Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System stops connecting to Internet after being online for a while


  • This topic is locked This topic is locked
2 replies to this topic

#1 Coayuco

Coayuco

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 17 February 2017 - 04:46 PM

I am runnig Windows 10 Home edition on a Dell Inspiron 660s with 8GB of RAM.

 

For the past few weeks, after being online for a while, it stops connecting to the Internet. This happens regardless of which browser I am using. If I reboot, I can connect again for a while and it stops connecting again.

 

I have McAfee Antivirus Plus, which tells me it detects no viruses. I have run Rkill and it finds no malware processes or services and no issues in the registry. The following are the FRST logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-02-2017 02
Ran by flore_000 (administrator) on JULIO-PC (17-02-2017 16:22:02)
Running from G:\PCUtilities
Loaded Profiles: flore_000 (Available Profiles: flore_000)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Wyse Technology Inc.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Logitech, Inc.) C:\ProgramData\LogiShrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(Dell) C:\Users\flore_000\AppData\Local\Apps\2.0\W1QQARZK.V88\N5ZPB44A.CC8\dell..tion_6d0a76327dca4869_0007.000b_df227eeaae3cac0d\DellSystemDetect.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8900104 2016-11-21] (Realtek Semiconductor)
HKLM\...\Run: [PocketCloud Location] => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe [933776 2012-10-24] (Wyse Technology Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1724536 2016-08-07] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79776 2012-10-15] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946144 2017-02-09] (SUPERAntiSpyware)
HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2913568 2016-12-16] (IObit)
HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\Run: [DellSystemDetect] => C:\Users\flore_000\AppData\Local\Apps\2.0\W1QQARZK.V88\N5ZPB44A.CC8\dell..tion_6d0a76327dca4869_0007.000b_df227eeaae3cac0d\DellSystemDetect.exe [310728 2017-02-10] (Dell)
HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-05-30]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-05-30]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-01-27]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\flore_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-09-22]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4f0e467e-1a60-45ce-81a3-87e4e146108b}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7c18b846-f876-4acd-90bf-6da27e4af9c3}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_112\bin\ssv.dll [2016-11-10] (Oracle Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-11-10] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\mcsniepl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\flore_000\AppData\Roaming\Mozilla\Firefox\Profiles\5as109j7.default-1484932500656 [2017-02-17]
FF Homepage: Mozilla\Firefox\Profiles\5as109j7.default-1484932500656 -> about:home
FF NetworkProxy: Mozilla\Firefox\Profiles\5as109j7.default-1484932500656 -> type", 0
FF Extension: (Popup Blocker Ultimate) - C:\Users\flore_000\AppData\Roaming\Mozilla\Firefox\Profiles\5as109j7.default-1484932500656\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2017-02-05]
FF Extension: (Video DownloadHelper) - C:\Users\flore_000\AppData\Roaming\Mozilla\Firefox\Profiles\5as109j7.default-1484932500656\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-01-25]
FF Extension: (Adblock Plus) - C:\Users\flore_000\AppData\Roaming\Mozilla\Firefox\Profiles\5as109j7.default-1484932500656\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-23]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\flore_000\AppData\Roaming\Mozilla\Firefox\Profiles\5as109j7.default-1484932500656\features\{d79aacab-e3a4-49f3-9411-49d722542dd3}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-24]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-11] ()
FF Plugin: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-11-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-11-10] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-30] (LastPass)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll [2016-12-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-30] (LastPass)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll [2016-12-21] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
FF Plugin HKU\S-1-5-21-1427208717-3013397328-3700319278-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\flore_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1427208717-3013397328-3700319278-1001: @talk.google.com/O1DPlugin -> C:\Users\flore_000\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1427208717-3013397328-3700319278-1001: @tools.google.com/Google Update;version=3 -> C:\Users\flore_000\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1427208717-3013397328-3700319278-1001: @tools.google.com/Google Update;version=9 -> C:\Users\flore_000\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\flore_000\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\flore_000\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US0D20151126&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default [2017-02-17]
CHR Extension: (Google Translate) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-24]
CHR Extension: (Google Slides) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-10]
CHR Extension: (Duolingo on the Web) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-01-12]
CHR Extension: (Flash Video Downloader) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-06]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2014-06-06]
CHR Extension: (Google Docs) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Readlang) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apcnmoajpaldpbepelpjgbplhoeidhia [2015-10-26]
CHR Extension: (Google Drive) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Unabridged Dictionary) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhhninhigbbamjfeohmnephdgkppopke [2014-05-28]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-02-06]
CHR Extension: (YouTube) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-29]
CHR Extension: (Google Search) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Auto 1080p HD for YouTube™) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehenpfmgnlkgmjmmgihghmmgbkkjolii [2014-06-23]
CHR Extension: (Block site) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-07-21]
CHR Extension: (Video Downloader professional) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-02-06]
CHR Extension: (Duolingo Notes) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdhafjdcofficgjebiflfamofkoedieh [2014-06-19]
CHR Extension: (Google Sheets) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-10]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-02-06]
CHR Extension: (Collusion for Chrome) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp [2015-08-28]
CHR Extension: (Google Docs Offline) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-04]
CHR Extension: (Video Downloader Super) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghciphhakbampjemlfbahnhhaemoeolf [2015-04-10]
CHR Extension: (Website Blocker (Beta)) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib [2015-12-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-06]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2015-11-24]
CHR Extension: (GTTS for Duolingo) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbgcnaodnmkabhhboejjeefbnacaggc [2014-06-02]
CHR Extension: (Learn by Theneeds) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobmpahimepdnbkjejgiciakibongjbn [2014-06-11]
CHR Extension: (Spell Checker for Chrome) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfpdnkkdgghlpdgldicfgnnnkhdfhocg [2014-05-28]
CHR Extension: (Skype) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-29]
CHR Extension: (Google Input Tools) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mclkkofklkfljcocdinagocijmpgbhab [2017-02-06]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-10-29]
CHR Extension: (Duolingo Vocabulary Manager) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mglmcjokbicehcaojghjmhfjnaooffcd [2014-10-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-06]
CHR Extension: (Personal Blocklist (by Google)) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2015-08-24]
CHR Extension: (Print Friendly & PDF) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2017-02-06]
CHR Extension: (Gmail) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
CHR Extension: (Chrome Media Router) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-06]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-30]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-30]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-09] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2016-12-12] (IObit)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1725640 2017-01-26] (Intel Security)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
S3 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
S3 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S3 dlbk_device; C:\Windows\system32\dlbkcoms.exe [567280 2007-03-28] ( )
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-25] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-06] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.290.0\\McCSPServiceHost.exe [2054080 2017-02-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [317952 2016-11-21] (Realtek Semiconductor)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S3 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
S3 Unchecky; C:\Program Files (x86)\Unchecky\bin\Unchecky_svc.exe [242936 2015-11-06] (RaMMicHaeL)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [188928 2012-10-24] () [File not signed]
S3 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-10-24] (Wyse Technology.) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4318648 2017-01-02] (Qualcomm Atheros Communications, Inc.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-11-21] (REALiX™)
R0 libwamf; C:\WINDOWS\System32\DRIVERS\libwamf.sys [22320 2017-01-11] (OPSWAT, Inc.)
R0 libwasys; C:\WINDOWS\System32\DRIVERS\libwasys.sys [29488 2017-01-11] (OPSWAT, Inc.)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-03] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 PSMNBUS; C:\WINDOWS\system32\DRIVERS\PSMNBUS.sys [72464 2010-10-13] (DEVGURU Co., LTD.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2017-01-02] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-11-21] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-02-06] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-17 16:16 - 2017-02-17 16:16 - 00256570 _____ C:\Users\flore_000\Desktop\JULIO-PC.txt
2017-02-17 16:13 - 2017-02-17 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-17 15:20 - 2017-02-17 16:11 - 00000000 ____D C:\ProgramData\ProductData
2017-02-17 14:24 - 2017-02-17 14:24 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-02-17 12:44 - 2017-02-17 12:44 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-02-17 10:57 - 2017-02-17 10:57 - 00000000 ____D C:\Users\flore_000\AppData\Local\TempOfficeC2R0625C794-25E4-4A2F-A60D-E3668F5DB24A
2017-02-17 10:42 - 2017-02-17 10:53 - 00117362 _____ C:\TDSSKiller.3.1.0.12_17.02.2017_10.42.01_log.txt
2017-02-17 10:29 - 2017-02-17 10:30 - 00001615 _____ C:\Users\flore_000\Documents\EliotOrtega.txt
2017-02-17 04:26 - 2017-02-17 04:26 - 00000000 ____D C:\Users\flore_000\AppData\Local\TempOfficeC2R45BD1FD7-5D01-4737-A635-7AE413E5370E
2017-02-15 12:01 - 2017-02-15 12:15 - 00119160 _____ C:\TDSSKiller.3.1.0.12_15.02.2017_12.01.56_log.txt
2017-02-13 18:22 - 2017-02-13 18:22 - 00000000 ____H C:\asc_rdflag
2017-02-10 11:55 - 2017-02-10 11:55 - 06293184 _____ (Piriform Ltd) C:\Users\flore_000\Downloads\spsetup130.exe
2017-02-10 11:22 - 2017-02-10 11:22 - 00013560 _____ C:\Users\flore_000\Downloads\DellSystemDetectLauncher.Application
2017-02-10 11:22 - 2017-02-10 11:22 - 00000000 ____D C:\Users\flore_000\AppData\Local\Deployment
2017-02-09 11:23 - 2017-02-09 11:23 - 00065526 _____ C:\Users\flore_000\AppData\Local\recently-used.xbel
2017-02-06 17:51 - 2017-02-06 17:51 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-02-06 12:52 - 2017-02-06 12:52 - 00000907 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-02-06 12:49 - 2017-02-17 15:23 - 00001002 _____ C:\Users\flore_000\Desktop\JRT.txt
2017-02-06 12:33 - 2017-02-06 12:44 - 00117592 _____ C:\TDSSKiller.3.1.0.12_06.02.2017_12.33.12_log.txt
2017-02-06 12:23 - 2017-02-06 11:44 - 04747704 _____ (AO Kaspersky Lab) C:\Users\flore_000\Desktop\tdsskiller.exe
2017-02-06 12:22 - 2017-02-06 11:45 - 04015056 _____ C:\Users\flore_000\Desktop\AdwCleaner.exe
2017-02-06 12:19 - 2017-02-06 11:42 - 01663040 _____ (Malwarebytes) C:\Users\flore_000\Desktop\JRT.exe
2017-02-06 12:14 - 2017-02-12 14:29 - 00002254 _____ C:\Users\Public\Desktop\Advanced SystemCare 10.lnk
2017-02-06 12:14 - 2017-02-06 12:14 - 00002918 _____ C:\WINDOWS\System32\Tasks\ASC10_SkipUac_flore_000
2017-02-05 15:55 - 2017-02-06 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-02-03 11:16 - 2017-02-17 16:22 - 00000000 ____D C:\FRST
2017-02-03 11:09 - 2017-02-10 11:56 - 00000839 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-02-03 11:09 - 2017-02-03 11:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-02-03 11:09 - 2017-02-03 11:09 - 00000000 ____D C:\Program Files\Speccy
2017-01-29 04:26 - 2017-01-29 04:26 - 00000000 ___HD C:\OneDriveTemp
2017-01-27 17:41 - 2017-01-27 17:41 - 00000000 ____D C:\Users\flore_000\AppData\Local\TempOfficeC2RC9489DDC-A10F-497B-9FA0-9221D0B3D746
2017-01-27 15:19 - 2017-01-28 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-01-27 15:19 - 2017-01-27 15:19 - 00002023 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-01-27 09:38 - 2017-01-27 09:38 - 00000000 ____D C:\Users\flore_000\AppData\Local\TempOfficeC2RAE1FCA14-1A7A-466E-8395-507D833FF2B1
2017-01-26 15:32 - 2017-01-26 15:52 - 00118560 _____ C:\TDSSKiller.3.1.0.9_26.01.2017_15.32.28_log.txt
2017-01-25 12:50 - 2017-01-25 12:50 - 00000000 _____ C:\WINDOWS\SysWOW64\igfxtray.exe
2017-01-25 12:12 - 2016-11-15 12:01 - 00455808 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170125-121227.backup
2017-01-25 10:21 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 10:21 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-25 09:03 - 2017-01-25 09:20 - 71882377 _____ C:\Users\flore_000\Downloads\sleeping bag sex.mp4
2017-01-24 12:08 - 2017-01-28 20:44 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-01-24 12:08 - 2017-01-24 12:08 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-01-22 15:05 - 2014-07-05 12:02 - 10611344 _____ (Stellar Information Technology Pvt Ltd. ) C:\Users\flore_000\Downloads\StellarPhoenixPhotoRecoverySoftware.exe
2017-01-22 15:05 - 2014-07-03 07:55 - 04492584 _____ ( ) C:\Users\flore_000\Downloads\BB4-setup.exe
2017-01-22 15:05 - 2014-07-03 07:54 - 11901296 _____ ( ) C:\Users\flore_000\Downloads\jigsaw-setup-win-5-4-0-4.exe
2017-01-22 09:55 - 2017-01-22 09:55 - 00000000 ____H C:\Users\flore_000\AppData\Local\BITCB15.tmp
2017-01-22 03:20 - 2017-01-22 03:20 - 00000000 _____ C:\Users\flore_000\AppData\Local\{3861A811-7486-48FC-888D-6160C60615D1}
2017-01-19 13:23 - 2017-01-19 13:23 - 00000000 ____D C:\Users\flore_000\AppData\Roaming\sp6_log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-17 16:14 - 2016-11-21 08:22 - 00000000 ____D C:\Users\flore_000\AppData\LocalLow\Mozilla
2017-02-17 16:12 - 2013-11-20 13:25 - 00000000 __RDO C:\Users\flore_000\SkyDrive
2017-02-17 16:09 - 2016-09-23 04:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-17 16:08 - 2016-09-23 03:44 - 00000000 ____D C:\Users\flore_000
2017-02-17 16:08 - 2016-07-16 01:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-02-17 16:06 - 2012-10-30 01:26 - 00000000 ____D C:\ProgramData\Temp
2017-02-17 15:55 - 2017-01-14 14:12 - 00006668 _____ C:\Users\flore_000\Desktop\Rkill.txt
2017-02-17 15:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-17 15:17 - 2013-08-28 19:28 - 00000000 ____D C:\AdwCleaner
2017-02-17 14:44 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-17 13:08 - 2016-09-23 03:29 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-17 11:39 - 2016-07-16 01:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-02-17 11:35 - 2012-12-18 12:32 - 00000000 ____D C:\Users\flore_000\AppData\LocalLow\Yahoo!
2017-02-17 11:08 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-17 11:07 - 2012-12-17 18:36 - 00000000 ____D C:\Users\flore_000\AppData\Local\Packages
2017-02-17 10:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-17 10:08 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-13 18:23 - 2016-10-13 11:20 - 00073728 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2017-02-13 18:23 - 2016-10-13 11:20 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2017-02-13 18:23 - 2016-10-13 11:19 - 140808192 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2017-02-13 18:23 - 2016-10-13 11:19 - 06037504 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2017-02-13 18:00 - 2013-08-22 16:30 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2017-02-10 10:54 - 2012-12-17 19:43 - 00000000 ____D C:\Users\flore_000\.gimp-2.8
2017-02-09 11:23 - 2014-12-29 13:33 - 00000000 ____D C:\Users\flore_000\AppData\Local\gtk-2.0
2017-02-09 09:21 - 2013-01-11 09:28 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-09 09:13 - 2013-01-11 20:08 - 00000000 ____D C:\Users\flore_000\AppData\Roaming\IObit
2017-02-09 09:12 - 2013-01-11 20:08 - 00000000 ____D C:\Program Files (x86)\IObit
2017-02-07 15:36 - 2014-01-24 11:42 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 15:36 - 2014-01-24 11:42 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 15:34 - 2014-05-13 18:46 - 00000000 ____D C:\Users\flore_000\AppData\Local\CrashDumps
2017-02-06 15:25 - 2016-09-29 18:59 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-06 15:13 - 2012-12-18 12:32 - 00000000 ____D C:\Users\flore_000\AppData\Roaming\Yahoo!
2017-02-06 12:52 - 2015-04-14 07:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-02-06 12:52 - 2015-04-14 07:31 - 00000000 ____D C:\Program Files\RogueKiller
2017-02-06 12:14 - 2015-12-20 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2017-02-06 12:14 - 2013-01-11 20:08 - 00000000 ____D C:\ProgramData\IObit
2017-02-05 16:14 - 2013-01-31 15:51 - 00007600 _____ C:\Users\flore_000\AppData\Local\resmon.resmoncfg
2017-02-05 15:54 - 2015-06-27 10:33 - 00000918 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-02-05 15:45 - 2016-11-17 21:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-05 15:45 - 2012-12-20 12:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-03 09:48 - 2014-04-17 07:54 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-28 20:53 - 2012-10-30 01:23 - 00000000 ____D C:\ProgramData\Dell
2017-01-28 20:44 - 2015-12-28 20:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-28 20:44 - 2015-11-05 15:00 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-01-28 20:44 - 2015-11-05 15:00 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-01-28 20:44 - 2014-06-02 08:46 - 00000000 ____D C:\ProgramData\RogueKiller
2017-01-28 20:44 - 2013-05-21 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-01-28 20:43 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-28 20:43 - 2013-09-04 13:15 - 00000000 ____D C:\Users\flore_000\AppData\LocalLow\IObit
2017-01-28 20:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\registration
2017-01-26 14:43 - 2016-09-23 07:10 - 00657416 _____ C:\WINDOWS\system32\perfh00A.dat
2017-01-26 14:43 - 2016-09-23 07:10 - 00133948 _____ C:\WINDOWS\system32\perfc00A.dat
2017-01-26 14:43 - 2016-09-23 06:59 - 00699282 _____ C:\WINDOWS\system32\perfh00C.dat
2017-01-26 14:43 - 2016-09-23 06:59 - 00137676 _____ C:\WINDOWS\system32\perfc00C.dat
2017-01-26 14:43 - 2016-09-23 06:47 - 00663402 _____ C:\WINDOWS\system32\prfh0416.dat
2017-01-26 14:43 - 2016-09-23 06:47 - 00133216 _____ C:\WINDOWS\system32\prfc0416.dat
2017-01-26 14:43 - 2015-08-20 15:00 - 03534992 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-25 13:41 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-25 13:14 - 2015-05-26 10:56 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-25 12:56 - 2016-09-23 04:23 - 00003822 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-01-23 09:50 - 2015-02-10 15:06 - 00000000 ____D C:\Program Files\Dell
2017-01-20 12:15 - 2013-12-14 20:26 - 00000000 ____D C:\Users\flore_000\Desktop\Old Firefox Data
2017-01-20 11:57 - 2015-08-29 15:22 - 00000000 ____D C:\ProgramData\LogiShrd
2017-01-19 13:26 - 2016-08-15 08:38 - 00000000 ____D C:\Program Files\Logitech
2017-01-19 13:26 - 2015-08-29 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-01-19 13:26 - 2015-08-29 15:11 - 00000000 ____D C:\Program Files\Common Files\logishrd
2017-01-19 13:14 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed

==================== Files in the root of some directories =======

2015-05-30 09:28 - 2015-05-30 09:28 - 15931448 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-04-04 16:05 - 2016-04-04 16:05 - 0036575 _____ () C:\Users\flore_000\AppData\Roaming\Comma Separated Values.ADR
2013-03-15 19:49 - 2013-06-05 18:45 - 0012903 _____ () C:\Users\flore_000\AppData\Roaming\compatibility.gmic
2014-09-08 06:58 - 2014-09-08 06:58 - 0000303 _____ () C:\Users\flore_000\AppData\Roaming\FotoSketcher.ini
2013-03-15 19:49 - 2013-06-05 18:45 - 0033661 _____ () C:\Users\flore_000\AppData\Roaming\garagecoder.gmic
2013-03-15 19:49 - 2013-06-05 18:45 - 0006831 _____ () C:\Users\flore_000\AppData\Roaming\gentlemanbeggar_gmic.gmic
2014-09-08 18:59 - 2014-09-08 18:59 - 0062021 _____ () C:\Users\flore_000\AppData\Roaming\gmic_60s.cimgz
2014-12-16 09:21 - 2014-12-16 09:21 - 0273741 _____ () C:\Users\flore_000\AppData\Roaming\gmic_agfa_ultra_color_100.cimgz
2013-03-15 19:49 - 2013-06-05 18:45 - 1037692 _____ () C:\Users\flore_000\AppData\Roaming\gmic_def.1550
2013-03-15 19:49 - 2013-03-23 08:26 - 0000234 _____ () C:\Users\flore_000\AppData\Roaming\gmic_faves
2014-09-08 18:59 - 2014-09-08 18:59 - 0298826 _____ () C:\Users\flore_000\AppData\Roaming\gmic_fuji_160c.cimgz
2014-09-08 18:58 - 2014-09-08 18:58 - 0355196 _____ () C:\Users\flore_000\AppData\Roaming\gmic_fuji_ilford_delta_3200.cimgz
2014-09-08 18:59 - 2014-09-08 18:59 - 0233724 _____ () C:\Users\flore_000\AppData\Roaming\gmic_fuji_provia_400x.cimgz
2015-01-14 10:35 - 2015-01-14 10:35 - 0071813 _____ () C:\Users\flore_000\AppData\Roaming\gmic_grain_orwo_np20.cimgz
2014-09-08 18:59 - 2014-09-08 18:59 - 0015241 _____ () C:\Users\flore_000\AppData\Roaming\gmic_nostalgic.cimgz
2013-03-15 19:33 - 2013-06-05 18:46 - 0001279 _____ () C:\Users\flore_000\AppData\Roaming\gmic_sources.cimgz
2013-03-15 19:49 - 2013-06-05 18:45 - 0124317 _____ () C:\Users\flore_000\AppData\Roaming\iain_fergusson.gmic
2013-03-15 19:49 - 2013-06-05 18:45 - 0018793 _____ () C:\Users\flore_000\AppData\Roaming\jayprich.gmic
2013-03-15 19:49 - 2013-06-05 18:45 - 0024385 _____ () C:\Users\flore_000\AppData\Roaming\karos.gmic
2013-03-15 19:49 - 2013-06-05 18:45 - 0059388 _____ () C:\Users\flore_000\AppData\Roaming\naggobot.gmic
2013-03-15 19:49 - 2013-06-05 18:45 - 0052978 _____ () C:\Users\flore_000\AppData\Roaming\photocomix.gmic
2013-03-15 19:49 - 2013-04-16 22:22 - 0406084 _____ () C:\Users\flore_000\AppData\Roaming\samj.gmic
2013-03-15 19:49 - 2013-06-05 18:45 - 0107522 _____ () C:\Users\flore_000\AppData\Roaming\tomkeil.gmic
2013-03-15 19:49 - 2013-06-05 18:45 - 0003504 _____ () C:\Users\flore_000\AppData\Roaming\zonderr.gmic
2017-01-22 09:55 - 2017-01-22 09:55 - 0000000 ____H () C:\Users\flore_000\AppData\Local\BITCB15.tmp
2015-06-12 10:01 - 2015-06-12 10:01 - 0003584 _____ () C:\Users\flore_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-15 19:31 - 2017-01-19 13:20 - 1095633 _____ () C:\Users\flore_000\AppData\Local\infection.log
2015-10-03 08:43 - 2015-11-15 19:31 - 0024768 _____ () C:\Users\flore_000\AppData\Local\multiscan.log
2017-02-09 11:23 - 2017-02-09 11:23 - 0065526 _____ () C:\Users\flore_000\AppData\Local\recently-used.xbel
2013-01-31 15:51 - 2017-02-05 16:14 - 0007600 _____ () C:\Users\flore_000\AppData\Local\resmon.resmoncfg
2017-01-22 03:20 - 2017-01-22 03:20 - 0000000 _____ () C:\Users\flore_000\AppData\Local\{3861A811-7486-48FC-888D-6160C60615D1}
2013-11-05 14:08 - 2013-11-05 14:08 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-10-30 01:29 - 2012-10-30 01:29 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-10-30 01:26 - 2012-10-30 01:27 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-10-30 01:27 - 2012-10-30 01:28 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-10-30 01:26 - 2012-10-30 01:26 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-10-30 01:28 - 2012-10-30 01:29 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\igfxtray.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-15 09:54

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by flore_000 (17-02-2017 16:24:23)
Running from G:\PCUtilities
Windows 10 Home Version 1607 (X64) (2016-09-23 09:32:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1427208717-3013397328-3700319278-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1427208717-3013397328-3700319278-503 - Limited - Disabled)
flore_000 (S-1-5-21-1427208717-3013397328-3700319278-1001 - Administrator - Enabled) => C:\Users\flore_000
Guest (S-1-5-21-1427208717-3013397328-3700319278-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1427208717-3013397328-3700319278-1007 - Limited - Enabled)
Unsea (S-1-5-21-1427208717-3013397328-3700319278-1008 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: IObit Malware Fighter (Disabled - Out of date) {4D381C57-3C7A-6F22-07EB-639F49E836D4}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

10-Strike Network Scanner (HKLM-x32\...\10-Strike Network Scanner_is1) (Version: 2.0 - 10-Strike Software)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.1.0 - IObit)
AMD Catalyst Install Manager (HKLM\...\{339AF6BF-ADCE-8AB7-1DCE-9D5969381BE6}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
Ant Movie Catalog (HKLM-x32\...\Ant Movie Catalog_is1) (Version: 4.1.2 - Ant Software)
AntiToolbar (HKLM\...\AntiToolbar) (Version: 1.0.0.4 - Reimage)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.81 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.1 - Ashampoo GmbH & Co. KG)
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version:  - )
BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BrainsBreaker 5.4.0(004) (HKLM-x32\...\BBrk5_is1) (Version:  - )
California Font Manager 2.5.1 (HKLM-x32\...\California Font Manager) (Version: 2.5.1 - California Fonts)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Crescendo Music Notation Editor (HKLM-x32\...\Crescendo) (Version: 1.64 - NCH Software)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell System Detect (HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{92F651D9-4431-469E-9B11-299D007AF656}) (Version: 2.0.2.1835 - Dell Inc.)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 10.0 - Dell)
Denemo (HKLM-x32\...\Denemo) (Version:  - )
DisplayLink Core Software (HKLM\...\{DF3F0788-16F0-4894-9748-677409D69100}) (Version: 7.9.630.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{BDE955CB-37C5-43C3-A22D-BE9F7ADB6AA9}) (Version: 7.9.703.0 - DisplayLink Corp.)
Driver Booster 4.2 (HKLM-x32\...\Driver Booster_is1) (Version: 4.2.0 - IObit)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
FamilySearch Indexing 3.24.2 (HKLM-x32\...\0591-8077-9297-0833) (Version: 3.24.2 - FamilySearch)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
FotoSketcher 2.95 (HKLM-x32\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version:  - David THOIRON)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GIMP Extensions 2.8.20141126 (HKLM\...\GIMP Extensions) (Version: 2.8.20141126 - Pedro Cunha)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version:  - )
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
IObit Malware Fighter 4 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 4.0 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.510 - IObit)
iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.)
Java 8 Update 112 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.500.3 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.228 - McAfee, Inc.)
McAfee® AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.3061 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MuseScore 2 (HKLM-x32\...\{4F0E15EA-F64C-11E5-9992-E717EA7DB0C8}) (Version: 2.0.3 - Werner Schweer and Others)
Music Collector (HKLM-x32\...\{8CDFF5D2-89BF-4391-9D20-7D95C88DC98C}_is1) (Version:  - Collectorz.com)
Music MasterWorks v3.94 (HKLM-x32\...\Music MasterWorks v3.94_is1) (Version:  - )
MyGodMode 1.2 (HKLM-x32\...\{2B2FE19B-197A-4F24-8221-1268D967C6EC}_is1) (Version:  - Giorgio Tani)
NexusFont 2.5 (ver 2.5.8.1582) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version:  - xiles)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
PocketCloud Windows Companion (HKLM-x32\...\{EC67E1FF-4433-4096-A091-CF2828434493}) (Version:  - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.4 - Power Software Ltd)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
RogueKiller version 12.9.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.7.0 - Adlice Software)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1554 - Memeo Inc.)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.2 - IObit)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
Stellar Phoenix Photo Recovery (HKLM-x32\...\Stellar Phoenix Photo Recovery_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
Syntax Tree Editor (HKLM-x32\...\{EC46DA1A-BC05-44A9-9E02-E3CA965F530E}) (Version: 1.0.0 - STE)
TextPad (HKLM-x32\...\{86B55764-1157-4A71-A07C-73B37A53CAC4}) (Version: 3.0 - BTech, inc.)
Unchecky v0.4.1 (HKLM-x32\...\Unchecky) (Version: 0.4.1 - RaMMicHaeL)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 10 Manager (HKLM\...\{AEACCF29-E568-490E-8280-819DC911CD90}) (Version: 1.0.1 - Yamicsoft)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\ChromeHTML: ->  <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\flore_000\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\flore_000\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AA35CF6-2811-4188-BD76-843DA05613CE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1428103C-1669-4E05-A971-5BF71F61A46C} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-12-05] (IObit)
Task: {14C22A25-2002-4249-8234-585BB372750F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1427208717-3013397328-3700319278-1001Core1d257f452658df9 => C:\Users\flore_000\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-15] (Google Inc.)
Task: {19272B78-CFB3-4582-B8D4-91F0DADB0641} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2922EACB-CC9B-439A-AA5D-45AA4D521AA2} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {31A4D273-B683-42AB-B84F-42478D6A0583} - System32\Tasks\ASC10_SkipUac_flore_000 => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2017-01-04] (IObit)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {3E7BCFC8-A781-4CD6-A166-1D5B714B18F0} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-01-11] (McAfee, Inc.)
Task: {431DB7BB-9135-492E-987A-E85C2E42E514} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {44C88E73-B487-4B02-936A-BEB0823311FF} - System32\Tasks\HP AR Program Upload - 110f0da6498b4ce88d27a535da5524d08f7db370a0254e8fbc05c0286602c89e => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {4AB6EE74-9606-4D6E-A27A-2285C0307948} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {4AC57E4B-B98B-4C61-BF18-871576E27F4F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1427208717-3013397328-3700319278-1001UA => C:\Users\flore_000\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-15] (Google Inc.)
Task: {60626439-8378-4A05-B20B-DB967F5A43B2} - \WPD\SqmUpload_S-1-5-21-1427208717-3013397328-3700319278-1001 -> No File <==== ATTENTION
Task: {6E862B59-5A97-44FB-BE17-730F8AF2C822} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {71471D5A-7053-46D6-84EA-914E60D2DE3C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {78F6CC31-1AED-41E7-8566-625C00E21A4E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {7D567EB5-AAF7-4279-853E-60F764FF7088} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {84B9D073-E7F2-43B8-9244-FDDE30276590} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {944D7115-404E-4DA7-9640-7B95820E8BD2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-28] (Microsoft Corporation)
Task: {9B89ED04-25E1-4E6C-98A8-EF6D3917C217} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1427208717-3013397328-3700319278-1001UA1d257f4527f946d => C:\Users\flore_000\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-15] (Google Inc.)
Task: {9E594A85-E873-4C3A-9B4D-A2E23315D779} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {A610AFDA-6ED9-4870-A9F9-B7CEC40822C9} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {A69FA650-1F17-45A3-88EC-E3A0F5178136} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {A71F9AB6-B30E-4ECE-A598-3EA41E24F4DF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A7AC63F2-53B1-4480-8B18-70EBB57D147C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AA936B9E-6D6F-4A7F-B1E2-6C0CA269A0DE} - System32\Tasks\HP AR Program Upload - 580381f4cd864dcdacf2427803cd78b263b5d364d7fa412b9d08f6f1b7b60741 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {AFEFDFE5-7BD4-4017-8E3E-DD804913B43C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {BCDA0C13-4F6A-4903-9EA2-9220A4C99AD7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C26E4F97-921B-409D-8402-CA1FA1719454} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-12-09] (McAfee, Inc.)
Task: {CA60D3BF-546F-4E39-A8B7-4424D40C6629} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1427208717-3013397328-3700319278-1001Core => C:\Users\flore_000\AppData\Local\Google\Update\GoogleUpdate.exe [2016-09-15] (Google Inc.)
Task: {D696FFD7-77C3-47A2-BD3F-73A2E5F6AEA3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {DA1196B5-A18C-4032-8CBB-E2FB99E7D6C1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {DFB07CBC-8529-4A2D-8FB4-5F7F9472D7DF} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-01-11] (McAfee, Inc.)
Task: {DFB8B217-2514-4256-9C26-8E10BE6DC8B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {E1141C27-22F3-4558-BFB9-7034D56CC336} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {E5263BF3-0CCE-46FD-A79B-D2CEC5800750} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E9B7CC08-39BF-487B-A2F8-31575480AA39} - System32\Tasks\SmartDefrag4_Update => C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe [2015-08-21] (IObit)
Task: {EBF27B19-1CBA-4C5C-AEFA-B9AA64FDCAA1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F8A70C72-6C23-4AA2-83B3-7C6A4A9B30C5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FAA2F239-DC0F-4BA1-8BB8-1B33856AA22F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FC51C870-0A05-4AD7-83F8-D24A83014462} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-11] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1427208717-3013397328-3700319278-1001Core.job => C:\Users\flore_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1427208717-3013397328-3700319278-1001UA.job => C:\Users\flore_000\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\flore_000\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 14:23 - 2016-12-14 14:23 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-02 16:46 - 2007-02-28 03:53 - 00116224 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\dlbkpp6c.dll
2016-03-18 21:56 - 2016-03-18 21:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 00:07 - 2016-04-22 00:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-30 01:28 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-12-14 14:23 - 2016-12-14 14:23 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-13 04:21 - 2016-12-28 12:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-23 07:22 - 2016-09-23 07:22 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 21:12 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 21:11 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 21:11 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 21:11 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 21:11 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 21:11 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-06 08:57 - 2017-02-06 08:58 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 08:57 - 2017-02-06 08:58 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 08:57 - 2017-02-06 08:58 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 08:57 - 2017-02-06 08:58 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2012-10-24 11:21 - 2012-10-24 11:21 - 00071680 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\ServerNetworkInterface.dll
2012-10-24 11:21 - 2012-10-24 11:21 - 00078336 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseWebServerLib.DLL
2017-01-02 17:03 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-01-02 17:03 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-01-02 17:03 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-02-06 12:14 - 2016-08-18 18:43 - 00442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2017-02-06 12:14 - 2016-08-18 18:43 - 00210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2017-02-06 12:14 - 2016-08-18 18:43 - 00059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2017-02-06 12:14 - 2016-11-01 10:11 - 00078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll
2017-02-06 12:14 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
2015-12-28 20:27 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-12-28 20:27 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-12-28 20:27 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-02-06 12:14 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
2017-01-02 17:02 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-01-02 17:02 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2016-12-21 10:24 - 2016-12-21 10:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2013-12-10 15:20 - 2013-09-04 05:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\dlbkcomc.dll:Microsoft_Appcompat_ReinstallUpgrade [0]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [127]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7916 more sites.

IE trusted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\ameriprise.com -> hxxps://www.ameriprise.com
IE trusted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\appspot.com -> hxxps://textyserver.appspot.com
IE trusted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\mightytext.net -> hxxps://mightytext.net
IE trusted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\peoples.com -> hxxps://www.peoples.com
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\1-2005-search.com -> www.1-2005-search.com

There are 12778 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-02-16 17:42 - 2017-01-25 12:12 - 00455808 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    localhost127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15617 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\flore_000\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\win7 ltblue 1920x1200.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Seagate Dashboard"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\StartupApproved\Run: => "California Fonts Loader"
HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B17EACFD-8EAE-4A2A-ACD5-E91394B1FA8A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{5AE2B077-884E-49DD-9B5C-93AAD590E352}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{FA26E213-C483-41AB-BB86-7718D7CE62F4}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{8D7CCBD9-F1CD-4CE9-9AE2-BB67AFBFF8A4}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [{6D182413-7285-49DE-AF9C-090BBCD96301}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F00C556-E8C1-42F7-9B02-35F1C772D5B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{43E07608-A444-495A-89FA-DE1E9048088C}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{898153D3-D65C-4445-8E26-78CFDD615C35}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{5E0FA825-00C2-42D7-913B-4F9C941A8916}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{C32EC9D3-EF97-4109-A0AD-3D5C162BF620}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{D6AAB28F-103F-42D3-B17E-4EC80AAD361B}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
FirewallRules: [{468D80E6-A019-4B77-B397-5226745E0D01}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
FirewallRules: [{17340F59-4BC7-42F7-B7D0-3CC078209DA3}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
FirewallRules: [{AC334D48-C486-47C8-AB8E-CCB0FBA0CC3D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{EEDFD1E5-9331-4D48-99F0-03E4DEF239AE}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{ADF7A7CB-78D2-4599-86DD-446F40296926}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [{07273BBE-BE69-432C-83D4-2F546FEC9DCA}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{97AE9E34-EB5D-452C-9175-6D0438939F15}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4CB07CB7-6D1F-46BC-88FB-5FF6D1E10BBC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{25C09B36-4FAF-4575-ADFC-A56F8A570704}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{55621BA0-40D7-4ABA-93CA-F9BF74AB54D4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7081EE20-03E7-444C-B7DD-D2C7EF92F59E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8D383958-EC14-488B-BB07-A092E64B6596}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0BEC4010-3F07-4CF3-8B1B-7CA9D2D0D41E}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{859BFA63-5529-4F51-987F-5B321A4CAD3D}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{D1FEEE94-BDCA-4973-8A8F-5034622D52F3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

10-02-2017 10:52:47 JRT Pre-Junkware Removal
13-02-2017 17:51:12 JRT Pre-Junkware Removal
15-02-2017 11:56:55 JRT Pre-Junkware Removal
17-02-2017 10:31:52 JRT Pre-Junkware Removal
17-02-2017 15:19:11 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2017 03:19:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/17/2017 10:32:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/17/2017 10:10:12 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {8D0DE90E-0FA3-46E3-9AF4-D44FCF26FFD4}

Error: (02/17/2017 10:06:58 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {72AAFF6B-BC0D-4964-9E33-C73308BF5909}

Error: (02/17/2017 10:06:32 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {CD62E996-2BC5-4740-AC31-A82788C06B19}

Error: (02/17/2017 10:03:20 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {00FC1846-F27E-4B35-B9AD-35D4276222CD}

Error: (02/17/2017 09:54:50 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {7C4FC1B6-EC1F-4C6D-AEC9-E48A3FA0FF40}

Error: (02/17/2017 09:13:37 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {34386710-88DF-4E2C-9BCD-75D19D4B46AA}

Error: (02/16/2017 05:24:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JULIO-PC)
Description: Package RollingDonutApps.WordTwistDeluxe_3.1.1.0_x64__sy1ej89k10knt+App was terminated because it took too long to suspend.

Error: (02/16/2017 02:43:05 PM) (Source: MsiInstaller) (EventID: 11706) (User: JULIO-PC)
Description: Product: Dell Data Vault -- Error 1706. An installation package for the product Dell Data Vault cannot be found. Try the installation again using a valid copy of the installation package 'DDV.msi'.


System errors:
=============
Error: (02/17/2017 04:25:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/17/2017 04:13:09 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (02/17/2017 04:11:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/17/2017 04:09:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroupProvider service depends on the fdPHost service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/17/2017 04:09:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The iphlpsvc service depends on the WinHttpAutoProxySvc service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (02/17/2017 04:07:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/17/2017 02:38:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (02/17/2017 12:56:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/17/2017 11:42:48 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (02/17/2017 11:40:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================
  Date: 2017-02-06 12:15:11.328
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2130 CPU @ 3.40GHz
Percentage of memory in use: 34%
Total physical RAM: 8061.54 MB
Available physical RAM: 5301.66 MB
Total Virtual: 19325.54 MB
Available Virtual: 16688.09 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:466 GB) (Free:313.84 GB) NTFS
Drive g: () (Removable) (Total:14.45 GB) (Free:13.98 GB) FAT32
Drive h: (Privado) (Fixed) (Total:452.05 GB) (Free:451.8 GB) NTFS
Drive i: (My Passport) (Fixed) (Total:931.48 GB) (Free:457.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 339D450C)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 9C9CC6B9)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 14.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:06 AM

Posted 18 February 2017 - 09:33 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF NetworkProxy: Mozilla\Firefox\Profiles\5as109j7.default-1484932500656 -> type", 0
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [No File]
CHR Extension: (Flash Video Downloader) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-06]
CHR Extension: (Collusion for Chrome) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp [2015-08-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-06]
CHR Extension: (Chrome Media Router) - C:\Users\flore_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-06]
HKU\S-1-5-21-1427208717-3013397328-3700319278-1001\...\ChromeHTML: ->  <==== ATTENTION
Task: {0AA35CF6-2811-4188-BD76-843DA05613CE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {19272B78-CFB3-4582-B8D4-91F0DADB0641} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {60626439-8378-4A05-B20B-DB967F5A43B2} - \WPD\SqmUpload_S-1-5-21-1427208717-3013397328-3700319278-1001 -> No File <==== ATTENTION
Task: {71471D5A-7053-46D6-84EA-914E60D2DE3C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {78F6CC31-1AED-41E7-8566-625C00E21A4E} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {A71F9AB6-B30E-4ECE-A598-3EA41E24F4DF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A7AC63F2-53B1-4480-8B18-70EBB57D147C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BCDA0C13-4F6A-4903-9EA2-9220A4C99AD7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DA1196B5-A18C-4032-8CBB-E2FB99E7D6C1} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E5263BF3-0CCE-46FD-A79B-D2CEC5800750} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EBF27B19-1CBA-4C5C-AEFA-B9AA64FDCAA1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F8A70C72-6C23-4AA2-83B3-7C6A4A9B30C5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FAA2F239-DC0F-4BA1-8BB8-1B33856AA22F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\dlbkcomc.dll:Microsoft_Appcompat_ReinstallUpgrade [0]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [127]
C:\Windows\SysWOW64\igfxtray.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

our version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 112 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
===

Please post the logs and let me know if the problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:06 AM

Posted 24 February 2017 - 09:22 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users