FirewallRules: [{B100E05C-572D-407B-8799-8DE2D7CF65DE}] => C:\Users\John Murray\AppData\Local\Temp\7zS1E03\HPDiagnosticCoreUI.exe
FirewallRules: [{B135D577-A0D6-4558-8C12-1CA605DE5296}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D121C91B-29F3-435E-A828-ED4CA4F96C7A}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B7B1C181-82A8-4E2D-84C1-E2A4F8429200}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{235667B9-7513-4A9B-848D-2CD8F6124C8F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8EEE0A6F-4B73-440A-A3CE-2078603B9140}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{02E904FA-BB0B-4AD4-A68D-FD6C23DFA68E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{00150E49-EDDC-42D0-8CC8-6341A83A5AE7}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2E1AAC86-E85F-4C0D-A178-ABA701B4D9AE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{41C121F5-F7AF-4BA3-9A7A-45D3DABB41DC}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DFEF1763-4AA9-440D-B5F6-49DA9315DF44}D:\program files (x86)\netgear genie\bin\netgeargenie.exe] => D:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{8D324052-3B12-44A9-B435-C24B57F0DC4C}D:\program files (x86)\netgear genie\bin\netgeargenie.exe] => D:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{200A4EDB-C627-4E76-9030-792C86164F12}] => D:\Program Files\Vuze\Azureus.exe
FirewallRules: [{F6D6DB0D-3A1E-4FDF-A95E-830A197F2F9B}] => D:\Program Files\Vuze\Azureus.exe
FirewallRules: [{38050CBF-31D7-4FCD-BE85-A773CD06AC3F}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{21B5DAA6-CFD1-4343-9DC4-05B97856CBA7}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{397C2D32-7D4B-4D6F-BDA0-EF9B4F84C228}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2FA2E1CF-7C7F-4002-ACAF-1D40565E72F1}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{741EEDCF-CD66-4374-9D95-0CE9A5745F55}] => D:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1C0EE988-2E53-4B7B-A2CA-0D02505304E8}] => d:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{51B81026-E7A9-4816-90D9-1F1A82F96E40}] => C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{C9624E60-13EC-4E7F-9AA4-C086FF8EABA8}] => C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{D74C62D8-9937-430E-9F2B-D2D90B842D80}] => C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{0EC60412-CE1A-4F6A-B448-B18A2525CAEE}] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{83424099-D0DD-4C57-8A5C-ABBBA7D29294}] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{AED238B9-EDD7-43D5-B71D-91A901EB33B1}] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{F3C42746-CC96-4D36-8234-EB72F1D4000F}D:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => D:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [UDP Query User{7E981D90-F243-42B7-8232-C83CF66CF6B6}D:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => D:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [TCP Query User{6D1E79EC-464A-49CE-991F-45591551BD51}D:\program files\filezilla ftp client\filezilla.exe] => D:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{E52F390F-E623-4887-B37A-BEF13B613CD4}D:\program files\filezilla ftp client\filezilla.exe] => D:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{16E6AF1F-D7DA-4BAB-948B-5260883DBB25}C:\program files\webroot\wrsa.exe] => C:\program files\webroot\wrsa.exe
FirewallRules: [UDP Query User{4D71E746-B1CC-4454-A044-070E06BD31A9}C:\program files\webroot\wrsa.exe] => C:\program files\webroot\wrsa.exe
FirewallRules: [{E03CCCD5-8299-47AE-B3E6-B557A610BDB0}] => d:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{B049E54B-A515-4977-BEFA-F35B3F7147A2}] => D:\Program Files\Vuze\Azureus.exe
FirewallRules: [{E435FC1A-0D2E-4F24-B921-D5DBBBEBCF7D}] => D:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{FC8E00F4-6D80-4A52-8AFD-B004BDF7A549}D:\program files (x86)\kodi\kodi.exe] => D:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{FAFADA60-8125-4464-8C37-32962B6DA0C4}D:\program files (x86)\kodi\kodi.exe] => D:\program files (x86)\kodi\kodi.exe
FirewallRules: [{2B1148FD-1CEF-46A3-8AFA-1CD7072518D6}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{A5860BF3-A323-40C9-8EBC-E0BB8E0D433E}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{40DFED33-BE5D-402D-BE3A-FFF3D12B6BC9}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

17-01-2017 02:53:21 Windows Update
24-01-2017 02:06:45 Windows Update
26-01-2017 20:51:04 Revo Uninstaller Pro's restore point - Skype Click to Call
27-01-2017 13:56:10 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2017 09:13:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 51.0.1.6234, time stamp: 0x5888f707
Faulting module name: mozglue.dll, version: 51.0.1.6234, time stamp: 0x5888f27e
Exception code: 0x80000003
Fault offset: 0x0000ec83
Faulting process id: 0x21c4
Faulting application start time: 0x01d279895f68220d
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: 8107e95c-e5c8-11e6-b85b-00183908cc44

Error: (01/27/2017 01:48:42 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/26/2017 09:58:56 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/26/2017 09:14:14 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/26/2017 08:50:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {87151f78-34e7-472f-918a-b6d02242ce77}

Error: (01/25/2017 07:07:57 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/23/2017 07:14:05 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/23/2017 07:14:03 PM) (Source: DbxSvc) (EventID: 270) (User: )
Description: Filter Unload failed with: (-2145452013) The system could not find the filter specified.

Error: (01/23/2017 08:34:18 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location R:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/23/2017 08:19:31 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.


System errors:
=============
Error: (01/27/2017 01:59:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.235.1404.0).

Error: (01/27/2017 01:52:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/27/2017 01:52:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (01/27/2017 01:51:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/27/2017 01:51:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

Error: (01/27/2017 01:48:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The windrvNT service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/26/2017 10:00:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} did not register with DCOM within the required timeout.

Error: (01/26/2017 09:59:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The windrvNT service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/26/2017 09:57:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WRSVC service failed to start due to the following error:
The pipe has been ended.

Error: (01/26/2017 09:57:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WRSVC service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 940 @ 2.93GHz
Percentage of memory in use: 75%
Total physical RAM: 4087.11 MB
Available physical RAM: 1003.76 MB
Total Virtual: 8172.4 MB
Available Virtual: 3757.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:365.54 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (2 TB) (Fixed) (Total:1863.01 GB) (Free:630.85 GB) NTFS
Drive e: (250 GB) (Fixed) (Total:232.88 GB) (Free:176.67 GB) NTFS
Drive f: (1 TB2) (Fixed) (Total:931.51 GB) (Free:931.11 GB) NTFS
Drive g: (1 TB) (Fixed) (Total:931.51 GB) (Free:725.62 GB) NTFS
Drive k: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
Drive l: (Backups) (Fixed) (Total:428.85 GB) (Free:329.31 GB) NTFS
Drive m: (WII HACKS) (Fixed) (Total:2 GB) (Free:1.81 GB) FAT32
Drive n: (kij) (Fixed) (Total:500 GB) (Free:499.8 GB) NTFS
Drive p: (PS3USB30FD) (Removable) (Total:29.5 GB) (Free:29.35 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 276CCD4C)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CC837373)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 446E446E)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 227EEA93)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 227EEB55)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 29.6 GB) (Disk ID: 9AA4B2BD)
Partition 1: (Not Active) - (Size=29.5 GB) - (Type=0C)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 213A8431)
Partition 1: (Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=2 GB) - (Type=0C)
Partition 3: (Not Active) - (Size=428.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by John Murray (29-01-2017 16:21:47)
Running from C:\Users\John Murray\Downloads\Programs
Windows 7 Professional Service Pack 1 (X64) (2015-01-28 19:56:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-536838509-1392972519-1708301710-500 - Administrator - Disabled)
Guest (S-1-5-21-536838509-1392972519-1708301710-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-536838509-1392972519-1708301710-1003 - Limited - Enabled)
John Murray (S-1-5-21-536838509-1392972519-1708301710-1001 - Administrator - Enabled) => C:\Users\John Murray

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
ACDSee Photo Manager 2009 (HKLM-x32\...\{300578F9-9EFF-4B93-9AB1-C0E5707EF463}) (Version: 11.0.85 - ACD Systems International)
adbLink version 2.04 (HKLM-x32\...\{284C09DA-1752-4856-BE41-52D34D3DBD11}_is1) (Version: 2.04 - jocala.com)
adbLink version 2.07 (HKLM-x32\...\{05CF1DD3-4A94-4219-B176-BB1796680A6C}_is1) (Version: 2.07 - jocala.com)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.61.6289 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{DD07C096-6D5C-4DC7-9604-C5B51C6B96D8}) (Version: 2.73.0 - Kovid Goyal)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.4.24 - Canon Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 18.4.32 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
ffdshow x64 v1.3.4533 [2014-09-29] (HKLM\...\ffdshow64_is1) (Version: 1.3.4533.0 - )
FileZilla Client 3.22.2.2 (HKLM-x32\...\FileZilla Client) (Version: 3.22.2.2 - Tim Kosse)
Gadwin PrintScreen Professional (HKLM-x32\...\Gadwin PrintScreen Professional) (Version: 4.5 - Gadwin Systems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version:  - )
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.50.9 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.32.203 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.72.3 - HTC)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iSkysoft Helper Compact 2.5.0 (HKLM-x32\...\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1) (Version: 2.5.0 - iSkysoft)
iSkysoft Video Converter Ultimate(Build 5.6.0.0) (HKLM-x32\...\iSkysoft Video Converter Ultimate_is1) (Version: 5.6.0.0 - iSkysoft Software)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kodi (HKU\S-1-5-21-536838509-1392972519-1708301710-1001\...\Kodi) (Version:  - XBMC-Foundation)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
marvell 61xx (HKLM-x32\...\mv61xxDriver) (Version: 1.2.0.69 - Marvell)
MediaInfo 0.7.83 (HKLM\...\MediaInfo) (Version: 0.7.83 - MediaArea.net)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Combat Flight Simulator 2 (HKLM-x32\...\Combat Flight Simulator 2.0) (Version:  - )
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.17.2200 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MKVToolNix 7.5.0 (64bit) (HKLM-x32\...\MKVtoolnix) (Version: 7.5.0 - Moritz Bunkus)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.15.07 - NETGEAR Inc.)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
PS3 Media Server (HKLM-x32\...\PS3 Media Server) (Version: 1.90.1 - PS3 Media Server)
Qcma (HKLM\...\Qcma) (Version: 0.3.12 - codestation)
Revo Uninstaller Pro 3.1.2 (HKLM\...\Revo Uninstaller Pro PREACTIVATED by .:sHaRe:. @~1067B756_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Revo Uninstaller Pro 3.1.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.8 - VS Revo Group, Ltd.)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SMC Karaoke Manager (HKLM-x32\...\{4F844B00-B138-4E42-89D1-037AD19D8830}_is1) (Version:  - Doblon)
SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
UltraISO Premium V9.61 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSO ConvertXToDVD 6 (HKLM-x32\...\{8FC36FA6-C508-44FB-B137-1CB46D8258B2}_is1) (Version: 6.0.0.27 - VSO Software)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.3.0 - Azureus Software, Inc.)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.15.40 - Webroot)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - libusb-win32 PS Vita Type B (02/23/2013 1.2.6.0) (HKLM\...\E88FB411ED92EFDB9BF3A5F94548DA4956C0D97B) (Version: 02/23/2013 1.2.6.0 - libusb-win32)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinX HD Video Converter Deluxe 5.9.2 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software, Inc.)
Xilisoft Video Converter Platinum (HKLM-x32\...\Xilisoft Video Converter Platinum) (Version: 7.8.12.20151119 - Xilisoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BAE9643-60C8-4FA8-9118-6D221B261596} - System32\Tasks\{CE7D1941-3E6D-493A-9662-B8CEA9C74A6E} => pcalua.exe -a C:\Users\JOHNMU~1\AppData\Local\Temp\Rar$EXa0.794\AMDCoolnQuiet_Utility_V21801_XPVistaWin7\setup.exe -d C:\Users\JOHNMU~1\AppData\Local\Temp\Rar$EXa0.794\AMDCoolnQuiet_Utility_V21801_XPVistaWin7\ <==== ATTENTION
Task: {2826CF96-B867-467B-8467-23DC19C08430} - System32\Tasks\{4706EEB1-3FCD-4A60-B684-AB32FFF39BFE} => pcalua.exe -a "L:\More Wii Hacks\Folder Lock.exe" -d "L:\More Wii Hacks"
Task: {2861E2F6-4146-4234-AEA0-481700594148} - System32\Tasks\{385E10F6-4355-4E19-A37E-DD5004E979B4} => pcalua.exe -a "C:\Users\John Murray\Downloads\Programs\lgs510.exe" -d "C:\Users\John Murray\Downloads\Programs"
Task: {2DA41E76-8EAB-478E-811D-E142CE2DF3E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-27] (Google Inc.)
Task: {37F077F5-4D69-4A2A-AC26-0DE7BA73F26E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {4493F27F-92A7-4A8E-8B64-C2606E276F06} - System32\Tasks\{A4033619-CA00-4C0A-97C7-C4D8AB149381} => pcalua.exe -a "C:\Users\John Murray\Downloads\Compressed\Intel_ChipsetInf_V9111014\AsusSetup.exe" -d "C:\Users\John Murray\Downloads\Compressed\Intel_ChipsetInf_V9111014"
Task: {59244C75-6BF0-47F9-92D2-E46BC702D041} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {5F097EC7-EBD8-4F9A-8D1B-7F5A987A532E} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {6B85CD64-DCD8-4C9D-ABF8-A250782C4B23} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {701D7DFC-619C-4E94-BA1B-2403BCF9517A} - System32\Tasks\HPCustParticipation HP Envy 100 D410 series => C:\Program Files\HP\HP Envy 100 D410 series\Bin\HPCustPartic.exe
Task: {75639D07-7F0D-4D7D-9B6E-4210E277B45F} - System32\Tasks\Check Updates => C:\Users\John Murray\AppData\Local\browser extensions\updater.exe
Task: {79991B24-CDB5-4FE6-9294-41DA832DFCE5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-16] (Dropbox, Inc.)
Task: {7CBE894E-38B5-47B1-B539-670113AA0015} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {86004375-542A-431D-A26A-569254FC8BF3} - System32\Tasks\Validate Installation => C:\Users\John Murray\AppData\Local\browser extensions\updater.exe
Task: {90BFB3EF-3C0E-4082-9F94-128115A64672} - System32\Tasks\{018E31CA-FFA6-48D9-BF64-385D99152C7D} => pcalua.exe -a C:\Users\JOHNMU~1\AppData\Local\Temp\Rar$EXa0.938\AMDCoolnQuiet_Utility_V21801_XPVistaWin7\setup.exe -d C:\Users\JOHNMU~1\AppData\Local\Temp\Rar$EXa0.938\AMDCoolnQuiet_Utility_V21801_XPVistaWin7\ <==== ATTENTION
Task: {969EA385-4D5B-458A-9897-0281030A9BDF} - System32\Tasks\{29CA0E79-C9B4-479A-BABF-A77D3CB3C650} => pcalua.exe -a "C:\Users\John Murray\Downloads\Programs\DAMN_NFO_Viewer_v2-10-0032-RC3.exe" -d "C:\Users\John Murray\Downloads\Programs"
Task: {98F4EC5B-C144-458B-B1B1-1AD14A6EFBE2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)
Task: {9E994218-46AF-487B-8E3C-D54284A137B5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A422CDAC-9A47-4F24-95AD-47846DB75D22} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-27] (Google Inc.)
Task: {A9D70979-5372-489F-8294-D52A53A22A2F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {ACE95A40-0F6A-42AB-A8B9-E8853F7939A7} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {B453D9CD-CA1A-4BF7-9D34-C290B4F35837} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {B645FDE6-DE4B-4616-8B01-2C9E7745467A} - System32\Tasks\{1B53751F-0599-4837-B86F-22246A6500BB} => pcalua.exe -a "C:\Users\John Murray\Downloads\Programs\AUD_Vista_Win7_6620_PV_CNXT\setup.exe" -d "C:\Users\John Murray\Downloads\Programs\AUD_Vista_Win7_6620_PV_CNXT"
Task: {C00F88C4-ADD7-4DCC-AB50-B8AE4588F80C} - System32\Tasks\{F25C1BD7-1B05-43B2-B3AD-917265304DA4} => pcalua.exe -a H:\SETUP.EXE -d H:\
Task: {C03244B3-AF8C-4196-BE8F-8AC908D2205F} - System32\Tasks\{8374DF2E-A6E0-4F1F-B1FE-8022329D76D4} => pcalua.exe -a "C:\Users\John Murray\Downloads\Programs\jxpiinstall.exe" -d "C:\Users\John Murray\AppData\Roaming\IDM"
Task: {C10A0245-704E-43F3-80A1-DCD62FCC9075} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-16] (Dropbox, Inc.)
Task: {C2357873-441B-4C3A-9FEC-5E857C7B2A63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {D95E0D19-B66F-4DE5-8283-5F53F89225A5} - System32\Tasks\{FCA99922-13D5-4EAF-A585-F2F4CC4944CD} => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2016-12-15] (Tonec Inc.)
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\SysWOW64\BthUdTask.exe [2009-07-13] (Microsoft Corporation)
Task: {FC67B32A-2E31-41FD-A20D-90AC71CAF07E} - System32\Tasks\HPCeeScheduleForJohn Murray => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJohn Murray.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\John Murray\AppData\Local\684d0\444b9.lnk -> C:\Users\John Murray\AppData\Local\684d0\f69bc.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2016-02-06 17:00 - 2016-01-22 20:04 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-01 13:10 - 2016-11-01 13:10 - 00052400 _____ () D:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () D:\Program Files\Unlocker\UnlockerCOM.dll
2016-03-17 11:06 - 2015-02-27 13:38 - 00721263 _____ () C:\Windows\SysWOW64\ISCM64.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 17:38 - 2015-12-17 17:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-06 16:53 - 2016-01-11 23:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2013-10-17 14:27 - 2013-10-17 14:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2016-03-09 13:40 - 2016-03-09 13:40 - 00030720 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2016-06-03 14:37 - 2016-06-03 14:37 - 00607016 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2016-03-09 13:40 - 2016-03-09 13:40 - 00059392 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2016-03-09 13:40 - 2016-03-09 13:40 - 00035864 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2016-03-09 13:40 - 2016-03-09 13:40 - 00079888 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2016-03-09 13:41 - 2016-03-09 13:41 - 00129016 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2016-03-09 13:42 - 2016-03-09 13:42 - 00223240 _____ () d:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-05-18 10:14 - 2016-01-11 23:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-03-17 11:06 - 2016-06-20 13:51 - 01506304 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2016-03-17 11:06 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2017-01-23 19:13 - 2017-01-18 13:39 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-01-23 19:13 - 2016-12-21 03:44 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-01-23 19:13 - 2016-12-21 03:44 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-01-23 19:13 - 2016-12-21 03:44 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-01-23 19:13 - 2016-12-21 03:44 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-01-23 19:13 - 2016-12-21 03:45 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-01-23 19:13 - 2016-12-21 03:44 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-01-23 19:13 - 2016-12-21 03:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-01-23 19:13 - 2016-12-21 03:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-01-23 19:13 - 2016-12-21 03:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00052032 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-01-23 19:13 - 2016-12-21 03:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-01-23 19:13 - 2016-12-21 03:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-01-23 19:13 - 2016-12-21 03:47 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-01-23 19:13 - 2016-12-21 03:47 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-01-23 19:13 - 2016-12-21 03:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-01-23 19:13 - 2016-12-21 03:47 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-01-23 19:13 - 2016-12-21 03:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-23 19:13 - 2016-12-21 03:47 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-01-23 19:13 - 2016-12-21 03:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-01-23 19:13 - 2017-01-18 13:42 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-01-23 19:13 - 2016-12-21 03:50 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-01-23 19:13 - 2016-12-21 03:50 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-01-23 19:13 - 2017-01-18 13:42 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-01-23 19:13 - 2016-12-21 03:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-01-23 19:13 - 2017-01-18 13:42 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-01-11 03:00 - 2017-01-11 03:00 - 19762776 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-08-24 16:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-536838509-1392972519-1708301710-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John Murray\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 78.46.223.24 - 162.242.211.137
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3444984E-352C-4AF9-A4BD-1D8FE34D6D1C}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EA261625-F04E-416E-A79B-FC0103D30C24}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FA38BDD0-CA17-4642-8AC4-F5C2624E0F2A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DC7E05E3-B172-412B-8F60-9E58F489FB9B}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C318DEDD-E2E0-4DFE-8AE9-2644221225DE}] => C:\Users\John Murray\AppData\Local\Temp\7zS1B8D\HPDiagnosticCoreUI.exe
FirewallRules: [{5264D55E-D346-4CC8-974D-29DADAAFB796}] => C:\Users\John Murray\AppData\Local\Temp\7zS1B8D\HPDiagnosticCoreUI.exe
FirewallRules: [{3D96A418-B82B-4845-AF68-FDFEB1037A24}] => C:\Users\John Murray\AppData\Local\Temp\7zS3C2E\HPDiagnosticCoreUI.exe
FirewallRules: [{7F655CCE-529A-4361-9643-968881E8DF0A}] => C:\Users\John Murray\AppData\Local\Temp\7zS3C2E\HPDiagnosticCoreUI.exe
FirewallRules: [{8ABF7FD2-3FA1-48AE-9EAC-170323A34E94}] => C:\Users\John Murray\AppData\Local\Temp\7zS6357\HPDiagnosticCoreUI.exe
FirewallRules: [{8F4906C3-1EE1-459A-A506-829F714895F6}] => C:\Users\John Murray\AppData\Local\Temp\7zS6357\HPDiagnosticCoreUI.exe
FirewallRules: [{D4613CCA-A63B-4C60-B708-3D35838DF2FF}] => C:\Users\John Murray\AppData\Local\Temp\7zS1E03\HPDiagnosticCoreUI.exe
FirewallRules: [{B100E05C-572D-407B-8799-8DE2D7CF65DE}] => C:\Users\John Murray\AppData\Local\Temp\7zS1E03\HPDiagnosticCoreUI.exe
FirewallRules: [{B135D577-A0D6-4558-8C12-1CA605DE5296}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D121C91B-29F3-435E-A828-ED4CA4F96C7A}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B7B1C181-82A8-4E2D-84C1-E2A4F8429200}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{235667B9-7513-4A9B-848D-2CD8F6124C8F}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8EEE0A6F-4B73-440A-A3CE-2078603B9140}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{02E904FA-BB0B-4AD4-A68D-FD6C23DFA68E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{00150E49-EDDC-42D0-8CC8-6341A83A5AE7}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2E1AAC86-E85F-4C0D-A178-ABA701B4D9AE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{41C121F5-F7AF-4BA3-9A7A-45D3DABB41DC}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DFEF1763-4AA9-440D-B5F6-49DA9315DF44}D:\program files (x86)\netgear genie\bin\netgeargenie.exe] => D:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{8D324052-3B12-44A9-B435-C24B57F0DC4C}D:\program files (x86)\netgear genie\bin\netgeargenie.exe] => D:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{200A4EDB-C627-4E76-9030-792C86164F12}] => D:\Program Files\Vuze\Azureus.exe
FirewallRules: [{F6D6DB0D-3A1E-4FDF-A95E-830A197F2F9B}] => D:\Program Files\Vuze\Azureus.exe
FirewallRules: [{38050CBF-31D7-4FCD-BE85-A773CD06AC3F}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{21B5DAA6-CFD1-4343-9DC4-05B97856CBA7}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{397C2D32-7D4B-4D6F-BDA0-EF9B4F84C228}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2FA2E1CF-7C7F-4002-ACAF-1D40565E72F1}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{741EEDCF-CD66-4374-9D95-0CE9A5745F55}] => D:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1C0EE988-2E53-4B7B-A2CA-0D02505304E8}] => d:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{51B81026-E7A9-4816-90D9-1F1A82F96E40}] => C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{C9624E60-13EC-4E7F-9AA4-C086FF8EABA8}] => C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{D74C62D8-9937-430E-9F2B-D2D90B842D80}] => C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{0EC60412-CE1A-4F6A-B448-B18A2525CAEE}] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{83424099-D0DD-4C57-8A5C-ABBBA7D29294}] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{AED238B9-EDD7-43D5-B71D-91A901EB33B1}] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{F3C42746-CC96-4D36-8234-EB72F1D4000F}D:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => D:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [UDP Query User{7E981D90-F243-42B7-8232-C83CF66CF6B6}D:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => D:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [TCP Query User{6D1E79EC-464A-49CE-991F-45591551BD51}D:\program files\filezilla ftp client\filezilla.exe] => D:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{E52F390F-E623-4887-B37A-BEF13B613CD4}D:\program files\filezilla ftp client\filezilla.exe] => D:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [TCP Query User{16E6AF1F-D7DA-4BAB-948B-5260883DBB25}C:\program files\webroot\wrsa.exe] => C:\program files\webroot\wrsa.exe
FirewallRules: [UDP Query User{4D71E746-B1CC-4454-A044-070E06BD31A9}C:\program files\webroot\wrsa.exe] => C:\program files\webroot\wrsa.exe
FirewallRules: [{E03CCCD5-8299-47AE-B3E6-B557A610BDB0}] => d:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{B049E54B-A515-4977-BEFA-F35B3F7147A2}] => D:\Program Files\Vuze\Azureus.exe
FirewallRules: [{E435FC1A-0D2E-4F24-B921-D5DBBBEBCF7D}] => D:\Program Files\Vuze\Azureus.exe
FirewallRules: [TCP Query User{FC8E00F4-6D80-4A52-8AFD-B004BDF7A549}D:\program files (x86)\kodi\kodi.exe] => D:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{FAFADA60-8125-4464-8C37-32962B6DA0C4}D:\program files (x86)\kodi\kodi.exe] => D:\program files (x86)\kodi\kodi.exe
FirewallRules: [{2B1148FD-1CEF-46A3-8AFA-1CD7072518D6}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{A5860BF3-A323-40C9-8EBC-E0BB8E0D433E}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{40DFED33-BE5D-402D-BE3A-FFF3D12B6BC9}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

17-01-2017 02:53:21 Windows Update
24-01-2017 02:06:45 Windows Update
26-01-2017 20:51:04 Revo Uninstaller Pro's restore point - Skype Click to Call
27-01-2017 13:56:10 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2017 09:13:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 51.0.1.6234, time stamp: 0x5888f707
Faulting module name: mozglue.dll, version: 51.0.1.6234, time stamp: 0x5888f27e
Exception code: 0x80000003
Fault offset: 0x0000ec83
Faulting process id: 0x21c4
Faulting application start time: 0x01d279895f68220d
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: 8107e95c-e5c8-11e6-b85b-00183908cc44

Error: (01/27/2017 01:48:42 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/26/2017 09:58:56 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/26/2017 09:14:14 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/26/2017 08:50:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {87151f78-34e7-472f-918a-b6d02242ce77}

Error: (01/25/2017 07:07:57 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/23/2017 07:14:05 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/23/2017 07:14:03 PM) (Source: DbxSvc) (EventID: 270) (User: )
Description: Filter Unload failed with: (-2145452013) The system could not find the filter specified.

Error: (01/23/2017 08:34:18 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location R:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/23/2017 08:19:31 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.


System errors:
=============
Error: (01/27/2017 01:59:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.235.1404.0).

Error: (01/27/2017 01:52:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/27/2017 01:52:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (01/27/2017 01:51:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/27/2017 01:51:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

Error: (01/27/2017 01:48:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The windrvNT service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/26/2017 10:00:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} did not register with DCOM within the required timeout.

Error: (01/26/2017 09:59:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The windrvNT service failed to start due to the following error:
The system cannot find the file specified.

Error: (01/26/2017 09:57:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WRSVC service failed to start due to the following error:
The pipe has been ended.

Error: (01/26/2017 09:57:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WRSVC service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 940 @ 2.93GHz
Percentage of memory in use: 75%
Total physical RAM: 4087.11 MB
Available physical RAM: 1003.76 MB
Total Virtual: 8172.4 MB
Available Virtual: 3757.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:365.54 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (2 TB) (Fixed) (Total:1863.01 GB) (Free:630.85 GB) NTFS
Drive e: (250 GB) (Fixed) (Total:232.88 GB) (Free:176.67 GB) NTFS
Drive f: (1 TB2) (Fixed) (Total:931.51 GB) (Free:931.11 GB) NTFS
Drive g: (1 TB) (Fixed) (Total:931.51 GB) (Free:725.62 GB) NTFS
Drive k: (WD SmartWare) (CDROM) (Total:0.6 GB) (Free:0 GB) UDF
Drive l: (Backups) (Fixed) (Total:428.85 GB) (Free:329.31 GB) NTFS
Drive m: (WII HACKS) (Fixed) (Total:2 GB) (Free:1.81 GB) FAT32
Drive n: (kij) (Fixed) (Total:500 GB) (Free:499.8 GB) NTFS
Drive p: (PS3USB30FD) (Removable) (Total:29.5 GB) (Free:29.35 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 276CCD4C)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CC837373)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 446E446E)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 227EEA93)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 227EEB55)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 29.6 GB) (Disk ID: 9AA4B2BD)
Partition 1: (Not Active) - (Size=29.5 GB) - (Type=0C)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 930.9 GB) (Disk ID: 213A8431)
Partition 1: (Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=2 GB) - (Type=0C)
Partition 3: (Not Active) - (Size=428.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

I think that's everything.  Let me know.

 

Thanks



#4 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 30 January 2017 - 01:53 PM

Hi John,
Thank you for Logs.
=========================
İmportant:

Webroot SecureAnywhere - Enabled
Windows Firewall is enabled.

 
Multiple Firewall Programs installed and enabled!
I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause.  Firewall programs take up an enormous amount of your computer's resources when they are actively scanning your computer.  Having two     Firewall programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
========================================================================================
uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.
 
I see you use RevoUninstaller.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

  • Programs to remove
    • Bing Bar
    • Coupon Printer for Windows
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.

============================================================================
 
FRST Script:

  • Please make sure your browsers are closed before continuing.
  • Be sure to temporarily disable all antivirus/anti-spyware softwares

Please download this attached Attached File  Fixlist.txt   14.51KB   12 downloads  downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.

 

Any issues ?

 

Regards,
Yılmaz


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 31 January 2017 - 04:48 PM

Hi,are you still with me?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 jwmghf

jwmghf
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 31 January 2017 - 06:37 PM

Hey Olgun52.  I think I removed it myself, please feel free to close this thread.  And thanks for your support!!!



#7 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 01 February 2017 - 11:38 AM

OK.Thank you.

This issue are solved and closed.

 

Thanks

Yılmaz


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:02 PM

Posted 01 February 2017 - 11:38 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users