Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FRST running very slow


  • This topic is locked This topic is locked
36 replies to this topic

#1 gregrph

gregrph

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 19 February 2017 - 01:18 AM

 Hi Folks,

I am having a problem with FRST running very slowly. It has been running about 60 hours and is still running. I posted in the "Am I Infected? What do I do?" forum about this. Here is a link to my original post.

 

https://www.bleepingcomputer.com/forums/t/640191/frst-running-very-slow/

 

Per the response from buddy215, I am creating this new post. I am also including the FRST log and ADDITION log that has been created SO FAR.  Thank you for looking at these!

 

(I tried posting the 2 text files here. I kept getting message that they were to long, please shorten a little.  Even the FRST log was too long, even when I cut it after the Processes (Whitelisted) section. I am going to attach the 2 files. If not recommended, I will try to split into even smaller txt files. The FRST is still running.)

 

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 19 February 2017 - 05:24 AM

Hello gregrph and Welcome to the BleepingComputer. :welcome:

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator the computer. How is open as administrator the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here

Thanks
 
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 19 February 2017 - 06:36 AM

Hi again,

Please do this;

COMODO BackUp
Google+ Auto Backup

Remove one.
========================================================================================
uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

İOBit (Malware Fighter,Driver Boster, Advanced SystemCare+Obit Uninstaller+Surfing Protection+LiveUpdate+SmartDefragDriver.sys) (If there are)
AVG Secure Search
Spybot - Search and Destroy
Auslogics BoostSpeed 7
Coupon Printer for Windows
Freecorder 8
FreeFixer
Glary Utilities
Java 8 Update 73
Java.8 Update 121
Java SE Development Kit 7 Update 45
Java SE Development Kit 8 Update 25
MyFreeCodec
Adobe Flash Player

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish

And PC restart now.
=================================================================================

Step 1:
FRST Script:
Please download this attached Attached File  Fixlist.txt   287.15KB   11 downloadsand save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.

 

Step 2:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Regards

Yılmaz

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 gregrph

gregrph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 19 February 2017 - 09:39 AM

Hi Yilmaz.

I will follow your instructions to the letter! I am on my way to work and will get started later this evening. Thank you! Can I stop FRST that is still running? Greg



#5 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 19 February 2017 - 10:07 AM

Can I stop FRST that is still running?
OK,
Ahh,yes. You can stop it.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 gregrph

gregrph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 19 February 2017 - 10:31 PM

Hi Yilmaz-
I deleted some of the programs in the remove Programs list. The ones I did not remove were not listed in Revo or Microsofts Uninstall programs list in Control Panel. The only one that was questionable was Freecorder 8. I received an uninstall failed message. I did delete the leftover registry keys and leftover files afterwards. I am currently running MBAM.  Here is the Fixlist.txt file from running FRST before MBAM.

Attached Files



#7 gregrph

gregrph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 19 February 2017 - 10:33 PM

The MBAM log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/19/2017
Scan Time: 8:40 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2017.02.19.08
Rootkit Database: v2017.02.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Greg

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360474
Time Elapsed: 1 hr, 22 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.AuslogicsBoostSpeed, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\AUSLOGICS\BoostSpeed, Quarantined, [e3f124807c2cb086bc1a735822de38c8],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#8 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 20 February 2017 - 05:21 AM

Please post a fresh FRST logfile for my review. (Frst.txt and Additional.txt)

If the scan is still too long ,let me know.( Max can be 30 minutes)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 gregrph

gregrph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 20 February 2017 - 09:05 AM

This went MUCH faster! Thanks! It seems that there are still a few more issues in the logs. Here they are.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by Greg (administrator) on GREGS (20-02-2017 08:51:58)
Running from C:\Users\Greg\Desktop
Loaded Profiles: Greg (Available Profiles: Greg)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Foolish IT LLC) C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Dashlane, Inc.) C:\Users\Greg\AppData\Roaming\Dashlane\Dashlane.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
() C:\Users\Greg\AppData\Roaming\Dashlane\DashlanePlugin.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(World Community Grid) C:\Program Files (x86)\BOINC\boincmgr.exe
(Space Sciences Laboratory) C:\Program Files (x86)\BOINC\boinctray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
(World Community Grid) C:\Program Files (x86)\BOINC\boinc.exe
(The POPFile Project) C:\Program Files (x86)\POPFile\popfileib.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16696832 2016-11-28] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-06] (Microsoft Corporation)
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [341312 2009-07-27] (BillP Studios)
HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
HKLM-x32\...\Run: [boincmgr] => C:\Program Files (x86)\BOINC\boincmgr.exe [3909264 2014-03-25] (World Community Grid)
HKLM-x32\...\Run: [boinctray] => C:\Program Files (x86)\BOINC\boinctray.exe [71312 2014-03-25] (Space Sciences Laboratory)
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\Run: [Dashlane] => C:\Users\Greg\AppData\Roaming\Dashlane\Dashlane.exe [486352 2017-02-17] (Dashlane, Inc.)
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\Run: [DashlanePlugin] => C:\Users\Greg\AppData\Roaming\Dashlane\DashlanePlugin.exe [544208 2017-02-17] ()
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\boinc.scr [972432 2014-03-25] (World Community Grid)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Greg\AppData\Roaming\Copy\overlay\CopyShExt.dll [2013-06-28] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Greg\AppData\Roaming\Copy\overlay\CopyShExt.dll [2013-06-28] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Greg\AppData\Roaming\Copy\overlay\CopyShExt.dll [2013-06-28] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Greg\AppData\Roaming\Copy\overlay\CopyShExt.dll [2013-06-28] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Greg\AppData\Roaming\Copy\overlay\CopyShExt.dll [2013-06-28] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Greg\AppData\Roaming\Copy\overlay\CopyShExt.dll [2013-06-28] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Greg\AppData\Roaming\Copy\overlay\CopyShExt.dll [2013-06-28] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Greg\AppData\Roaming\Copy\overlay\CopyShExt.dll [2013-06-28] (Barracuda Networks, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Run POPFile.lnk [2016-10-10]
ShortcutTarget: Run POPFile.lnk -> C:\Program Files (x86)\POPFile\runpopfile.exe (The POPFile Project)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{02d17593-b2ec-48d2-9aa1-933831ffed03}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Greg\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\ie\x64\Dashlanei.dll [2017-02-17] (Dashlane, Inc.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Greg\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2017-02-17] (Dashlane, Inc.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Greg\AppData\Local\Packages\windows_ie_ac_001\AC\Dashlane\ie\x64\KWIEBar.dll [2017-02-17] (Dashlane, Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Greg\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2017-02-17] (Dashlane, Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
DPF: HKLM-x32 {55A2C0CD-3DE8-4264-9637-A0B40B05714E} hxxps://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=123783526
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)

Edge:
======
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_1.11.0.0_neutral__c1wakc4j0nefm [2017-02-16]
Edge Extension: (Bing) -> EdgeExtension_MicrosoftMicrosoftRewards_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.MicrosoftRewards_0.9.2.0_neutral__8wekyb3d8bbwe [2016-12-28]
Edge Extension: (Pin It Button) -> EdgeExtension_PinterestPinItButton_xnkra2w3aecd0 => C:\Program Files\WindowsApps\Pinterest.PinItButton_1.39.5.0_neutral__xnkra2w3aecd0 [2016-10-06]

FireFox:
========
FF DefaultProfile: gregrph@mindspring.com
FF ProfilePath: C:\Users\Greg\AppData\Roaming\TomTom\HOME\Profiles\9vdgxos8.default [2015-10-22]
FF Extension: (Emulator) - C:\Users\Greg\AppData\Roaming\TomTom\HOME\Profiles\9vdgxos8.default\Extensions\Navcore.9.510.1234792@tomtom.com [2013-11-13] [not signed]
FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2014-08-06] [not signed]
FF ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Sunbird\Profiles\p6gsokuf.default [2016-05-24]
FF Extension: (Timezone Definitions for Mozilla Calendar) - C:\Program Files (x86)\Mozilla Sunbird\extensions\calendar-timezones@mozilla.org [2013-03-11] [not signed]
FF Extension: (Lightning stub extension for Sunbird) - C:\Program Files (x86)\Mozilla Sunbird\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103} [2013-03-11] [not signed]
FF ProfilePath: C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\av9i6knr.default-1451346318240 [2017-02-20]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\av9i6knr.default-1451346318240 -> Google
FF Homepage: Mozilla\Firefox\Profiles\av9i6knr.default-1451346318240 -> hxxp://my.earthlink.net/
FF Extension: (Ebates Cash Back) - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\av9i6knr.default-1451346318240\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2017-01-17]
FF Extension: (StumbleUpon) - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\av9i6knr.default-1451346318240\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi [2015-12-28]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\av9i6knr.default-1451346318240\features\{38b8fb7f-9403-485b-b544-26e6a12bd763}\disableSHA1rollout@mozilla.org.xpi [2017-02-17]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-07-10] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-12-23] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-11-26] (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-1098193272-1128607923-4000329556-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Greg\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-09-24] (Citrix Online)
FF Plugin HKU\S-1-5-21-1098193272-1128607923-4000329556-1001: jpl.nasa.gov/NASAEyes -> C:\Users\Greg\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2015-07-08] (Jet Propulsion Laboratory)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-02-24] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-02-24] (Apple Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.facebook.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Dashlane) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd\2.0.0.36936_0\npDashlane.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll => No File
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll => No File
CHR Profile: C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default [2017-02-20]
CHR Extension: (Ebates Cash Back) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-02-07]
CHR Extension: (uBlock Origin) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-09]
CHR Extension: (Dashlane) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2017-01-13]
CHR Extension: (Pinterest Save Button) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-01]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2017-01-19]
CHR Extension: (Wikibuy) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2017-02-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-12] (SUPERAntiSpyware.com)
R2 Apache2.2; c:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [20549 2013-07-09] (Apache Software Foundation) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 COSService.exe; C:\Program Files\COMODO\COMMON\COSService.exe [3543744 2014-07-24] (COMODO Security Solutions)
S3 CryptoPreventEmail; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [625648 2017-02-14] (Foolish IT LLC)
R3 CryptoPreventFolderWatch; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [625648 2017-02-14] (Foolish IT LLC)
R2 CryptoPreventMonSvc; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [625648 2017-02-14] (Foolish IT LLC)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-15] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-12-29] (Foxit Software Inc.)
R2 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
R2 LPDSVC; C:\WINDOWS\system32\lpdsvc.dll [49152 2016-10-06] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [69964448 2015-04-03] (Microsoft Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
S4 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S2 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441512 2015-04-03] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)
S3 SynchronizationService.exe; C:\Program Files\COMODO\COMMON\SynchronizationService.exe [2580160 2014-07-24] (COMODO Security Solutions)
R2 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 bdisk; C:\WINDOWS\System32\DRIVERS\bdisk.sys [85488 2014-07-24] (COMODO Security Solutions Inc.)
R0 CBUFS; C:\WINDOWS\System32\DRIVERS\CBUFS.sys [229664 2014-07-24] (COMODO Security Solutions Inc.)
R0 cbvd; C:\WINDOWS\System32\DRIVERS\cbvd.sys [676208 2014-07-24] (COMODO Security Solutions Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 GVTDrv64; C:\WINDOWS\GVTDrv64.sys [30528 2016-03-14] ()
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2015-04-27] ()
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2016-01-16] (REALiX™)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-11-28] (NVIDIA Corporation)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R0 Reparse; C:\WINDOWS\System32\DRIVERS\CBReparse.sys [673136 2014-07-24] (COMODO Security Solutions Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-07-16] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-04-07] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 vdbus; C:\WINDOWS\System32\drivers\vdbus.sys [824480 2014-07-24] (COMODO Security Solutions Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-02-16] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-20 08:51 - 2017-02-20 08:53 - 00033358 _____ C:\Users\Greg\Desktop\FRST.txt
2017-02-20 08:33 - 2017-02-20 08:33 - 00000000 ___HD C:\OneDriveTemp
2017-02-20 00:01 - 2017-02-20 00:01 - 00000000 ____D C:\Users\Greg\AppData\Roaming\by Mike Baker at Rediscovering Photography
2017-02-19 23:28 - 2017-02-19 23:28 - 00003895 _____ C:\Users\Greg\AppData\Roaming\GlobalStrDataWithExif.txt
2017-02-19 23:28 - 2017-02-19 23:28 - 00003895 _____ C:\Users\Greg\AppData\Roaming\GlobalStrData.txt
2017-02-19 23:28 - 2017-02-19 23:28 - 00000171 _____ C:\Users\Greg\AppData\Roaming\ExtensionCount.csv
2017-02-19 23:27 - 2017-02-19 23:28 - 00010875 _____ C:\Users\Greg\AppData\Roaming\PhotoMoveOutput.txt
2017-02-19 23:25 - 2017-02-19 23:25 - 05173715 _____ (Mike Baker @ Rediscovering Photography ) C:\Users\Greg\Downloads\PhotoMoveSetup(1).exe
2017-02-19 20:22 - 2017-02-19 20:29 - 00679094 _____ C:\Users\Greg\Desktop\Fixlog.txt
2017-02-19 20:22 - 2017-02-19 20:22 - 00000000 ____D C:\Users\Greg\Desktop\FRST-OlderVersion
2017-02-16 14:42 - 2017-02-16 14:42 - 00000000 ____D C:\Users\Greg\AppData\Roaming\VS Revo Group
2017-02-16 14:27 - 2017-02-19 20:22 - 02422784 _____ (Farbar) C:\Users\Greg\Desktop\FRST64.exe
2017-02-16 11:52 - 2017-02-20 08:52 - 00110800 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-16 11:52 - 2017-02-16 14:29 - 00000000 ____D C:\Users\Greg\AppData\Local\Zemana
2017-02-16 11:52 - 2017-02-16 14:26 - 01057016 _____ C:\WINDOWS\ZAM.krnl.trace
2017-02-16 11:52 - 2017-02-16 11:52 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-02-16 00:11 - 2017-02-16 15:20 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-16 00:11 - 2017-02-16 00:11 - 747994710 _____ C:\WINDOWS\MEMORY.DMP
2017-02-15 22:40 - 2017-02-15 22:41 - 00000000 ____D C:\Program Files (x86)\GUM262A.tmp
2017-02-14 09:19 - 2017-02-14 09:19 - 00000000 ____D C:\CryptoPreventQuarantine
2017-02-12 17:48 - 2017-02-12 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2017-02-12 17:45 - 2017-02-12 17:45 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-12 17:45 - 2017-02-12 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-12 17:44 - 2017-02-12 17:45 - 00000000 ____D C:\Program Files\iTunes
2017-02-12 17:44 - 2017-02-12 17:44 - 00000000 ____D C:\Program Files\iPod
2017-02-12 15:43 - 2017-02-12 15:43 - 00878592 _____ C:\Users\Greg\Downloads\Railroad_tycoon_2_platinum_1.56_patch.iso
2017-02-12 15:35 - 2017-02-12 15:35 - 00736569 _____ C:\Users\Greg\Downloads\rt2_105b.exe
2017-02-10 16:24 - 2017-02-10 16:26 - 00000000 ____D C:\Program Files (x86)\Railroad Tycoon II - Platinum
2017-02-10 16:24 - 2017-02-10 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RT2 Platinum
2017-02-10 07:15 - 2017-02-10 07:15 - 00003210 _____ C:\WINDOWS\System32\Tasks\klcp_update
2017-02-10 07:13 - 2017-02-10 07:14 - 43807219 _____ (KLCP ) C:\Users\Greg\Downloads\K-Lite_Codec_Pack_1290_Mega.exe
2017-02-10 00:24 - 2017-02-11 00:02 - 435054592 _____ (Igor Pavlov) C:\Users\Greg\Downloads\Railroad Tycoon 2 - Platinum.exe.part
2017-02-09 22:50 - 2017-02-09 22:50 - 02876670 _____ ( ) C:\Users\Greg\Downloads\klcp_update_1291_20170203.exe
2017-02-09 22:49 - 2017-02-09 22:50 - 00134226 _____ C:\Users\Greg\Downloads\HOscaleCentralVermonttrackplan.pdf
2017-02-07 21:28 - 2017-02-07 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-06 23:38 - 2017-02-06 23:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-04 21:26 - 2017-02-04 21:26 - 00001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-02-04 21:26 - 2017-02-04 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-01-25 21:53 - 2017-01-25 21:53 - 01568123 _____ C:\Users\Greg\Downloads\28285137.pdf
2017-01-25 21:28 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 21:28 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-25 09:53 - 2017-01-25 10:19 - 00000000 ____D C:\Users\Greg\Documents\My Backups
2017-01-22 22:22 - 2017-01-22 22:22 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-01-22 22:22 - 2017-01-22 22:22 - 00001080 _____ C:\Users\Public\Desktop\Audacity.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-20 08:51 - 2016-02-14 18:48 - 00000000 ____D C:\FRST
2017-02-20 08:34 - 2016-05-24 21:19 - 00000000 ____D C:\ProgramData\BOINC
2017-02-20 08:33 - 2016-11-16 10:09 - 00000000 ____D C:\Users\Greg\AppData\LocalLow\Mozilla
2017-02-20 08:33 - 2013-11-24 23:02 - 00000000 __RDO C:\Users\Greg\SkyDrive
2017-02-20 08:33 - 2013-02-10 01:00 - 00000000 ____D C:\Users\Greg\AppData\Roaming\POPFile
2017-02-20 00:11 - 2016-03-18 08:18 - 00000000 ____D C:\Users\Greg\AppData\Local\ClassicShell
2017-02-19 23:25 - 2015-10-05 14:50 - 00001116 _____ C:\Users\Public\Desktop\PhotoMove 2.5.lnk
2017-02-19 23:25 - 2015-01-05 00:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoMove 2
2017-02-19 23:25 - 2015-01-05 00:43 - 00000000 ____D C:\Program Files (x86)\PhotoMove 2
2017-02-19 22:32 - 2016-05-24 20:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-19 21:37 - 2016-10-06 17:19 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-19 20:42 - 2013-02-13 01:03 - 00001988 _____ C:\Users\Greg\Desktop\Dashlane.lnk
2017-02-19 20:42 - 2013-02-13 01:03 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2017-02-19 20:42 - 2013-02-13 01:00 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Dashlane
2017-02-19 20:32 - 2016-10-06 18:53 - 00000008 __RSH C:\Users\Greg\ntuser.pol
2017-02-19 20:32 - 2016-10-06 18:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-19 20:32 - 2016-10-06 17:26 - 00000000 ____D C:\Users\Greg
2017-02-19 20:32 - 2016-06-08 09:46 - 00000340 _____ C:\WINDOWS\Tasks\HPCeeScheduleForGreg.job
2017-02-19 20:32 - 2013-11-29 23:10 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-02-19 20:29 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-19 20:25 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-02-19 20:25 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-02-19 20:04 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-19 19:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-19 19:53 - 2013-11-20 23:14 - 00000000 ____D C:\Program Files\Java
2017-02-19 19:44 - 2013-02-10 01:33 - 00000000 ____D C:\Users\Greg\AppData\Local\Google
2017-02-19 19:38 - 2013-02-10 20:03 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-19 19:27 - 2013-08-03 22:16 - 00000000 ____D C:\ProgramData\GlarySoft
2017-02-19 19:27 - 2013-05-11 07:49 - 00000000 ____D C:\Users\Greg\AppData\Roaming\Glarysoft
2017-02-19 15:51 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-18 13:40 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\WindowsApps
2017-02-17 22:54 - 2016-02-13 00:39 - 00000000 ____D C:\AdwCleaner
2017-02-17 22:13 - 2016-12-05 22:20 - 00003268 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-17 22:13 - 2016-03-17 06:53 - 00002399 _____ C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-16 15:41 - 2016-10-06 18:23 - 00003228 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForGreg
2017-02-16 13:33 - 2016-11-29 23:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-16 11:27 - 2016-04-15 22:37 - 00000000 ____D C:\Users\Public\Foxit Software
2017-02-16 00:17 - 2016-12-15 08:06 - 00000000 ___RD C:\Users\Greg\Dropbox
2017-02-15 22:41 - 2016-10-06 18:23 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-15 22:41 - 2016-10-06 18:23 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-14 18:12 - 2014-02-02 21:28 - 00000000 ____D C:\Users\Greg\Downloads\FAMILY.TREE.MAKER.V2012.ISO-LZ0
2017-02-14 18:01 - 2014-02-03 08:57 - 00000000 ____D C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
2017-02-14 09:19 - 2016-03-04 23:10 - 00001289 _____ C:\Users\Public\Desktop\CryptoPrevent.lnk
2017-02-14 09:16 - 2013-02-11 20:11 - 00000000 ____D C:\Program Files (x86)\Forte
2017-02-12 17:48 - 2016-09-17 20:54 - 00000000 ____D C:\ProgramData\Foxit Software
2017-02-12 17:44 - 2013-02-17 00:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-12 15:59 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-12 15:53 - 2016-04-02 20:35 - 00000000 ____D C:\ProgramData\ProductData
2017-02-12 15:51 - 2016-01-11 10:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-12 15:51 - 2013-02-17 00:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-02-12 15:51 - 2013-02-10 00:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-12 15:44 - 2013-12-19 10:27 - 00000000 _____ C:\Users\Greg\AppData\LocalLow\rightsCheck_1.txt
2017-02-12 00:26 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-02-10 16:24 - 2013-02-10 21:58 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-10 14:56 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-10 14:55 - 2016-07-16 06:43 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2017-02-10 14:55 - 2016-07-16 06:43 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2017-02-10 14:55 - 2016-07-16 06:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2017-02-10 14:55 - 2016-07-16 06:43 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2017-02-10 14:55 - 2016-07-16 06:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2017-02-10 14:55 - 2016-07-16 06:43 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2017-02-10 14:55 - 2016-07-16 06:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2017-02-10 14:55 - 2016-07-16 06:43 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2017-02-10 14:55 - 2016-07-16 06:43 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2017-02-10 14:55 - 2016-07-16 06:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2017-02-10 14:55 - 2016-07-16 06:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2017-02-10 14:55 - 2016-07-16 06:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2017-02-10 14:55 - 2016-07-16 06:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2017-02-10 14:55 - 2016-07-16 06:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2017-02-10 14:55 - 2016-07-16 06:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2017-02-10 14:55 - 2016-07-16 06:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2017-02-10 14:55 - 2016-07-16 06:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2017-02-10 14:55 - 2016-07-16 06:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2017-02-10 07:15 - 2015-10-22 23:02 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2017-02-10 07:14 - 2015-10-22 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2017-02-07 21:28 - 2016-12-15 00:12 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-07 21:28 - 2013-02-10 01:36 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 21:28 - 2013-02-10 01:36 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-02 22:52 - 2016-02-18 12:11 - 00000000 ____D C:\Users\Greg\AppData\Local\Adobe
2017-01-31 22:13 - 2013-02-12 10:20 - 00000000 ____D C:\Users\Greg\Documents\TurboTax
2017-01-30 16:36 - 2013-08-29 21:13 - 00003879 _____ C:\WINDOWS\wininit.ini
2017-01-22 23:01 - 2013-06-08 21:02 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-22 22:22 - 2013-02-12 23:43 - 00000000 ____D C:\Program Files (x86)\Audacity
2017-01-22 21:45 - 2016-08-07 14:49 - 00001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-01-22 21:45 - 2016-08-07 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-01-21 10:12 - 2017-01-05 13:51 - 00000000 ____D C:\Program Files (x86)\Quicken

==================== Files in the root of some directories =======

2015-10-05 15:02 - 2015-10-12 21:43 - 0259659 _____ () C:\Program Files (x86)\PhotoMove 2SummaryReportTemp.txt
2013-07-11 22:39 - 2013-07-11 22:39 - 0000268 ____R () C:\Users\Greg\AppData\Roaming\Abstract
2013-07-11 22:39 - 2013-07-11 22:39 - 0000268 ____R () C:\Users\Greg\AppData\Roaming\Animals
2017-02-19 23:28 - 2017-02-19 23:28 - 0000171 _____ () C:\Users\Greg\AppData\Roaming\ExtensionCount.csv
2013-12-08 23:54 - 2013-12-08 23:56 - 0000000 _____ () C:\Users\Greg\AppData\Roaming\FileIn.cns
2013-12-08 23:54 - 2013-12-08 23:56 - 0000000 _____ () C:\Users\Greg\AppData\Roaming\FileOut.cns
2017-02-19 23:28 - 2017-02-19 23:28 - 0003895 _____ () C:\Users\Greg\AppData\Roaming\GlobalStrData.txt
2017-02-19 23:28 - 2017-02-19 23:28 - 0003895 _____ () C:\Users\Greg\AppData\Roaming\GlobalStrDataWithExif.txt
2014-05-02 20:40 - 2016-10-24 17:48 - 0004567 _____ () C:\Users\Greg\AppData\Roaming\GREGS.MTBF.txt
2013-07-10 22:31 - 2013-07-11 22:38 - 0000000 _____ () C:\Users\Greg\AppData\Roaming\howto
2013-07-10 22:18 - 2013-07-10 22:18 - 0000268 ____R () C:\Users\Greg\AppData\Roaming\libiconv
2017-02-19 23:27 - 2017-02-19 23:28 - 0010875 _____ () C:\Users\Greg\AppData\Roaming\PhotoMoveOutput.txt
2013-07-11 22:39 - 2013-07-11 22:39 - 0000268 ____R () C:\Users\Greg\AppData\Roaming\programs
2013-07-11 22:40 - 2013-07-11 22:40 - 0000268 ____R () C:\Users\Greg\AppData\Roaming\vhosts
2014-05-02 20:40 - 2016-10-24 22:52 - 0000903 _____ () C:\Users\Greg\AppData\Roaming\__AvidCloudManager.log
2014-05-02 20:40 - 2016-03-12 09:35 - 0000898 _____ () C:\Users\Greg\AppData\Roaming\__AvidCloudManagerPrevious.log
2015-11-22 23:38 - 2015-11-22 23:38 - 1422336 _____ (Igor Pavlov) C:\Users\Greg\AppData\Local\7z.dll
2016-03-15 21:45 - 2016-03-15 21:45 - 0001573 _____ () C:\Users\Greg\AppData\Local\recently-used.xbel
2013-12-01 00:43 - 2015-09-24 22:12 - 0007598 _____ () C:\Users\Greg\AppData\Local\resmon.resmoncfg
2013-07-10 22:18 - 2013-07-10 22:18 - 0000268 ____R () C:\ProgramData\Abstract
2013-07-11 22:39 - 2013-07-11 22:39 - 0000268 ____R () C:\ProgramData\Action
2013-07-11 22:40 - 2013-07-11 22:40 - 0000268 ____R () C:\ProgramData\Action Clauses
2013-07-11 22:39 - 2013-07-11 22:39 - 0000268 ____R () C:\ProgramData\Alerts
2015-01-03 22:04 - 2015-01-03 22:04 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-07-11 22:39 - 2013-07-11 22:39 - 0000268 ____R () C:\ProgramData\Applications
2017-02-12 15:44 - 2017-02-12 15:44 - 0004286 _____ () C:\ProgramData\Diamonds Match3.ico
2016-10-06 17:22 - 2016-10-06 17:22 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2015-02-12 15:36 - 2017-01-05 16:49 - 0000934 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-04 22:13 - 2015-01-04 22:13 - 0000000 _____ () C:\ProgramData\PKP_DLer.DAT
2015-01-04 22:10 - 2015-01-04 22:10 - 0000000 _____ () C:\ProgramData\PKP_DLet.DAT

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-12 00:18

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017
Ran by Greg (20-02-2017 08:54:22)
Running from C:\Users\Greg\Desktop
Windows 10 Pro Version 1607 (X64) (2016-10-06 23:42:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1098193272-1128607923-4000329556-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1098193272-1128607923-4000329556-503 - Limited - Disabled)
Greg (S-1-5-21-1098193272-1128607923-4000329556-1001 - Administrator - Enabled) => C:\Users\Greg
Guest (S-1-5-21-1098193272-1128607923-4000329556-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1098193272-1128607923-4000329556-1009 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.20 - GIGABYTE)
µTorrent (HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
ACDSee Pro 5 (HKLM-x32\...\{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}) (Version: 5.3.168 - ACD Systems International Inc.)
Amazon Cloud Drive (HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\Amazon Cloud Drive) (Version: 2.5.2.40 - Amazon Digital Services, LLC.)
AmoK Exif Sorter 2.5.6 (remove only) (HKLM-x32\...\AmoKExifSorter2) (Version:  - )
Anti-Twin (Installation 8/25/2015) (HKLM-x32\...\Anti-Twin 2015-08-25 23.44.32) (Version:  - Joerg Rosenthal, Germany)
AnyRail5 (HKLM-x32\...\AnyRail5 5.11.3) (Version: 5.11.3 - DRail Modelspoor Software)
AnyRail5 (x32 Version: 5.11.3 - DRail Modelspoor Software) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Mover (x64) (HKLM\...\Application Mover (x64 Shareware)_is1) (Version: 4.3 - Funduc Software Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Auslogics Duplicate File Finder (HKLM-x32\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 5.0.2.0 - Auslogics Labs Pty Ltd)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
AVS Video Editor 7.2.1 (HKLM-x32\...\AVS Video Editor_is1) (Version: 7.2.1.269 - Online Media Technologies Ltd.)
Bazooka Scanner (HKLM-x32\...\{CB0888EE-96D8-4713-84DC-36462C33AEB4}) (Version:  - Kephyr)
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blender (HKLM\...\Blender) (Version: 2.68a - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BRIS Custom PP Generator   2.40 (HKLM-x32\...\BRIS Custom PP Generator   2.40) (Version: 2.286 - Bloodstock Research Information Services Inc)
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.14.15.0 - Canon Inc.)
Canon Utilities Digital Photo Professional 4 (HKLM-x32\...\Digital Photo Professional 4 (x64)) (Version: 4.3.0.0 - Canon Inc.)
Canon Utilities EOS Lens Registration Tool (HKLM-x32\...\EOS Lens Registration Tool) (Version: 1.2.10.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.20.0 - Canon Inc.)
Canon Utilities EOS Web Service Registration Tool (HKLM-x32\...\EOS Web Service Registration Tool) (Version: 1.2.10.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.2.8 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.14.10.0 - Canon Inc.)
CD & DVD Box Labeler Pro (HKLM-x32\...\{18E5D3BF-036F-4A91-BED3-5C574CFEBC5B}_is1) (Version: 1.9.97 - Big Star Software)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6452 - CDBurnerXP)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
COMODO BackUp (HKLM\...\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}) (Version: 4.3.9.27 - COMODO)
CompuTrak Handicapper 7 (HKLM-x32\...\{B1499E51-BA9F-42A9-B078-9C4753890F6C}) (Version: 1.0.0.0 - Revelation Software)
Copy (HKLM\...\{EF3F883E-1A54-44B3-ABB7-E2DEC1C56451}) (Version: 1.28.657.0 - Barracuda Networks, Inc.)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 8.0.2.9 - Foolish IT LLC)
CrystalDiskInfo 6.7.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.7.5 - Crystal Dew World)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\Dashlane) (Version: 4.6.7.25231 - Dashlane, Inc.)
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle)
Double Commander 0.5.6 beta (HKLM\...\Double Commander_is1) (Version:  - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DVD43 Plug-in v1.0.0.6 (HKLM-x32\...\DVD43 Plug-in_is1) (Version:  - )
DVDStyler v3.0.2 (HKLM\...\DVDStyler_is1) (Version:  - Thüring IT-Consulting)
Easy Tune 6 B12.1121.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.1121.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.388 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.388 - Ancestry.com, Inc.) Hidden
FastRawViewer x64 0.9.4.441 (HKLM\...\FastRawViewer_is1) (Version: 0.9.4.441 - LibRaw,LLC)
File Repair (HKLM-x32\...\File Repair_is1) (Version:  - File Repair)
File Scavenger 2.1v (HKLM-x32\...\File Scavenger 2.1v) (Version:  - )
File Scavenger 3.2 (HKLM-x32\...\V3.2_is1) (Version: 3.2 - QueTek™ Consulting Corporation)
File Scavenger 4.2 (en) (HKLM-x32\...\QueTek File Scavenger 4.2 (en)) (Version: 4.2.3.0 - QueTek Consulting Corporation)
FlightGear v2.6.0.1 (HKLM\...\FlightGear_is1) (Version:  - The FlightGear Team)
Foxit PhantomPDF Standard (HKLM-x32\...\{C82148DF-556D-472D-B3F5-5EF85512CDB6}) (Version: 7.2.0.722 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.2.0.2051 - Foxit Software Inc.)
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GDR 5538 for SQL Server 2008 (KB3045305) (64-bit) (HKLM\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
G'MIC for GIMP version 1.5.8.6 (HKLM-x32\...\G'MIC for GIMP_is1) (Version: 1.5.8.6 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Photos Backup (HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.0.0.6441 (HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\GoToMeeting) (Version: 8.0.0.6441 - CitrixOnline)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{13BE337F-9557-416D-A696-F91A6807B170}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{24E45339-C750-4EAE-8241-BA25A7DABBDD}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.50.9 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.32.203 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Hugin 2013.0.0 (HKLM-x32\...\Hugin) (Version: 2013.0.0 hg_0d404a7088e6 - The Hugin Development Team)
HWiNFO64 Version 5.12 (HKLM\...\HWiNFO64_is1) (Version: 5.12 - Martin Malík - REALiX)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iToolBox (HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\iToolBox) (Version: 1.0.6 - Ex MarketPlace LLC)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
jAlbum (HKLM-x32\...\{7A3E0E00-E7E2-4AAF-8181-DFFE76D06D52}) (Version: 11.2.5 - Jalbum AB)
K-Lite Mega Codec Pack 12.9.1 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.9.1 - KLCP)
KLS Mail Backup 4.0.0.0 (HKLM-x32\...\KLS Mail Backup_is1) (Version: 4.0.0.0 - KirySoft)
LightZone 4.0.0 (HKLM-x32\...\3263-1164-2624-0047) (Version: 4.0.0 - LightZone Project)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Media Tagger v1.3.5 (HKLM-x32\...\Media Tagger_is1) (Version: 1.3.5 - Ladislav Dufek)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Pro Photo Tools (HKLM-x32\...\{A05CF147-BEED-4880-BF9B-4EAF22C77FFD}) (Version: 2.2 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{F43ADE73-2880-4A95-B995-4FE386ECF667}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows 8 - ENU (HKLM-x32\...\{b6391d7a-479c-494c-a76f-cad96a8a73ac}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Mozilla Thunderbird 45.7.1 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.7.1 (x86 en-US)) (Version: 45.7.1 - Mozilla)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)
my Picturetown Utility (HKLM-x32\...\{29CCA913-C71A-47D4-A0D1-1069A347A639}) (Version: 1.1.0 - Nikon)
MyDriveConnect 3.3.0.1342 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Orbiter 2016 (HKLM-x32\...\{4D27CE85-F519-42C1-B4AB-C0BD976FB0BA}) (Version: 1.1.0.0 - Martin Schweiger)
Ozibox Application Synchronization (HKLM-x32\...\Ozibox Application Synchronization) (Version: 1.0.0 - SuperCoders Organization)
Ozibox Application Synchronization (x32 Version: 1.0.0 - SuperCoders Organization) Hidden
PhotoMove 2.5 version 2.5.1.8 (HKLM-x32\...\{546443DF-4D82-484A-8E00-2136243B8B9A}_is1) (Version: 2.5.1.8 - Mike Baker @ Rediscovering Photography)
PhotoMove 2.5 version 2.5.2.0 (HKLM-x32\...\{546443DF-4D82-484A-8E00-2136243B8B9A}}_is1) (Version: 2.5.2.0 - Mike Baker @ Rediscovering Photography)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.2 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.12 - Nikon)
Pinnacle Studio 17 (HKLM-x32\...\{3DA8F808-72E2-4361-82EC-433081D23005}) (Version: 17.4.0.309 - Corel Corporation)
Pinnale Systems Software Keys (HKLM-x32\...\{616CD10B-1EC7-41D2-8C14-3ECE93E7AEE9}_is1) (Version:  - VPP TEAM)
POPFile 1.1.3 (HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\POPFile) (Version: 1.1.3 - )
POPFile Data (Greg) (HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\POPFile_Data) (Version: POPFile Data for 'Greg' - )
Python 3.5.2 (32-bit) (HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (x32 Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)
Quicken 2017 (HKLM-x32\...\{E5AE4F66-CDA1-432A-A69E-C685D454ABDA}) (Version: 26.1.3.4 - Quicken)
QuickGamma 4.0.0.2 (HKLM-x32\...\QuickGamma_is1) (Version: 4.0.0.2 - Eberhard Werle)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Railroad Tycoon II - Platinum (HKLM-x32\...\{BED27751-CD2A-4C2F-9813-00B9B60C76FE}) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Roll (HKLM-x32\...\RollerCoaster Tycoon Setup) (Version:  - )
Saladin 0.6 (64-bit) (HKLM\...\Saladin) (Version: 0.6 - Michał Męciński)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16084.4 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16084.4 - Samsung Electronics Co., Ltd.) Hidden
Spotify (HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\Spotify) (Version: 0.8.5.1356.gd1d40f3a - Spotify AB)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Stellarium 0.12.0 (HKLM-x32\...\Stellarium_is1) (Version: 0.12.0 - Stellarium team)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1232 - SUPERAntiSpyware.com)
SW Update (HKLM-x32\...\{43C711D9-67C9-4793-80D4-E957D638D531}) (Version: 2.1.14 - Samsung Electronics CO., LTD.)
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC)
TEncoder Video Converter version 4.5.10 (HKLM-x32\...\{7B1F9D22-568D-4109-B128-040BF8A932FC}_is1) (Version: 4.5.10 - ozok)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.0.0 - Tweaking.com)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.12 - Tweaking.com)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.6 - Nikon)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Visual Studio Extensions for Windows Library for JavaScript 1.0.9200.20602 (HKLM-x32\...\{ce404cfb-7e03-4ad5-a518-45dbb0a48a34}) (Version: 1.0.9200.20602 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Web Companion (HKLM-x32\...\{9ab9e59b-e9f4-4f99-9320-40a78a90c4c9}) (Version: 2.1.1133.2333 - Lavasoft)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinPatrol 2009 (HKLM-x32\...\WinPatrol) (Version: 16.1.2009.1 - BillP Studios)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
World Community Grid (HKLM-x32\...\{204A5C8D-5FE3-42F3-95DF-81685E863135}) (Version: 7.2.47 - World Community Grid)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Greg\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Greg\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1579541D-C466-4D72-A289-5AB073E58B49} - System32\Tasks\G2MUpdateTask-S-1-5-21-1098193272-1128607923-4000329556-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\5636\g2mupdate.exe [2016-10-04] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {178A1276-7C6E-43CE-B655-19980CD181F2} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {18CA95FA-D00B-4502-B3BB-BDE98F9D8215} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1A4CECEF-C898-4A92-B6A3-53BF8BED43F4} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {1E5D0405-AF58-439C-9CA7-211C265F8523} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-02-01] ()
Task: {1F623943-BDBD-4CC0-8463-FE84EC82B08B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {2D733E66-9657-4C33-A561-4597FEBB6D28} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {31E0C057-5502-4F92-A158-39D8F68BA54E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-11] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {3CFD6CC3-3C59-4806-AADF-3F7D7231B4DF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4306CFED-0241-4F95-A877-9B75648A3FA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {4B02B57F-95D1-4211-ADBA-D6D7C66DAE7B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {546DE886-5F0D-4F00-A405-22B80BBF57E4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
Task: {5619B86D-B943-4B0E-A60E-3FB8FB809E5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {5DC1C98A-D1F0-4A1A-A1E8-BFD308DFC77C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-15] (Dropbox, Inc.)
Task: {5E3FC600-0F14-4B5E-8261-19182F14CF0E} - System32\Tasks\{2B5C1ECB-2028-4FED-B345-EACD5E68C845} => pcalua.exe -a G:\Setup.exe -d G:\
Task: {608281C5-8199-436C-AC76-2B8D5EB2A333} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {66E7DF45-A59C-4820-836F-676862BE6946} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {68FC767C-B58D-47C8-B85C-A8134048952F} - \Seagate_Install_Launch -> No File <==== ATTENTION
Task: {6FB40C2A-7059-4583-A4BB-116C4A799C7B} - System32\Tasks\HPCeeScheduleForGreg => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {72219424-E199-4304-B32F-1BF1A584733D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-15] (Dropbox, Inc.)
Task: {73F25C92-6144-44E2-97F7-953166CC4B29} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {867DA4BD-6EFA-4289-8185-63B60FE50CBA} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {873FF31B-929A-42AB-9B15-861689278558} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {8B05C75A-2AD1-4B9E-A005-5BCBA3583B59} - System32\Tasks\Driver Booster SkipUAC (Greg) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
Task: {8B5DCB79-D69E-432E-B521-083685C1C526} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1098193272-1128607923-4000329556-1001UA => C:\Users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {910C8CA8-010A-4BDE-BD62-EC915A84020E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {94C5E779-AFBA-4BB3-B875-2CFAB7345CD2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {9A73A6D3-C477-4509-9649-7B287F2B3BEF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {B2EBB102-E311-452D-98D7-8C7DD09A5559} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {B82EFDF9-236D-420F-A226-21A0C47ACA1E} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {C0D59F3D-617B-4EEE-A440-2EA74B76F892} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Greg\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {C43E8CB6-CC2E-4B5D-AC9B-A35D5357B4C1} - \GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1098193272-1128607923-4000329556-1001 -> No File <==== ATTENTION
Task: {C442E65E-AC86-4145-ABD7-256ADC616D96} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {C834C795-4B35-4E42-B112-B0D0EC9D5BF5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {D00E7307-5694-4B29-AF17-074417CDE8F6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DBDB2C92-D1F0-462A-82AD-0AAF1823755A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1098193272-1128607923-4000329556-1001Core => C:\Users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {ED53E7C9-9E1D-4042-95C3-555D57AC3BBC} - System32\Tasks\G2MUploadTask-S-1-5-21-1098193272-1128607923-4000329556-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\5636\g2mupload.exe [2016-10-04] (Citrix Online, a division of Citrix Systems, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1098193272-1128607923-4000329556-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\5636\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1098193272-1128607923-4000329556-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\5636\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1098193272-1128607923-4000329556-1001Core.job => C:\Users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1098193272-1128607923-4000329556-1001UA.job => C:\Users\Greg\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForGreg.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet 360.lnk -> C:\Program Files\Hugin\bin\enblend_droplet_360.bat ()
Shortcut: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enblend Droplet.lnk -> C:\Program Files\Hugin\bin\enblend_droplet.bat ()
Shortcut: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Align Droplet.lnk -> C:\Program Files\Hugin\bin\enfuse_align_droplet.bat ()
Shortcut: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Auto Droplet.lnk -> C:\Program Files\Hugin\bin\enfuse_auto_droplet.bat ()
Shortcut: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet 360.lnk -> C:\Program Files\Hugin\bin\enfuse_droplet_360.bat ()
Shortcut: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hugin\Enfuse Droplet.lnk -> C:\Program Files\Hugin\bin\enfuse_droplet.bat ()

==================== Loaded Modules (Whitelisted) ==============

2013-02-16 23:56 - 2012-10-04 18:49 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 20:43 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-06 17:22 - 2016-01-29 05:49 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-14 20:43 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 20:43 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-11 11:11 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 11:11 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 11:11 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 11:11 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 11:11 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 11:11 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-09-10 19:07 - 2017-02-17 10:49 - 00544208 _____ () C:\Users\Greg\AppData\Roaming\Dashlane\DashlanePlugin.exe
2016-10-06 21:12 - 2016-10-06 21:12 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 11:11 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2015-03-30 20:53 - 2016-06-14 15:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-19 20:37 - 2017-02-17 10:48 - 00350160 _____ () C:\Users\Greg\AppData\Roaming\Dashlane\4.6.7.25231\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.6.7.25231.dll
2017-02-19 20:37 - 2017-02-17 10:48 - 00441808 _____ () C:\Users\Greg\AppData\Roaming\Dashlane\4.6.7.25231\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.6.7.25231.dll
2017-02-19 20:37 - 2017-02-17 10:48 - 00465872 _____ () C:\Users\Greg\AppData\Roaming\Dashlane\4.6.7.25231\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.6.7.25231.dll
2017-02-19 20:37 - 2017-02-17 10:48 - 62691792 _____ () C:\Users\Greg\AppData\Roaming\Dashlane\4.6.7.25231\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.6.7.25231.dll
2017-02-19 20:37 - 2017-02-17 10:48 - 00285648 _____ () C:\Users\Greg\AppData\Roaming\Dashlane\4.6.7.25231\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.6.7.25231.dll
2017-02-19 20:37 - 2017-02-17 10:48 - 06186448 _____ () C:\Users\Greg\AppData\Roaming\Dashlane\4.6.7.25231\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.6.7.25231.dll
2017-02-19 20:37 - 2017-02-17 10:48 - 07395280 _____ () C:\Users\Greg\AppData\Roaming\Dashlane\4.6.7.25231\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.6.7.25231.dll
2017-02-19 20:37 - 2017-02-17 10:48 - 13674960 _____ () C:\Users\Greg\AppData\Roaming\Dashlane\4.6.7.25231\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.6.7.25231.dll
2017-02-19 20:37 - 2017-02-17 10:48 - 02215376 _____ () C:\Users\Greg\AppData\Roaming\Dashlane\4.6.7.25231\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.6.7.25231.dll
2017-02-19 20:37 - 2017-02-17 10:48 - 00334288 _____ () C:\Users\Greg\AppData\Roaming\Dashlane\4.6.7.25231\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.6.7.25231.dll
2012-10-19 13:18 - 2012-10-19 13:18 - 00081920 _____ () C:\Program Files (x86)\BOINC\zlib1.dll
2011-01-21 02:27 - 2011-01-21 02:27 - 00024674 _____ () C:\Program Files (x86)\POPFile\lib\auto\IO\IO.dll
2011-01-21 02:21 - 2011-01-21 02:21 - 00045163 _____ () C:\Program Files (x86)\POPFile\lib\auto\Win32\Win32.dll
2011-01-21 02:01 - 2011-01-21 02:01 - 00024679 _____ () C:\Program Files (x86)\POPFile\lib\auto\File\Glob\Glob.dll
2011-01-21 02:31 - 2011-01-21 02:31 - 00024691 _____ () C:\Program Files (x86)\POPFile\lib\auto\Digest\MD5\MD5.dll
2011-01-21 02:01 - 2011-01-21 02:01 - 00024676 _____ () C:\Program Files (x86)\POPFile\lib\auto\Fcntl\Fcntl.dll
2011-01-21 02:01 - 2011-01-21 02:01 - 00077924 _____ () C:\Program Files (x86)\POPFile\lib\auto\POSIX\POSIX.dll
2011-01-21 02:27 - 2011-01-21 02:27 - 00024696 _____ () C:\Program Files (x86)\POPFile\lib\auto\MIME\Base64\Base64.dll
2011-01-21 02:16 - 2011-01-21 02:16 - 00094309 _____ () C:\Program Files (x86)\POPFile\lib\auto\DBI\DBI.dll
2011-01-21 02:25 - 2011-01-21 02:25 - 00028794 _____ () C:\Program Files (x86)\POPFile\lib\auto\List\Util\Util.dll
2011-01-21 02:02 - 2011-01-21 02:02 - 00020590 _____ () C:\Program Files (x86)\POPFile\lib\auto\Sys\Hostname\Hostname.dll
2011-01-21 02:02 - 2011-01-21 02:02 - 00032870 _____ () C:\Program Files (x86)\POPFile\lib\auto\Socket\Socket.dll
2011-01-21 02:25 - 2011-01-21 02:25 - 00020587 _____ () C:\Program Files (x86)\POPFile\lib\auto\Cwd\Cwd.dll
2011-01-21 02:21 - 2011-01-21 02:21 - 00458870 _____ () C:\Program Files (x86)\POPFile\lib\auto\DBD\SQLite\SQLite.dll
2017-02-07 21:28 - 2017-02-01 04:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 21:28 - 2017-02-01 04:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-11-20 01:08 - 2016-11-20 01:08 - 00487424 _____ () C:\ProgramData\BOINC\projects\www.primegrid.com\primegrid_sr2sieve_wrapper_1.12_windows_x86_64.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\SysWOW64\CN144BQ119:NW [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\localhost -> localhost
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2016-10-08 21:20 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Greg\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{5ab0b733-f272-4abe-a088-e939b6af45cc}.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "EasyTuneV"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "WinampAgent"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "disk42 Client"
HKLM\...\StartupApproved\Run32: => "DBAgent"
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\StartupApproved\StartupFolder: => "EOS Utility.lnk"
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_9CCDD43624CF0A67FCB8D07A1D3BBB05"
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\StartupApproved\Run: => ""
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\StartupApproved\Run: => "Copy"
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\StartupApproved\Run: => "C187750BE23F2EC7BF89516EBD652E6531CE3C2F._service_run"
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\StartupApproved\Run: => "Uploader"
HKU\S-1-5-21-1098193272-1128607923-4000329556-1001\...\StartupApproved\Run: => "Google Update"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{B49BCA0D-577C-4E8B-BE0C-D9892992C516}] => (Allow) LPort=8888
FirewallRules: [{35BD28B2-B593-40F9-B0E2-89B7461EEC08}] => (Allow) C:\Users\Greg\AppData\Local\Temp\7zS0109\HPDiagnosticCoreUI.exe
FirewallRules: [{63F32E47-29D4-4EC2-A922-B599A212A302}] => (Allow) C:\Users\Greg\AppData\Local\Temp\7zS0109\HPDiagnosticCoreUI.exe
FirewallRules: [{6CADD834-6A62-4FA8-BD44-154F97032811}] => (Allow) C:\Users\Greg\AppData\Local\Temp\7zS4658\HPDiagnosticCoreUI.exe
FirewallRules: [{DBBFBE1B-7001-4B76-A929-28BB1C11A2D7}] => (Allow) C:\Users\Greg\AppData\Local\Temp\7zS4658\HPDiagnosticCoreUI.exe
FirewallRules: [{9FB34F64-3616-4B65-82E5-3EB2F5A0552C}] => (Allow) C:\Users\Greg\AppData\Local\Temp\7zS3024\HPDiagnosticCoreUI.exe
FirewallRules: [{4B37C7D3-CF5F-42A8-83B9-24DE72B2F588}] => (Allow) C:\Users\Greg\AppData\Local\Temp\7zS3024\HPDiagnosticCoreUI.exe
FirewallRules: [{B88E3297-A41D-4253-A0A8-535FBB8A50BF}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{A47295BE-56BA-4CE0-BA7B-0181D46C8A56}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C9D1D56C-9BE0-4B00-BF09-078A6482C401}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\VSWinExpress.exe
FirewallRules: [UDP Query User{248263A3-67CC-4991-9BFD-0373E33EB793}C:\users\greg\appdata\roaming\copy\copyagent.exe] => (Block) C:\users\greg\appdata\roaming\copy\copyagent.exe
FirewallRules: [TCP Query User{45C953B2-B6EA-48F4-A865-23EB93A2828B}C:\users\greg\appdata\roaming\copy\copyagent.exe] => (Block) C:\users\greg\appdata\roaming\copy\copyagent.exe
FirewallRules: [{5A00E6E6-179F-4DC3-AF11-89553F004A08}] => (Allow) C:\Users\Greg\AppData\Roaming\Copy\CopyAgent.exe
FirewallRules: [UDP Query User{1EFAB499-F2FE-4E47-B6D2-33FF33B867E5}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [TCP Query User{85745271-F1DA-4DFA-80AF-15A652813A4E}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [UDP Query User{1389A769-8FC2-4516-B2D6-8C5C2A002CD3}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{3865BA85-21A1-4C1A-AD36-316F00DB4968}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{FFB58E28-496F-4E89-ABAD-368FFFA2A3C8}C:\users\greg\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\greg\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{24587684-07CE-406C-AA50-D7593A432F1D}C:\users\greg\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\greg\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2E62D101-613E-4735-B4B4-03A702744556}C:\program files (x86)\gigabyte\et5\update.exe] => (Allow) C:\program files (x86)\gigabyte\et5\update.exe
FirewallRules: [TCP Query User{1CE44E71-513A-4490-986E-63E960F3D151}C:\program files (x86)\gigabyte\et5\update.exe] => (Allow) C:\program files (x86)\gigabyte\et5\update.exe
FirewallRules: [UDP Query User{947279D9-2821-4514-8254-A83A542FC15C}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [TCP Query User{CF657F7D-9369-4AB6-8982-FD4B17E10596}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [{91A6C783-DCE6-4A61-B59F-27F048A01760}] => (Allow) C:\Users\Greg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A589BA3A-EB53-4B1C-B889-FD750198B14C}] => (Allow) C:\Users\Greg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{94AC75B4-3ED0-4D6C-9E76-2F1C3CF9CC7A}C:\program files (x86)\pfportchecker\pfportchecker.exe] => (Allow) C:\program files (x86)\pfportchecker\pfportchecker.exe
FirewallRules: [UDP Query User{F3E0E47E-7DB0-4EE2-93DC-51B5EDC5475C}C:\program files (x86)\pfportchecker\pfportchecker.exe] => (Allow) C:\program files (x86)\pfportchecker\pfportchecker.exe
FirewallRules: [{79E90D7D-B106-42DC-A2B1-7B1919B63F3B}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{BB177F62-48C7-45BB-B446-DADE39DAD7B1}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{7B312E5B-8797-4257-A64C-407A0E1E45F4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F9703E2F-DF87-4829-951E-D72AF9E1ED47}] => (Allow) LPort=2869
FirewallRules: [{39148A4A-B408-4565-8C65-BD6E561B841C}] => (Allow) LPort=1900
FirewallRules: [{BAB2C30F-5BA4-460C-ABC8-21771A4119EC}] => (Allow) C:\Users\Greg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6920703D-1132-4156-AF34-AC398476A3C6}] => (Allow) C:\Users\Greg\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{91FDF09B-DF3D-4765-8BD2-95FE0C38ED9E}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe
FirewallRules: [{9E24FA83-74C9-48BD-9F5C-EF4A6DA3D925}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\RM.exe
FirewallRules: [{E560E255-F65F-4E76-991B-F6DEC421E649}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe
FirewallRules: [{58753F84-B8AF-472C-922D-546282ACA24D}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\NGStudio.exe
FirewallRules: [{669D952F-EAE4-4EE8-BB7F-2D2BDA219462}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe
FirewallRules: [{D471EC91-37CB-48B4-857F-B06BD2F2AA2E}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 17\programs\UMI.exe
FirewallRules: [TCP Query User{114F4237-A34A-4A6E-A516-6B43AA863897}C:\program files (x86)\gigabyte\et6\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\et6\updexe.exe
FirewallRules: [UDP Query User{BE030EA6-280B-4D04-BD8A-BC9295F95A3A}C:\program files (x86)\gigabyte\et6\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\et6\updexe.exe
FirewallRules: [{82D0B400-8433-4786-9B45-4E236B5794CC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\FaxApplications.exe
FirewallRules: [{31938C7D-A0EB-43F5-B432-28731B3B9D6E}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\DigitalWizards.exe
FirewallRules: [{7A927DB6-9BA2-4FB5-A907-9469D56DE6A4}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\SendAFax.exe
FirewallRules: [{FF6AC164-6B7B-4897-B536-AD69CFF6A02B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{3564CFCB-BB23-4DC0-BAA8-A4ED44B62C5F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{96775B66-E7B5-4EDC-B784-42A22A3B5BA8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0CB5D575-C47D-4EAA-AE33-E1160FB05B2D}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{41BEA0DD-6008-48B0-92B5-F345F1B6F099}] => (Allow) C:\Program Files (x86)\Canon\EOS Utility\EOSUPNPSV.exe
FirewallRules: [{CB927D28-8AB9-4D9E-A558-1600AA35F3FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{62992076-B5D6-4656-9CD1-E95BEDEF96CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{402455DD-98A7-4615-8879-CD5388CB522A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{FE6B1914-94E6-4DC2-AC47-F08FF064A494}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{298DC65B-0CFD-4549-B632-B539F040F5CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B70CD265-D2EA-4F3D-AD01-EA789E9F873D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8E609937-6143-4925-B54C-B36BFD9340C4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{6766CF59-69D5-4C7D-A865-196CBFFB08F8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B6BFA254-27E5-466B-BD0A-7731DAD1FF51}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{BB6426A9-A826-4948-BE0B-6E41AB98B2DA}C:\program files (x86)\gigabyte\et6\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\et6\updexe.exe
FirewallRules: [UDP Query User{25602FB0-E512-4197-BD18-7FB8FBAD6638}C:\program files (x86)\gigabyte\et6\updexe.exe] => (Allow) C:\program files (x86)\gigabyte\et6\updexe.exe
FirewallRules: [TCP Query User{E8B637E0-C2D1-4AE5-B72C-465F05770307}C:\program files (x86)\gigabyte\et6\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\et6\gbtupd.exe
FirewallRules: [UDP Query User{C50758F5-A771-4A40-9285-5B9C70F45700}C:\program files (x86)\gigabyte\et6\gbtupd.exe] => (Allow) C:\program files (x86)\gigabyte\et6\gbtupd.exe
FirewallRules: [TCP Query User{12AB029C-7F79-4484-A811-8A6FF3AABCEC}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [UDP Query User{5D5F80DB-9700-4ECA-A430-0D421E9BC4BE}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [{B7B200BE-CA09-4F4F-AFB9-B6813F785989}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E999F497-25DC-44A1-B433-CE4CCEBFA0B5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{71C4D3A9-C1D0-4472-AD68-6D2A02D235AA}C:\program files\apache software foundation\apache2.2\bin\httpd.exe] => (Allow) C:\program files\apache software foundation\apache2.2\bin\httpd.exe
FirewallRules: [UDP Query User{619918EB-33E3-43AF-A389-3F3C412BC226}C:\program files\apache software foundation\apache2.2\bin\httpd.exe] => (Allow) C:\program files\apache software foundation\apache2.2\bin\httpd.exe
FirewallRules: [{C07C1C98-5AEF-4DC2-A399-2F2D9A390F10}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{1F465FD5-1D0D-479C-8B0B-A3BC1DBBACFA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{19C94562-B881-4959-B1F5-9E54584544D6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{27635952-608C-4C83-836E-CF006BBBE19F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{D3F56370-CA73-4073-832F-63BE199BC6FD}] => (Allow) LPort=8888
FirewallRules: [{E61D5CA3-4884-488B-9954-645857072B49}] => (Allow) C:\Program Files (x86)\POPFile\popfile.exe
FirewallRules: [{1F82D942-8BDF-41EA-8D54-04ADA3311803}] => (Allow) C:\Program Files (x86)\POPFile\popfile.exe
FirewallRules: [{687A1B07-E4AA-4C0E-BA05-B4062767544A}] => (Allow) C:\Program Files (x86)\POPFile\popfile.exe
FirewallRules: [{B42841B2-6B97-470C-BE18-E820C73EFB21}] => (Allow) C:\Program Files (x86)\POPFile\popfile.exe
FirewallRules: [{B8C3F9B4-30D3-47E1-B0FA-BE57FAA592C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{544CC6B8-D02E-4DF7-994A-09BA4EA31AF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8943B8A3-FB33-4C13-B82F-27181BD5752F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E189D482-BBD9-457D-BB1B-5F108C4F6200}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A53BFB8E-AF81-43D6-AA3B-38847D6198BC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{2B29EEA1-45D2-40B4-946B-6257767FC1D0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{40FA3D32-CB11-4AB3-B4B3-4D8B9E062C74}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9E9F06AD-0F6C-4D09-847F-8007808DAB06}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{411B497E-4399-4B2C-B271-BC0C93350B3E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0D393861-4E23-4EE7-A3AC-B473F520FB83}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A928958F-C3EF-41E4-BC88-30BF4BB7B015}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{55F2B048-B72B-443C-9328-765B39AE9B26}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{723C18CC-F9F8-4195-903F-2845C47041F4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1BE4C8ED-22F8-4211-B508-0560D5D8ECD2}] => (Allow) LPort=40980

==================== Restore Points =========================

26-01-2017 22:01:55 Windows Update
04-02-2017 21:07:43 Scheduled Checkpoint
10-02-2017 14:53:12 Windows Modules Installer
14-02-2017 13:17:23 Windows Defender Checkpoint
18-02-2017 00:48:41 Removed Seagate Dashboard.
19-02-2017 19:35:35 Removed Java 8 Update 121
19-02-2017 19:50:12 Removed Java SE Development Kit 8 Update 121 (64-bit)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2017 11:22:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 10.0.14393.479, time stamp: 0x58258a90
Faulting module name: SHELL32.dll, version: 10.0.14393.693, time stamp: 0x585a27b3
Exception code: 0xc0000005
Fault offset: 0x000000000008adac
Faulting process id: 0x228c
Faulting application start time: 0x01d28b1ee81f0178
Faulting application path: C:\WINDOWS\explorer.exe
Faulting module path: C:\WINDOWS\System32\SHELL32.dll
Report Id: 512e4afc-a138-4ee1-bd30-61af22f1f16b
Faulting package full name:
Faulting package-relative application ID:

Error: (02/19/2017 08:35:39 PM) (Source: SQLAgent$SQLEXPRESS) (EventID: 103) (User: )
Description: SQLServerAgent could not be started (reason: Error creating a new session).

Error: (02/19/2017 08:32:27 PM) (Source: MSSQLServerADHelper100) (EventID: 100) (User: )
Description: '0' is an invalid number of start up parameters. This service takes two start up parameters.

Error: (02/19/2017 08:32:27 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (02/19/2017 08:24:32 PM) (Source: HP Active Health) (EventID: 1002) (User: )
Description: Error iterating on DiskLogical. Fetched 0 records. Exception is: System.Management.ManagementException: Invalid namespace
   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementScope.InitializeGuts(Object o)
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at HP.ActiveHealth.Commons.Objects.AgentDataQuery.ManagementProperties..ctor(String query, String scope)
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetEncryptedVolumes()
   at HP.ActiveHealth.Agents.DiskLogical.DiskLogicalAgent.GetNewDataClasses(FileInfo agentStateFile)

Error: (02/19/2017 08:24:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (02/19/2017 08:23:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/19/2017 08:15:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/19/2017 08:15:32 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/19/2017 07:58:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet


System errors:
=============
Error: (02/20/2017 08:38:54 AM) (Source: DCOM) (EventID: 10016) (User: GREGS)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Gregs\Greg SID (S-1-5-21-1098193272-1128607923-4000329556-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 08:38:25 AM) (Source: DCOM) (EventID: 10016) (User: GREGS)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Gregs\Greg SID (S-1-5-21-1098193272-1128607923-4000329556-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (02/20/2017 12:11:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/19/2017 09:03:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/19/2017 08:32:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The MSSQLServerADHelper100 service terminated with the following service-specific error:
%%3221225572

Error: (02/19/2017 08:32:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error:
A device attached to the system is not functioning.

Error: (02/19/2017 08:32:26 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (02/19/2017 08:29:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/19/2017 08:26:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:
An instance of the service is already running.

Error: (02/19/2017 08:24:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2017-02-19 22:40:17.457
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-19 22:40:17.455
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-19 22:40:17.442
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-16 16:26:55.169
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-16 16:26:55.167
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-16 16:26:55.142
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-16 16:23:21.550
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-16 16:23:21.548
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-16 16:23:21.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-16 13:34:35.774
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6550 @ 2.33GHz
Percentage of memory in use: 36%
Total physical RAM: 8190.49 MB
Available physical RAM: 5177.8 MB
Total Virtual: 8702.49 MB
Available Virtual: 5084.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.07 GB) (Free:143.77 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Seagate 2tb) (Fixed) (Total:1863.01 GB) (Free:677.29 GB) NTFS
Drive f: (RT2_PLAT) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 000C1B5A)
Partition 1: (Active) - (Size=931.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 000C7E7A)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#10 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 20 February 2017 - 10:41 AM

Do you currently use avg antivirus?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 gregrph

gregrph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 20 February 2017 - 01:13 PM

I do, but I've seen posts that Windows Defender is just as good if not better. I have no problems getting rid of it and using something else.



#12 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 20 February 2017 - 02:28 PM

There is no problem with AVG.You can use it if you want. If you do not, delete it. Otherwise,we delete it
=========================
Please uninstall Bazooka Scanner.


Edited by olgun52, 20 February 2017 - 02:37 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 gregrph

gregrph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 20 February 2017 - 10:58 PM

Bazooka Scanner is uninstalled. I don't see a way to uninstall AVG



#14 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:31 AM

Posted 21 February 2017 - 12:24 PM

Bazooka Scanner is uninstalled. I don't see a way to uninstall AVG

You can use AVGRemover to delete AVG

AVG Remover

 

And PC restart.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 gregrph

gregrph
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 21 February 2017 - 10:48 PM

While perusing through my drive with file explorer, I came across a directory for IObit.  2 subdirectories-IObit Malware Fighter and LiveUpdate. IObit Malware Fighter has one empty subdirectory called drivers and LiveUpdate has files and 2 subdirectories. You had asked me to remove them but they do did not show up in Revo. How do I get rid of these? Do I need to run any other scans?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users