Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Malware creating issues in Chrome Browser


  • This topic is locked This topic is locked
9 replies to this topic

#1 CVTPo

CVTPo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 10 February 2017 - 10:58 AM

When using Chrome, the browser is redirected to different pages when clicking links. I have tried safemode startup w/out networking - then running Malware bytes (which removed several items). After which running a new complete scan with McAfee (which i have running all the time) and that found nothing.

 

After restarting normally, it looks like the infection is still present - not sure what to do: followed backup and prep instructions and have included the two .txt files contents below for your use.

 

Thank you for your help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-02-2017
Ran by Tim (administrator) on YOGA13-JTPOLLC (10-02-2017 08:21:37)
Running from C:\Utilities
Loaded Profiles: Tim (Available Profiles: Tim)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ShareFile) C:\Program Files\Citrix\ShareFile\Sync\SyncUpdateService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) F:\VPN\SoftEther VPN Client\vpnclient_x64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Lenovo) C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\ProgramData\YogaSmartSwicth\yogaserver.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP3LAK.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ShareFile) C:\Program Files\Citrix\ShareFile\Sync\ShareFileSync.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNACESWD.EXE
(SoftEther VPN Project at University of Tsukuba, Japan.) F:\VPN\SoftEther VPN Client\vpnclient_x64.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNACESWD.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Users\Tim\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
() C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) F:\VPN\SoftEther VPN Client\vpncmgr_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [21888 2012-07-30] ()
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253952 2013-05-07] (Realtek Semiconductor Corporation)
HKLM\...\Run: [yogaserver] => C:\ProgramData\YogaSmartSwicth\yogaserver.exe [208464 2012-10-02] ()
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-10-02] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-10-02] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [CNAP3 Launcher] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP3LAK.EXE [228520 2012-06-14] (CANON INC.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Citrix ShareFile Sync Monitor] => C:\Program Files\Citrix\ShareFile\Sync\ShareFileSync.exe [1559152 2016-12-19] (ShareFile)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => F:\VPN\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Lenovo EasyCamera_Monitor] => C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe [267128 2012-06-04] ()
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2016-12-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ScanSnap WIA Service Checker] => C:\WINDOWS\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [QBWinClient] => C:\ProgramData\SquirrelMachineInstalls\QBWinClient.exe [40813000 2016-12-05] (Intuit Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-228119544-4017362106-582598469-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [763000 2016-12-17] (Adobe Systems Incorporated)
HKU\S-1-5-21-228119544-4017362106-582598469-1001\...\Run: [Amazon Music] => C:\Users\Tim\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-20] ()
HKU\S-1-5-21-228119544-4017362106-582598469-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ 0SFCheckoutOverlayIcon] -> {BCA8B21D-24B1-44C1-A875-622D728E715C} => C:\Program Files\Citrix\ShareFile\Sync\ShareFileExplorerExt64.dll [2016-12-19] (© Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [ 0SFErrorOverlayIcon] -> {35F9FE7F-FE61-4B37-BEA6-28655A9E8C3F} => C:\Program Files\Citrix\ShareFile\Sync\ShareFileExplorerExt64.dll [2016-12-19] (© Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [ 0SFInProgressIcon] -> {BE078C89-F84B-423E-971B-7FC17861B57C} => C:\Program Files\Citrix\ShareFile\Sync\ShareFileExplorerExt64.dll [2016-12-19] (© Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [ 0SFInSyncOverlayIcon] -> {0050432A-27F4-43B0-872A-4C68EB384CC1} => C:\Program Files\Citrix\ShareFile\Sync\ShareFileExplorerExt64.dll [2016-12-19] (© Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [0SFAccessDeniedOverlayIcon] -> {304342C2-301C-440E-8AB3-4C9BBEB32D0E} => C:\Program Files\Citrix\ShareFile\Sync\ShareFileExplorerExt64.dll [2016-12-19] (© Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2016-10-27] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ 0SFCheckoutOverlayIcon] -> {BCA8B21D-24B1-44C1-A875-622D728E715C} => C:\Program Files\Citrix\ShareFile\Sync\ShareFileExplorerExt.dll [2016-12-19] (© Citrix Systems, Inc.)
ShellIconOverlayIdentifiers-x32: [ 0SFErrorOverlayIcon] -> {35F9FE7F-FE61-4B37-BEA6-28655A9E8C3F} => C:\Program Files\Citrix\ShareFile\Sync\ShareFileExplorerExt.dll [2016-12-19] (© Citrix Systems, Inc.)
ShellIconOverlayIdentifiers-x32: [ 0SFInProgressIcon] -> {BE078C89-F84B-423E-971B-7FC17861B57C} => C:\Program Files\Citrix\ShareFile\Sync\ShareFileExplorerExt.dll [2016-12-19] (© Citrix Systems, Inc.)
ShellIconOverlayIdentifiers-x32: [ 0SFInSyncOverlayIcon] -> {0050432A-27F4-43B0-872A-4C68EB384CC1} => C:\Program Files\Citrix\ShareFile\Sync\ShareFileExplorerExt.dll [2016-12-19] (© Citrix Systems, Inc.)
ShellIconOverlayIdentifiers-x32: [0SFAccessDeniedOverlayIcon] -> {304342C2-301C-440E-8AB3-4C9BBEB32D0E} => C:\Program Files\Citrix\ShareFile\Sync\ShareFileExplorerExt.dll [2016-12-19] (© Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-05-07]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Motion Control.lnk [2012-10-02]
ShortcutTarget: Motion Control.lnk -> C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-05-07]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-05-07]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2014-10-12]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2017-02-02]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> F:\VPN\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{1de87fdd-8ee5-43ce-a0d9-27ec0a811b96}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{c1d4a635-d542-4691-9d8b-51bda335301a}: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
Internet Explorer:
==================
HKU\S-1-5-21-228119544-4017362106-582598469-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-228119544-4017362106-582598469-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-228119544-4017362106-582598469-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-228119544-4017362106-582598469-1001 -> DefaultScope {B9573895-3371-4933-9ED5-5B5E3493F3C3} URL = 
SearchScopes: HKU\S-1-5-21-228119544-4017362106-582598469-1001 -> {B9573895-3371-4933-9ED5-5B5E3493F3C3} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2016-03-22] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-03-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-03-31] (McAfee, Inc.)
 
FireFox:
========
FF DefaultProfile: yug1j8wi.default
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\yug1j8wi.default [2016-10-07]
FF Extension: (Disconnect) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\yug1j8wi.default\Extensions\2.0@disconnect.me.xpi [2016-06-21]
FF Extension: (Firefox Hotfix) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\yug1j8wi.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-10-06]
FF Extension: (HTTPS Everywhere) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\yug1j8wi.default\Extensions\https-everywhere@eff.org.xpi [2016-10-06]
FF Extension: (RequestPolicy Continued) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\yug1j8wi.default\Extensions\rpcontinued@amo.requestpolicy.org.xpi [2016-08-25]
FF Extension: (NoScript) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\yug1j8wi.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-10-06]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\yug1j8wi.default\features\{deee7152-c2cb-416b-b63d-fbeac7a96b82}\malware-remediation@mozilla.org.xpi [2016-10-06]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-01-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-04-21] [not signed]
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-228119544-4017362106-582598469-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Tim\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-07] (Citrix Online)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.cnn.com/"
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default [2017-02-10]
CHR Extension: (Google Slides) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (QuickBooks) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimncnjihlhfmagneecomiloklpjeagl [2014-10-15]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-01-22]
CHR Extension: (Google Sheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Google Play Music) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-06-06]
CHR Extension: (Jamstash) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccdpflnecheidefpofmlblgebobbloc [2014-10-15]
CHR Extension: (Project Viewer 365-Free) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpghmkgkalhonankenfklpmdgnilapp [2016-01-28]
CHR Extension: (Ghostery) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-01-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Fusion Tables (experimental)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfoeakahkgllhkommkfeehmkfcloagkl [2016-03-28]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR Extension: (draw.io (Legacy)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\plgmlhohecdddhbmmkncjdmlhcmaachm [2014-11-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-12-17]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [56832 2013-08-28] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R2 ctxShareFileSyncUpdate; C:\Program Files\Citrix\ShareFile\Sync\SyncUpdateService.exe [76912 2016-12-19] (ShareFile)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
S2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [36224 2012-07-30] ()
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [889704 2016-03-31] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe [1709096 2016-03-14] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [718248 2016-03-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2016-01-25] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-02-19] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1037048 2016-03-15] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [896456 2016-03-02] (Intel Security, Inc.)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-03-22] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-10-17] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-10-17] (Intuit Inc.) [File not signed]
R2 SEVPNCLIENT; F:\VPN\SoftEther VPN Client\vpnclient_x64.exe [5248456 2017-02-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ymc; C:\ProgramData\YogaSmartSwicth\Server\x64\ymc.exe [27216 2012-10-02] (Lenovo)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [79248 2016-01-29] (McAfee, Inc.)
R3 DptfDevPch; C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 leymc; C:\WINDOWS\system32\DRIVERS\leymc.sys [17240 2012-10-02] (Lenovo)
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [44480 2013-09-23] (hxxp://libusb-win32.sourceforge.net)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-09] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-10] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83608 2016-01-29] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [496368 2016-01-29] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.)
S3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2017-02-02] (SoftEther Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2015-11-19] (Realtek Semiconductor Corporation)
R3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3814400 2016-07-16] (Realtek Semiconductor Corporation                           )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2017-02-02] (SoftEther Corporation)
R3 SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-10 08:21 - 2017-02-10 08:21 - 00000000 ____D C:\FRST
2017-02-10 07:48 - 2017-02-10 07:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-10 07:32 - 2017-02-10 08:21 - 00000000 ____D C:\Utilities
2017-02-09 13:34 - 2017-02-10 07:54 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-02-09 12:46 - 2017-02-10 07:36 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-09 12:13 - 2017-02-10 07:44 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-09 12:13 - 2017-02-10 07:44 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-09 12:13 - 2017-02-09 12:45 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-09 12:13 - 2017-02-09 12:13 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-09 12:13 - 2017-02-09 12:13 - 00001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-09 12:13 - 2017-02-09 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-09 12:13 - 2017-02-09 12:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-09 12:13 - 2017-02-09 12:13 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-09 12:13 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-09 10:48 - 2017-02-09 10:48 - 00064591 _____ C:\Users\Tim\Desktop\Field Engineer Areas.kmz
2017-02-07 22:55 - 2017-02-07 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-06 21:38 - 2017-02-06 21:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-06 21:38 - 2017-02-06 21:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-06 21:38 - 2017-02-06 21:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-06 21:38 - 2017-02-06 21:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-06 17:25 - 2017-02-06 17:25 - 00000000 ____D C:\Users\Tim\AppData\Local\QBWinClient
2017-02-03 19:41 - 2017-02-03 19:41 - 00050953 _____ C:\Users\Tim\Downloads\November 30, 2016 - December 28, 2016.pdf
2017-02-03 19:41 - 2017-02-03 19:41 - 00049753 _____ C:\Users\Tim\Downloads\December 29, 2016 - January 30, 2017.pdf
2017-02-03 19:41 - 2017-02-03 19:41 - 00046820 _____ C:\Users\Tim\Downloads\October 29, 2016 - November 29, 2016.pdf
2017-02-03 19:40 - 2017-02-03 19:40 - 00051408 _____ C:\Users\Tim\Downloads\August 26, 2016 - September 28, 2016.pdf
2017-02-03 19:40 - 2017-02-03 19:40 - 00047342 _____ C:\Users\Tim\Downloads\September 29, 2016 - October 28, 2016.pdf
2017-02-03 19:40 - 2017-02-03 19:40 - 00045602 _____ C:\Users\Tim\Downloads\July 29, 2016 - August 25, 2016.pdf
2017-02-03 19:28 - 2017-02-03 19:29 - 00000000 ____D C:\Users\Tim\Downloads\CivitAZ
2017-02-02 16:54 - 2017-02-02 16:54 - 00038216 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\Neo6_x64_VPN.sys
2017-02-02 16:53 - 2017-02-02 16:53 - 00143816 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\WINDOWS\system32\vpncmd.exe
2017-02-02 16:53 - 2017-02-02 16:53 - 00000953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
2017-02-02 16:53 - 2017-02-02 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2017-02-02 16:52 - 2017-02-02 16:52 - 00051024 _____ (SoftEther Corporation) C:\WINDOWS\system32\Drivers\SeLow_x64.sys
2017-01-31 10:44 - 2017-01-31 10:44 - 00068856 _____ C:\Users\Tim\Documents\59 Ave & Baseline.pdf
2017-01-27 15:08 - 2017-01-27 15:08 - 08694552 _____ C:\Users\Tim\Downloads\1481-Overall Xref.dwg
2017-01-27 12:53 - 2017-01-27 12:53 - 00000000 ___HD C:\OneDriveTemp
2017-01-26 09:38 - 2017-01-26 09:44 - 00001186 _____ C:\Users\Tim\Desktop\TDR 21B.csv
2017-01-25 07:46 - 2016-12-21 00:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 07:46 - 2016-12-20 21:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-23 13:46 - 2017-02-08 06:42 - 02582559 _____ C:\Users\Tim\Desktop\Parcel 16.1 Model Complex.psd
2017-01-23 08:20 - 2017-01-23 08:20 - 00000000 ____D C:\Users\Tim\AppData\Local\ShareFile
2017-01-21 18:58 - 2017-01-21 18:58 - 01190412 _____ C:\Users\Tim\Desktop\EnergySolutionsAnaylysts2016.pdf
2017-01-11 17:36 - 2017-01-11 17:36 - 00000880 _____ C:\Users\Tim\Desktop\dBpoweramp.lnk
2017-01-11 17:36 - 2017-01-11 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp
2017-01-11 17:35 - 2017-01-11 17:35 - 00000000 ____D C:\Program Files\dBpoweramp
2017-01-11 17:05 - 2017-01-11 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShareFile
2017-01-11 14:59 - 2017-02-02 18:50 - 00000000 ____D C:\Users\Tim\AppData\Roaming\dBpoweramp
2017-01-11 14:57 - 2017-01-11 17:36 - 00000000 ____D C:\Program Files\SpoonUninstall
2017-01-11 13:39 - 2017-01-11 13:39 - 00000000 ____D C:\WINDOWS\Panther
2017-01-11 09:39 - 2017-01-11 09:39 - 00588875 _____ C:\Users\Tim\Desktop\Reserve at Black Mtn 83rd Ave ROW abandonment v.2.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-10 07:54 - 2014-10-09 02:26 - 00000000 __RDO C:\Users\Tim\OneDrive
2017-02-10 07:49 - 2015-08-17 10:25 - 02173616 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-10 07:49 - 2014-10-08 22:18 - 00000000 ____D C:\Users\Tim\AppData\Local\VirtualStore
2017-02-10 07:44 - 2016-10-08 10:34 - 00017408 _____ C:\WINDOWS\SysWOW64\rpcnetp.dll
2017-02-10 07:44 - 2016-09-29 08:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-10 07:44 - 2016-09-29 07:50 - 00029336 _____ C:\WINDOWS\system32\wpbbin.exe
2017-02-10 07:44 - 2016-09-29 07:50 - 00017408 ____N C:\WINDOWS\SysWOW64\rpcnetp.exe
2017-02-10 07:44 - 2016-09-29 07:50 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.exe
2017-02-10 07:44 - 2014-10-09 01:16 - 00000000 __SHD C:\Users\Tim\IntelGraphicsProfiles
2017-02-10 07:44 - 2014-10-08 22:31 - 00078032 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\rpcnet.dll
2017-02-10 07:43 - 2016-07-15 23:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-10 07:39 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-10 07:35 - 2012-10-02 02:31 - 00000000 ____D C:\ProgramData\Realtek
2017-02-10 07:24 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-10 07:24 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-10 07:15 - 2016-09-29 07:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-10 07:09 - 2014-10-09 12:10 - 00000000 ____D C:\Users\Tim\AppData\Local\Adobe
2017-02-09 16:38 - 2014-10-08 22:18 - 00000000 ____D C:\Users\Tim\AppData\Local\Packages
2017-02-08 15:53 - 2016-09-29 07:53 - 00000000 ____D C:\Users\Tim
2017-02-08 13:45 - 2016-07-15 23:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-02-07 22:56 - 2015-09-07 21:52 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-07 11:00 - 2016-11-18 10:08 - 00000000 ____D C:\Users\Tim\Desktop\Temp
2017-02-07 08:58 - 2014-10-15 18:40 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 17:26 - 2014-10-09 11:21 - 00000000 ____D C:\Program Files (x86)\Intuit
2017-02-06 17:25 - 2016-10-13 07:17 - 00000000 ____D C:\Users\Tim\AppData\Local\SquirrelTemp
2017-02-05 21:25 - 2014-10-09 11:21 - 00000000 ____D C:\Users\Public\Documents\Intuit
2017-02-05 14:48 - 2016-11-19 01:02 - 00000000 ____D C:\Users\Tim\AppData\Roaming\AIMP
2017-02-05 00:28 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-04 07:44 - 2016-10-08 10:25 - 00000000 ____D C:\Users\Tim\Desktop\Expedition Records
2017-02-03 10:42 - 2014-10-29 10:07 - 00000132 _____ C:\Users\Tim\AppData\Roaming\Adobe PNG Format CS5 Prefs
2017-02-03 09:22 - 2016-05-31 17:44 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Mp3tag
2017-02-02 19:19 - 2015-03-14 22:03 - 00000000 ____D C:\Users\Tim\AppData\Local\Amazon Music
2017-02-02 16:54 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-01 22:26 - 2017-01-04 12:24 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Audacity
2017-01-25 10:56 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-18 22:35 - 2016-12-12 21:00 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-18 22:35 - 2015-08-17 10:23 - 00002413 _____ C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-18 03:13 - 2016-09-29 08:06 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2017-01-18 03:13 - 2016-09-13 06:46 - 00001974 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2017-01-18 03:13 - 2014-12-03 17:24 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-18 03:13 - 2014-11-07 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-01-18 03:13 - 2014-11-07 10:38 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-01-17 11:33 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-11 18:40 - 2014-10-09 12:10 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2017-01-11 18:40 - 2014-10-09 12:10 - 00002298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2017-01-11 18:40 - 2014-10-09 12:10 - 00002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2017-01-11 18:27 - 2016-09-29 08:06 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 15:05 - 2017-01-07 09:49 - 00000000 ____D C:\Users\Tim\AppData\Roaming\AccurateRip
2017-01-11 14:49 - 2017-01-07 09:49 - 00000000 ____D C:\Program Files (x86)\Exact Audio Copy
2017-01-11 14:07 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-11 14:06 - 2014-10-09 09:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-11 13:40 - 2014-10-08 22:13 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 13:39 - 2016-09-29 07:50 - 00510584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-11 12:32 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 12:32 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 12:32 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 12:32 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 12:32 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 10:51 - 2014-10-08 22:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 10:47 - 2014-10-08 22:42 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2014-10-08 22:19 - 2014-10-09 12:34 - 0014919 _____ () C:\Users\Tim\AppData\Roaming\AbsoluteReminder.xml
2016-07-04 11:39 - 2016-08-21 21:45 - 0000132 _____ () C:\Users\Tim\AppData\Roaming\Adobe GIF Format CS5 Prefs
2014-10-29 10:07 - 2017-02-03 10:42 - 0000132 _____ () C:\Users\Tim\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-08-14 10:51 - 2015-08-18 12:56 - 0001456 _____ () C:\Users\Tim\AppData\Local\Adobe Save for Web 12.0 Prefs
2014-10-08 22:18 - 2017-02-10 07:44 - 0095072 _____ () C:\Users\Tim\AppData\Local\BTServer.log
2016-09-29 07:51 - 2016-09-29 07:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-09 19:01
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2017
Ran by Tim (10-02-2017 08:22:49)
Running from C:\Utilities
Windows 10 Home Version 1607 (X64) (2016-09-29 15:08:33)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-228119544-4017362106-582598469-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-228119544-4017362106-582598469-503 - Limited - Disabled)
Guest (S-1-5-21-228119544-4017362106-582598469-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-228119544-4017362106-582598469-1005 - Limited - Enabled)
Tim (S-1-5-21-228119544-4017362106-582598469-1001 - Administrator - Enabled) => C:\Users\Tim
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.19 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
AIMP (HKLM-x32\...\AIMP) (Version: v4.11.1841, 09.10.2016 - AIMP DevTeam)
Amazon Music (HKU\S-1-5-21-228119544-4017362106-582598469-1001\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Autodesk DWG TrueView 2017 - English (HKLM\...\DWG TrueView 2017 - English) (Version: 21.0.301.0 - Autodesk)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BSXinsight (HKLM-x32\...\{3167b158-8cb1-4482-9099-7daaa6c12033}) (Version: 2.1.3.22560 - BSX Athletics)
BSXinsight (x32 Version: 2.1.3.22560 - BSX Athletics) Hidden
BSXinsight Driver (x32 Version: 2.0.0 - BSX Athletics) Hidden
Canon LBP7100C 7110C Uninstaller (HKLM\...\Canon LBP7100C 7110C) (Version: 5, 4, 0, 0 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix ShareFile Sync (HKLM-x32\...\{2d6d89c5-e6c7-4ab8-bbcd-51cead4bd934}) (Version: 3.11.119.0 - Citrix Systems, Inc.)
Citrix ShareFile Sync (Version: 3.11.119.0 - Citrix Systems, Inc.) Hidden
Color Matching System (HKLM-x32\...\{A0307120-889A-11D8-8627-00055DFD8F8E}) (Version:  - )
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
dBpoweramp (HKLM-x32\...\dBpoweramp) (Version: Release 16.1 - Illustrate)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0002 - Microsoft Corporation)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DWG TrueView 2017 - English (Version: 21.0.301.0 - Autodesk) Hidden
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
FileZilla Client 3.16.1 (HKU\S-1-5-21-228119544-4017362106-582598469-1001\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9fbf4745-0038-4ed3-aee1-87af9b9ef8f1}) (Version: 5.1.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.1.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.5.1080 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intelligent Touchpad (HKLM-x32\...\{DD7D6D84-93AB-48CA-A759-94324E341CBA}) (Version: 2.00.0012.0723 - Lenovo)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Lenovo EasyCamera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.5.13 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Transition (HKLM\...\Lenovo Transition) (Version: 1.4.2.20 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.8185 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-228119544-4017362106-582598469-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Support and Recovery Assistant for Office 365 (HKU\S-1-5-21-228119544-4017362106-582598469-1001\...\4415f693b586d348) (Version: 16.0.1429.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Motion Control (HKLM\...\Motion Control) (Version: 1.1.2.41 - Lenovo)
Mp3tag v2.80 (HKLM-x32\...\Mp3tag) (Version: v2.80 - Florian Heidenreich)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Project Plan 365 (HKLM-x32\...\{A3CB5827-3F25-488B-863C-96288DB8D87C}) (Version: 3.2.7 - Housatonic)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
QuickBooks (HKU\S-1-5-21-228119544-4017362106-582598469-1001\...\QBWinClient) (Version: 1.3.0.185 - Intuit Inc.)
QuickBooks (x32 Version: 23.0.4017.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4003.2305 - Intuit Inc.)
Quicken 2016 (HKLM-x32\...\{519B4ED1-AF5F-4812-B2A8-B18D783AEFE8}) (Version: 25.1.8.5 - Intuit)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.754.754.082813 - REALTEK Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN and Bluetooth Driver (HKLM-x32\...\{B6322D12-A133-4128-8306-DAFFF7231152}) (Version: 1.00.0193 - REALTEK Semiconductor Corp.)
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V4.0L20(Windows7) - PFU)
ShareFile Outlook Plug-in (HKLM-x32\...\{14D2A3A6-0000-40A8-83E8-356E931E6D3D}) (Version: 4.3.978.0 - Citrix Systems, Inc.)
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17354 - Microsoft Corporation)
Windows Driver Package - BSX Athletics CDM Driver Package - VCP Driver (08/26/2014 2.12.00) (HKLM\...\8C130409C797A67834708935F2AB7664EA829FB7) (Version: 08/26/2014 2.12.00 - BSX Athletics)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02) (HKLM\...\498B9978CE49397903524B0761200F43EC650044) (Version: 07/12/2010 2.08.02 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (07/12/2010 2.08.02) (HKLM\...\67170FB0228B69BCCBEF8CE14A76953A5505D8EA) (Version: 07/12/2010 2.08.02 - FTDI)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Wrike Outlook Add-In (HKU\S-1-5-21-228119544-4017362106-582598469-1001 Version: 3.6.0.0 - Wrike.com) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{0108CBF2-70F6-3B31-8E60-DB513DB2094D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{016E6FB6-DE93-3DCA-95BB-183EFAAD65CD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{018E764A-7318-3B11-B202-6E52824208EC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{0337E691-CC21-3C17-BECB-AB96DE8310F4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{08F79193-8EB8-3049-8B73-9FD24CF2459B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{0B57DACD-416C-3AE5-B4F3-631C22419238}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{0DC19043-DE9A-38AD-8CC4-778E70242E8F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{0F11CCA8-F0A3-32BF-A1E9-B7F255D98F72}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{0F89E439-F1D5-327D-BCFD-43B070C9C267}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{0FD10A70-B9B9-3FF9-BC1D-2D01025CA345}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{103EBC35-91F8-3715-9DE5-FCBA23EB6AC2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{132F09B3-002D-31D6-8BCD-3F09445D503D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{15D54A5F-D423-3A9A-989F-E734F789FEAA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{162352BF-2F24-39A4-A1D2-0967111CF00C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{16D047F2-63FC-31BE-A968-82EA67C405E0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{188CC8AA-D3C5-32FF-A0C7-F89B3BCD1A89}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{18D38FA9-AE9A-3336-8688-23CA6CCEEB8E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{1AE2C6BD-75A1-3F3E-B0EC-AB6D8246BDEE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{1C0BCB95-4B65-3CB3-AE52-9AF9F62CF397}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{1CC21C9C-9BAE-318F-B122-F20F0DC0A63D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{1DCBA528-1872-3C4B-9857-A1E6546186EA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{21278E09-A4F0-3DFD-848B-E7F66C0D7FD8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{21CC0939-56EC-3B64-9070-A4860C53D52F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{23951269-904A-3DA1-9463-936DAB44727E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{241921C1-FEFA-3250-84EA-88574F7C1124}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{25444212-EBBA-36EA-AEF0-B9C58D48CE69}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{28B54CBE-51A3-309F-9323-5B91D2A4DE6D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{2AA6A98F-C46A-3B3D-B471-4875225BE2C3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{2C165426-7F55-302E-89C0-DBC3DAD00275}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{2E6A68B3-B960-3B93-8C3C-4D1935A3AB27}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{2E6F9AEC-D5D8-34A7-AD86-10E3982D6E5E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{2F8A2938-29E9-3C04-9AB3-C47F5461D9AB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{31CC4BD9-B1C3-30DC-9170-CE5C0DB9BF84}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{34B9C617-9BB6-3C5B-9914-BDEA6C212FEE}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{36E5EB3C-C1E6-3E08-A748-46576643FDE2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{3A0D3723-956B-393A-A5D1-339BE6920E3D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{3CF76199-7CC9-329C-81B6-FDFB0F451D84}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{3DB5032D-CBEC-3D22-9843-E46890E52762}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2017 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{40FFAE88-3BC9-3D32-8D7F-2880D805FA62}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{429E0B9D-A8EE-3FBF-A383-1BE6ECDCC3DA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{46BD40A9-123F-3292-BBF4-27FCEEA4B804}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{476E1190-578C-35F2-A2D3-A66070C4797E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{485497BD-86FF-3781-A369-3CF2FC3BDFB2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{4E2C80EC-B615-33D3-A82A-47F06E4D9D34}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{508A50A9-58FC-315D-B574-60E91F790F97}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{54316E82-12F1-3EF5-9EAF-570DA785CFA5}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{5596D30E-7682-32B3-9F58-F7B1F47AE9A7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{5744CF47-5BB9-360E-8233-78639D414B78}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{5867CA17-8D15-3E22-8A69-146F21CEEC15}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{587A6830-6BAE-300F-9115-BC6A070D8ABD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{59AEE05E-94A5-3558-B7E8-07FB64D311BB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{5D95C806-2F8A-3DB9-B78E-2551A16E9554}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{5E5759B0-8D54-3901-A928-B5CBBBB67527}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{6121AA2C-37DE-3657-8A21-33761DBE6F6E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{63F70FCF-2FF8-3D8B-98E8-492F3484A2AB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{66C9C553-AE4F-3690-90C1-851EAC192456}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{670D9537-898E-35F3-85D5-224A25C8EFFF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{695D9D67-11E7-3412-A873-6B2B30299FFA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{6B4045D9-ECB7-3ECA-93AB-43ECF81B8480}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{6C80BBB0-97FD-3DD1-ADE3-EB15ECBBF88F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{6DE44593-E602-344B-8384-E7E61AD4FA18}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{6EADDA8E-9818-3A71-B7A6-9D5AC0B4E928}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{6F75C877-6698-3FEC-A017-229745D150C9}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{70039A3C-136B-3540-ACBA-CA5F34E1124F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{71E7721A-0366-3B94-94C1-4D58A7E3D811}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{720DB9AF-D62C-4ED0-A377-429C22312852}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2017 - English\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{77F45013-FFF2-3CBD-95D4-76637EA22391}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{791D351E-E272-349D-BE25-D781276AF1B7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{7B1DC76D-7ED5-35D4-B1C1-12D0FB8CF3EB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{7C857936-A5DD-38ED-92E2-898286A64E2C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{7DC0A54E-D7DE-36A5-A034-738BBA68A957}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{7E14E76C-B18D-3698-88B4-083DF420D726}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{7EF13C90-6941-3F39-81CD-AF833C8AB14A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{80ACD1F1-3984-3AF1-8DB8-33344A6D56D6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{810B21EF-BEC6-3E56-9082-ABA7292D9D5E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{81825EA7-6AC0-321C-A663-C622588C6A3E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{842F18C0-C6A3-3A64-9EA4-B03B7F9339CD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{8458ED1E-240F-3388-B94D-A3B31CCAEAB8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{85F3F59C-A3E6-3628-A713-0F62EB825681}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{86465CBD-B3C4-3732-A876-374ADA06E606}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{8702777B-A563-323A-91C3-BE3A708E53AF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{8787992F-4320-36C2-9C49-967E8070CFB3}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{88B73F3E-574E-3BB7-BEB6-4F0742E5ECF4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{8FC212BF-EAB5-35F1-B687-8475CD3D2B6A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{901CF45F-2D13-394B-84FD-578DB7008ED1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{90FFA381-55BC-3B63-A60C-8E4A08AD91F1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{91E5E36D-ECA1-3A27-AB64-9F7AEA3C6D12}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{9392B231-6335-3023-91B7-9A70FA80A318}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{9485E29C-0ABE-3605-90F1-1117C29C11C6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{967817B9-4DEE-3642-B1F9-4707501296B5}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{99C3E166-8AAA-3CB0-87EB-C506F79009B2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{9C2F28B5-3D68-3F7C-AF5F-E4332AC7EA8C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{9C7E6A63-0FFD-3AE5-AEA6-64FA50ABA1B4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{9CA6D9CC-3C9D-3A5A-BD3F-9C3CFBEC1613}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{9DD45EDF-7990-3002-90DD-6232BAB61CF4}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{9E69ED9D-6168-3D3C-A0AA-9CBEA41DEE7D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{9FF95F24-3F54-368A-9CB5-79C1446C2C96}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{A3192D0F-7DAF-37EE-8394-9DFA74EA091B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{A4066A5E-8CD9-33A1-BEFB-0CFAD54F365D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{A459BCD0-9E0A-3775-B1E1-3DD0623883C0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{A5686C7A-73EF-3451-9142-56D7CC8FE6BA}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{A6796FDF-113C-39DE-B205-EBBBAD7ACF23}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{A78C7D82-F072-3A23-A18F-1074BE926CBD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{A8C2C8D9-86BA-3C5D-B972-3FEC991880ED}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{A9698FF9-0123-3594-A6D3-9EAB809DD138}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{A9C86E6C-2CCC-30CF-838F-FF40221E1B75}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{AAFD4059-63CA-3061-8DCE-40970F68E1F6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{ACD19753-0476-3ECC-B90A-08B6309D0782}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{AF22E0AA-C3F4-37A5-81C6-DDDB3887F793}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{AFC44DA8-4A95-38BA-BC35-A6D8D3B468DC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{B002AEE6-30BC-391F-9420-BB99B2C73A2B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{B414CAFF-09E4-3314-A935-086A06C37473}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{B55FB199-316B-3DBA-BF62-49FA77CC743D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{B8DA5567-F92E-37C0-A2C8-D72BF4CF5EA6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{BAC33CB7-3619-3C7E-AA08-D57CA213B65A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{BAF6988B-4BCF-37E6-A5AE-2A2D0E50B2BB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{BC4E5C72-ED08-3D77-A17E-C1537D790A2A}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{BF389DCE-7DDB-3E17-B495-A7A646257895}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{C08D7835-B3B6-395D-A5C5-494329D87DDC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{C173F470-1A0C-345A-AD3C-3D1E4218C1FB}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{C2A0BA98-6024-3812-A9DF-5C2D0DC76F5F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{C2AB3E0C-B245-3C31-A89D-60001B71A1DD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{C7BE6E2B-F7B3-3D8A-819B-9ED165629F0E}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{C875C7DD-434D-3B6D-BD19-9EB9C9D22D31}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{C9605C8F-6A10-3620-B557-2860248783AC}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{C9F6BB7B-A895-3E09-BDAA-64F23C6780A7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{CA95090D-6035-3034-808C-F8C797B1688F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{CC528E6D-E957-38DF-B341-F20D24753444}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{CD7A8621-C964-3BD1-9394-BEBE75B8133B}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{CDF56E8A-62FB-3892-B28B-B3BA604DD1A8}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{CEA2142F-E7AB-4B90-9125-AFAF922AD437}\InprocServer32 -> C:\Users\Tim\AppData\Local\ShareFile\OutlookPlugin\adxloader64.Malone.dll ()
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{D2F2DE52-9635-37BF-870F-1CD44AD75EA2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{D3B06B3B-8F86-3686-B9F0-88C8DA15B006}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{D5B03406-8245-3269-8B16-EDC33A1C8CFD}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{D6D62A77-5080-3E24-A544-A5BC31166163}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{D6DAC85A-6E8A-3AF6-94D7-DC255BA8E4A6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{D926D1E9-BC98-3EC5-93A1-8FEE0EF01870}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{D9839DAE-14A0-35A3-BF3C-CCB8CEC2BB86}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{D9C6E0EB-51FE-3D64-B3FD-37249BA4F06C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{D9C813F9-D544-37E1-8889-9F0789F40FF1}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{DB8E5896-CDC4-388F-AB28-6EB7B7CB1C3D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{DD6865B5-C9DD-30CD-95C1-5F04473365D6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{DE802EAF-1038-377E-BFE5-35AD077B1A8D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{DF61AAE6-A9C1-3493-99DE-9740BD94D095}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{E0B3ACB7-0F04-3B2B-9594-6B37055E8306}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{E1CA0A34-5DC9-3AFD-871C-5715C7DD5B68}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{E202F408-FD15-380A-9EB2-7C5B3802A301}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{E2607E0C-6E5D-30A0-A3D7-10A152243140}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{E47F4679-E7A4-36E0-8A1A-5B88331E3370}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{E9552AB1-D872-32A3-B631-7F9138D37F72}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{EDADFE35-6DDC-3416-8C0C-EACE2FC86DB0}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{EFDCA087-352B-3CB4-ADBB-3BA41396FF73}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{F026A795-AF10-3D73-A635-3D96CE862FD2}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{F0C7E3E8-5502-3DCF-9F54-5E8E4181AC9D}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{F0E101A6-C589-33D4-BD9B-B670E4D8CD0F}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{F1BC60FA-42A0-375E-B11C-90638231C8A6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{F5779A8C-CFD5-35BB-8C0E-C4EFFBA9EFE7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{F80237B4-913C-3D92-81D6-4C26ED1421DF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{F9AD9EC0-80E6-3B2A-82D8-7921E021FFB6}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{FD1C52C9-B304-39A2-B68F-9FBF02A12B3C}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{FE1289CA-5761-3BCE-8CD2-037487843CFF}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{FE604573-DB85-3F51-B77B-336495395272}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-228119544-4017362106-582598469-1001_Classes\CLSID\{FF576A92-8B23-3AEC-8BB4-298D01B265D7}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0482D472-D398-4272-8C24-1A4745E50AA7} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-timpohlad@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)
Task: {07570A98-B1BC-4F64-8B07-AAA9AF32A590} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Tim\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {10C8629F-F0D3-4598-9966-06BD992321F5} - System32\Tasks\GoogleUpdateTaskMachineUA1d08ff0ca37c96c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1B865A97-18AC-4011-970E-1946EB32C281} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1C410CB7-4263-4BCC-B900-0D2038047054} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {1CA272A8-1C21-447A-B58B-C31527C64CEF} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-03-10] (McAfee, Inc.)
Task: {2034B8C3-9C25-4D30-90BB-3C88221F0496} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {31FDC81E-F326-4FC7-94F0-E543E121B38F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {359C11E4-492E-4BC5-BA6C-355391B04E65} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bfd787154ee4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {379325BC-C3D5-4D18-AAAF-F491E126930B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {40D05285-7451-43F6-A4DB-4106E920978E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4158C29A-7027-4F0B-AC30-70DA768F7A99} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {579E910C-1907-4C67-9DCD-9B186D7DDAC2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {59A10CE9-2CF7-4E34-84A6-3B33BF440731} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.)
Task: {5A6D1A1D-35A3-4A5A-89D6-FA1663ACA879} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-01-16] ()
Task: {5AAF5E0B-2402-4EAF-8A20-CFD71F6134FF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {692F7D57-FEFB-40BB-907F-5D0C9218A2E3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {74609859-EEF6-4F5A-AFBE-7174E997529E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7C1A04B5-3CD8-410D-B65D-7C87EBDF3150} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {7EFEB2A0-8954-4891-AFCD-A40B1B016B8E} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {80B7DF6B-F8CE-47F1-A7F5-B4169F830284} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {84F3EB0B-872E-48FF-B6B6-261902EAC7FA} - \WPD\SqmUpload_S-1-5-21-228119544-4017362106-582598469-1001 -> No File <==== ATTENTION
Task: {874EF9FF-2A05-4C10-9AC1-31D8E8CE937D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {89ED3D90-3988-4C2C-BB66-8253B6DA1EC3} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {8C007FEA-6286-4CDF-974D-39E17B708F96} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {8D206954-9D0A-4D6A-B757-ECEC5AB12027} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {946D39B0-EE23-463C-9325-90CB0D19688F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-28] (Microsoft Corporation)
Task: {AD952AD2-E71C-4C59-BB1E-A8ED952702AC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {BBA441D2-D3FA-4E17-A967-3F7A43D3DA53} - System32\Tasks\GoogleUpdateTaskMachineUA1d0422d150622b0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D12DAAAF-E67D-44AE-825D-73D11883CDBA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {D70A8592-D5F2-4E74-A9EE-0F45ED4A934B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D7363947-96AE-4959-8D5B-F7DB49B01864} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => sc.execonfig upnphost start= auto
Task: {D7DF6BE8-18AA-4424-AA67-7CA39362632D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {EA2E7F02-2CF2-47C8-BD9C-4C9651390D94} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0422d150622b0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d08ff0ca37c96c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 20:04 - 2016-12-09 03:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-18 15:17 - 2013-08-28 12:35 - 00056832 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2012-08-16 23:13 - 2012-07-30 04:26 - 00029056 _____ () C:\WINDOWS\system32\DptfParticipantProcessorService.exe
2012-08-16 23:13 - 2012-07-30 04:27 - 00030592 _____ () C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe
2016-11-17 01:28 - 2016-11-17 01:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-02 02:36 - 2012-10-02 02:36 - 00060760 _____ () C:\ProgramData\YogaSmartSwicth\Server\x64\dptf.dll
2012-08-16 23:13 - 2012-07-13 01:52 - 00021312 _____ () C:\WINDOWS\SYSTEM32\DptfPolicyConfigTDPDll.dll
2012-08-16 23:13 - 2012-07-13 01:52 - 00021312 _____ () C:\WINDOWS\SYSTEM32\DptfPolicyLpmDll.dll
2017-02-09 12:13 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-12-13 20:04 - 2016-12-09 03:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-19 11:39 - 2016-12-19 11:39 - 00194160 _____ () C:\Program Files\Citrix\ShareFile\Sync\libSFSyncEngine.dll
2016-12-19 11:39 - 2016-12-19 11:39 - 00065648 _____ () C:\Program Files\Citrix\ShareFile\Sync\libSFIPC.dll
2016-03-15 13:17 - 2016-12-28 10:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-05-12 02:49 - 2014-05-12 02:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-03-16 03:17 - 2016-03-16 03:17 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-09-29 12:41 - 2016-09-06 21:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 22:47 - 2016-12-21 00:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 22:47 - 2016-12-20 23:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 22:47 - 2016-12-20 23:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 22:47 - 2016-12-20 23:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 22:47 - 2016-12-20 23:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 22:47 - 2016-12-20 23:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 22:47 - 2016-12-20 23:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-29 07:51 - 2010-10-26 12:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2012-10-02 02:36 - 2012-10-02 02:36 - 00208464 _____ () C:\ProgramData\YogaSmartSwicth\yogaserver.exe
2016-12-19 11:39 - 2016-12-19 11:39 - 00906352 _____ () C:\Program Files\Citrix\ShareFile\Sync\sqlite3.DLL
2016-12-19 11:39 - 2016-12-19 11:39 - 00065648 _____ () C:\Program Files\Citrix\ShareFile\Sync\libSfIpc.dll
2015-03-14 22:03 - 2015-07-20 22:02 - 05887808 _____ () C:\Users\Tim\AppData\Local\Amazon Music\Amazon Music Helper.exe
2012-10-02 02:35 - 2012-10-02 02:35 - 00172624 _____ () C:\Program Files (x86)\Lenovo\MotionControl\MotionControl.exe
2012-06-04 02:47 - 2012-06-04 02:47 - 00267128 _____ () C:\Program Files (x86)\Lenovo EasyCamera\Monitor.exe
2016-11-08 18:14 - 2016-11-08 18:14 - 00326144 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-01-16 14:43 - 2017-01-16 14:43 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2012-10-02 02:35 - 2012-10-02 02:35 - 01620560 _____ () C:\Program Files (x86)\Lenovo\MotionControl\eyeKeys.dll
2012-10-02 02:35 - 2012-10-02 02:35 - 00030288 _____ () C:\Program Files (x86)\Lenovo\MotionControl\esmlib.dll
2016-03-22 21:49 - 2016-03-22 21:49 - 00529176 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
2016-03-22 21:49 - 2016-03-22 21:49 - 00269080 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
2016-03-22 21:50 - 2016-03-22 21:50 - 00021784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll
2016-03-22 21:50 - 2016-03-22 21:50 - 00415512 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
2016-03-22 21:50 - 2016-03-22 21:50 - 00128792 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll
2016-03-22 21:50 - 2016-03-22 21:50 - 00141592 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
2016-03-22 18:49 - 2016-03-22 18:49 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
2016-03-22 21:49 - 2016-03-22 21:49 - 00176920 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
2016-03-22 21:50 - 2016-03-22 21:50 - 00578840 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll
2016-03-22 21:50 - 2016-03-22 21:50 - 00042776 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
2014-10-12 21:15 - 2003-03-26 18:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2014-10-12 21:16 - 2006-10-12 15:14 - 00036864 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater.dll
2014-10-12 21:18 - 2007-02-27 19:34 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2014-10-12 21:18 - 2006-05-10 17:18 - 00010240 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SecurityManager.dll
2014-10-12 21:18 - 2006-05-10 17:18 - 00009216 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PolicyCommon.dll
2014-10-12 21:15 - 2005-07-08 11:36 - 00094208 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\f5bdkedr.dll
2014-10-12 21:15 - 1996-12-19 13:24 - 00068608 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\F5BDKAKU.DLL
2014-10-12 21:15 - 2003-11-20 21:56 - 00020480 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\ssIpl.dll
2014-10-12 21:15 - 2003-11-20 21:56 - 00294912 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\ssIplA6.DLL
2017-02-07 22:55 - 2017-02-06 21:48 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2015-12-13 22:58 - 2017-01-13 16:53 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2015-12-13 22:58 - 2017-01-13 16:53 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-13 22:58 - 2017-01-13 16:53 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-13 22:58 - 2017-02-06 21:50 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-13 22:58 - 2017-01-13 16:53 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-13 22:58 - 2017-01-13 16:54 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-02-07 22:55 - 2017-01-13 16:53 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-02-07 22:55 - 2017-01-13 16:54 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-02-07 22:55 - 2017-01-13 16:53 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-13 22:58 - 2017-01-13 16:56 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 10:59 - 2017-02-06 21:50 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-02-07 22:55 - 2017-01-13 16:53 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-02-07 22:55 - 2017-01-13 16:56 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-13 22:58 - 2017-01-13 16:56 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-13 22:58 - 2017-01-13 16:57 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-13 22:58 - 2017-02-06 21:50 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-13 22:58 - 2017-01-13 16:56 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-05 10:59 - 2017-02-06 21:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-13 22:58 - 2017-01-13 16:56 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-13 22:58 - 2017-01-13 16:56 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-13 22:58 - 2017-01-13 16:57 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-13 22:58 - 2017-01-13 16:57 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-13 22:58 - 2017-01-13 16:57 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-13 22:58 - 2017-01-13 16:56 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-13 22:58 - 2017-01-13 16:57 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-05 10:59 - 2017-01-13 16:55 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-13 22:58 - 2017-01-13 16:57 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-13 22:58 - 2017-01-13 16:54 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2015-12-13 22:58 - 2017-02-06 21:50 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-24 08:02 - 2017-02-06 21:50 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-04-14 18:43 - 2017-02-06 21:50 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-24 08:02 - 2017-02-06 21:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-24 08:02 - 2017-02-06 21:50 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-24 08:02 - 2017-02-06 21:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2015-12-13 22:58 - 2017-01-13 16:57 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-02-18 17:05 - 2017-02-06 21:50 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-02-07 22:55 - 2017-01-13 16:51 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-02-07 22:55 - 2017-02-06 21:50 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-02-07 22:55 - 2016-12-21 23:58 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-02-07 22:55 - 2017-02-06 21:50 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-07 22:55 - 2017-01-13 17:02 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-02-07 22:55 - 2017-01-13 17:02 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-02-07 22:55 - 2017-02-06 21:50 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2015-12-13 22:58 - 2017-01-13 16:57 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-05 10:59 - 2017-02-06 21:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-07 22:55 - 2017-02-06 21:50 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2015-09-07 21:53 - 2017-01-13 17:04 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2012-10-02 02:28 - 2012-06-24 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2017-02-07 08:58 - 2017-02-01 02:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 08:58 - 2017-02-01 02:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\WINDOWS\system32\CNCENPM6.dll:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\CNCENPMU.chm:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\CNCENPR6.dll:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\system32\CNCENPU6.dll:com.dropbox.attributes [168]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CNCENPM6.dll:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Tim\Desktop\1278 - Methods.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Tim\Desktop\8610 - Substructures.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Tim\Desktop\CenturyLink Potholes_updated 6-30-2016.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Tim\Desktop\schedules.xlsx:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-228119544-4017362106-582598469-1001\Control Panel\Desktop\\Wallpaper -> c:\users\tim\desktop\xmas\telluridephotographer.com-b.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{EA914216-2B0D-4486-A090-B4BA53811510}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{9E3C72AB-3AC6-43F9-88A2-A3A1E588930C}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{4FA3AE30-89D3-49D3-A3C9-F970F460EED2}] => C:\Users\Tim\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{DE91749F-D36C-4D31-93BA-8BE2CD9662AF}] => C:\Program Files (x86)\Drobo\Drobo Dashboard\Support\DDService.exe
FirewallRules: [{B0EC2084-C67E-4E18-9F65-BD629A92FD56}] => C:\Program Files (x86)\Drobo\Drobo Dashboard\Support\DDService.exe
FirewallRules: [{D3346631-FB9B-4A79-AEC4-26618B88B4D0}] => C:\Program Files (x86)\Drobo\Drobo Dashboard\Support\DDService.exe
FirewallRules: [{2764DCCF-E5EC-4532-B0E8-6E7AD1FC1630}] => C:\Program Files (x86)\Drobo\Drobo Dashboard\Support\DDService.exe
FirewallRules: [{45C6DF52-EC66-412A-89FF-97D5808B71D7}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BC4A8724-4BE2-400D-92C1-260916415392}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1730C5AA-72C1-4938-A647-9BC8317C1DA7}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4636D774-CA4C-42A9-8F05-8D55C8F345CF}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0C03D569-C552-402F-8FC4-42D73B1B1440}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E8FDECB2-06DF-4F82-A149-F92F45BB888E}] => F:\VPN\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{7A8717D4-0B73-4B5E-B330-C3291994B3AD}] => F:\VPN\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{19A99AFA-7D8A-4422-B4F3-4D763BE24AA2}] => F:\VPN\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{1968A918-AC0E-4BCA-B01F-E1C57DF82CF3}] => F:\VPN\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{BC5EE877-804D-403E-8F70-A51FA26AA832}] => F:\VPN\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{83917837-A0FD-4F4B-B25A-89EC272C857C}] => F:\VPN\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{C56C699F-9A03-4201-9817-881B1167773F}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{484C2793-7D8F-4F1C-84FF-396D2AE5437E}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: VPN Client Adapter - VPN
Description: VPN Client Adapter - VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SoftEther Corporation
Service: Neo_VPN
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/10/2017 07:46:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YOGA13-JTPOLLC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/10/2017 07:46:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YOGA13-JTPOLLC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/10/2017 07:46:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YOGA13-JTPOLLC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/10/2017 07:46:20 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (02/10/2017 07:46:20 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (02/10/2017 07:44:28 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
Error: (02/10/2017 07:41:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YOGA13-JTPOLLC)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/10/2017 07:41:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YOGA13-JTPOLLC)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/10/2017 07:40:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YOGA13-JTPOLLC)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/10/2017 07:40:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: YOGA13-JTPOLLC)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (02/10/2017 07:46:48 AM) (Source: DCOM) (EventID: 10001) (User: YOGA13-JTPOLLC)
Description: Unable to start a DCOM Server: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
 
Error: (02/10/2017 07:46:48 AM) (Source: DCOM) (EventID: 10001) (User: YOGA13-JTPOLLC)
Description: Unable to start a DCOM Server: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca
 
Error: (02/10/2017 07:46:37 AM) (Source: DCOM) (EventID: 10010) (User: YOGA13-JTPOLLC)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.
 
Error: (02/10/2017 07:44:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/10/2017 07:44:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SAService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (02/10/2017 07:44:18 AM) (Source: Application Popup) (EventID: 56) (User: )
Description: SCSI000000
 
Error: (02/10/2017 07:43:44 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (02/10/2017 07:43:44 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (02/10/2017 07:43:43 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (02/10/2017 07:43:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2016-09-29 07:52:30.433
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-29 07:52:30.428
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-29 07:52:30.423
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-29 07:52:30.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 77%
Total physical RAM: 3975.27 MB
Available physical RAM: 897.95 MB
Total Virtual: 6535.27 MB
Available Virtual: 3032.7 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:63.13 GB) (Free:6.13 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:8.49 GB) NTFS
Drive e: (OTG) (Fixed) (Total:476.94 GB) (Free:298.97 GB) NTFS
Drive f: (OTG) (Fixed) (Total:223.57 GB) (Free:58.11 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: FE91CAAA)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 8177CD3B)
Partition 1: (Not Active) - (Size=476.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 44AEBD83)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:13 AM

Posted 10 February 2017 - 12:19 PM

Greetings CVTPo and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-228119544-4017362106-582598469-1001 -> DefaultScope {B9573895-3371-4933-9ED5-5B5E3493F3C3} URL = 
SearchScopes: HKU\S-1-5-21-228119544-4017362106-582598469-1001 -> {B9573895-3371-4933-9ED5-5B5E3493F3C3} URL = 
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
  • Test Chrome
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log

Edited by Oh My!, 10 February 2017 - 12:38 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 CVTPo

CVTPo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 10 February 2017 - 05:25 PM

This it Tim, and thank you very much for your help! Below are the results from the two processes you asked me to run.

 

I will not do anything else until your direct me!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 10-02-2017
Ran by Tim (10-02-2017 14:50:08) Run:1
Running from C:\Utilities
Loaded Profiles: Tim (Available Profiles: Tim)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-228119544-4017362106-582598469-1001 -> DefaultScope {B9573895-3371-4933-9ED5-5B5E3493F3C3} URL = 
SearchScopes: HKU\S-1-5-21-228119544-4017362106-582598469-1001 -> {B9573895-3371-4933-9ED5-5B5E3493F3C3} URL = 
emptytemp:
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKU\S-1-5-21-228119544-4017362106-582598469-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-228119544-4017362106-582598469-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B9573895-3371-4933-9ED5-5B5E3493F3C3} => key removed successfully
HKCR\CLSID\{B9573895-3371-4933-9ED5-5B5E3493F3C3} => key not found. 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8493447 B
Java, Flash, Steam htmlcache => 2121 B
Windows/system/drivers => 24324988 B
Edge => 60887908 B
Chrome => 311681459 B
Firefox => 21346602 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 298896 B
NetworkService => 0 B
Tim => 1266510181 B
 
RecycleBin => 0 B
EmptyTemp: => 1.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:52:07 ====
 
# AdwCleaner v6.043 - Logfile created 10/02/2017 at 15:00:54
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-09.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Tim - YOGA13-JTPOLLC
# Running from : C:\Utilities\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Program Files (x86)\Amazon\ABB
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1013 Bytes] - [10/02/2017 15:00:54]
C:\AdwCleaner\AdwCleaner[S0].txt - [1303 Bytes] - [10/02/2017 15:00:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1159 Bytes] ##########
 

 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:13 AM

Posted 10 February 2017 - 05:55 PM

Greetings Tim. Nice to meet you.

How is Chrome behaving? Are you still being redirected and if so to what web pages?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 CVTPo

CVTPo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 10 February 2017 - 06:07 PM

Hi Gary, I've been popping back and forth on CNN, Politico, Amazon and CBS Sports and its working normal again. Thank you very much - what steps do you recommend next?

 

I was trying out some VPN software to try and get around the block in the states for European pro-cycling streaming because the spring classics season is starting and i can't get the races here. Maybe i downloaded something with the SoftEther VPN Client, or more likely earlier than that trying to figure out live coverage for the races.  

 

I probably should not be messing around with software or processes i don't completely understand, sorry.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:13 AM

Posted 10 February 2017 - 06:10 PM

Ah, a fellow bike rider!

I would like to follow up with 2 scans please.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 CVTPo

CVTPo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 10 February 2017 - 06:48 PM

Will do as requested: Universal Sports folding + BeIN dropping coverage of a lot of races in the US really put a damper on things just when we were starting to actually get access to some decent races here! NBCSn looks like they might be coming around, but there are a lot of good races we just don't get to see.

 

 



#8 CVTPo

CVTPo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 11 February 2017 - 01:17 AM

Gary,

 

ESET found no threats - uninstalled after finishing

 

here is the log for the Security Check - no problems with the computer that I've noticed

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender                     
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome (56.0.2924.87) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:13 AM

Posted 11 February 2017 - 11:27 AM

Excellent. Looks like we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,771 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:13 AM

Posted 13 February 2017 - 09:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users