Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mozilla/Firefox browser being hijacked.


  • This topic is locked This topic is locked
34 replies to this topic

#1 philemer

philemer

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 06 July 2017 - 04:59 PM

Just started today. Typed in a URL that I use everyday and malware changed URL to moneymoneymoneymoneymoneymoneymoneymoneymoneymoney.com

The screen showed an ad for a movie. Tried closing the browser (clicked on X in upper right) and it opened back up again. Only way to get rid of the window is to use Task Manager.  I also ran the free version of Malwarebytes but that only found a few "pup" files.

 

Chrome browser is working normally. Did not try IE because i never use it. Help

 

Thanks in advance for your help.



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:49 PM

Posted 06 July 2017 - 05:33 PM

Hello philemer and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please follow these instructions in the order given.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

  • on Windows Vista, 7/8/10, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    createsrpoint;
    autoclean;
    emptyclsid;
    emptyffcache;
    FFdefaults;
    emptyiecache;
    iedefaults;
    emptychrcache;
    CHRdefaults;
    emptyalltemp;
    emptyfolderscheck;delete
    ipconfig /flushdns;b
    
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

Logs to include with next post:

AdwCleaner log
JRT.txt
zoek-results.log


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 philemer

philemer
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 06 July 2017 - 07:48 PM

Thanks.

 

After running all three, and restarting each time, the AdwCleaner log has disappeared. I'll post the other 2 now and rerun AdwCleaner and post results in a couple minutes.

 

AdwCleaner log:

 

coming soon

 

 

JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by philemer1 (Administrator) on Thu 07/06/2017 at 17:57:41.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 5 
 
Successfully deleted: C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mallpejgeafdahhflmliiahjdpgbegpk (Folder) 
Successfully deleted: C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mallpejgeafdahhflmliiahjdpgbegpk (Folder) 
Successfully deleted: C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage-journal (File) 
Successfully deleted: C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mallpejgeafdahhflmliiahjdpgbegpk_0.localstorage (File) 
Successfully deleted: C:\Users\philemer1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default\extensions\shopearn@prodege.com.xpi (File) 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5EA47470-B9B7-4A60-8ACB-0EB88E902EB1} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{5EA47470-B9B7-4A60-8ACB-0EB88E902EB1} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 07/06/2017 at 17:59:53.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

zoek:

 

 

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by philemer1 on Thu 07/06/2017 at 18:18:12.71.
Microsoft Windows 10 Home 10.0.15063  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\philemer1\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
7/6/2017 6:20:21 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\philemer1\AppData\Local\ActiveSync deleted successfully
C:\Users\philemer1\AppData\Local\DBG deleted successfully
C:\Users\philemer1\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\philemer1\AppData\Local\EmieSiteList deleted successfully
C:\Users\philemer1\AppData\Local\EmieUserList deleted successfully
C:\Users\philemer1\AppData\Local\MediaShow deleted successfully
C:\Users\philemer1\AppData\Local\NetworkTiles deleted successfully
C:\Users\philemer1\AppData\Local\Skype deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CAC5B95-B44F-40A3-9B6D-FC10391337C} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21102D0F-D7CE-4886-851C-479DD7660A5} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{477F6129-7B81-468E-928A-376BCE13CE3} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4CD90EFF-FB11-4734-B5E-BBBB9E356495} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54556E30-FDA9-4941-A9C5-3D21DC50B0DA} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5AAC424C-A1F8-4009-A4D8-B241E27277A} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6571418B-223B-47D3-A1A3-94576821B76} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D60A195-E82D-41BD-BACA-206F39AD3525} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95EDDBDE-EDB5-416B-8FE4-C143E2BC682} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{96444788-1B09-4DEA-A966-41305A6A4EC2} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A40EF0BB-7D59-460B-B73C-DC6CE2979AE} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A53D330C-C3B8-4E6F-8F8C-75893B956ED} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1E6A53C-A775-4F43-A986-E937B0BF6847} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C80F4F0D-9F5A-4C74-98D-B2AE955C51F} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB16ECE9-3DA9-44BB-9950-10F25CBC1955} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D5E929EC-8FA7-4DF0-8F90-D5756ED3FC42} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DADB5CC4-2AE-4C5F-9057-5767A05013EB} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DB134EBD-6C21-4122-8BF1-858834F1BD9} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EAFA5CE5-C1BD-4DF0-806C-3D511D6F041} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6E44677-4331-41DB-96ED-578DFD482A55} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7FE9EA2-4803-4DE6-9C70-9B523E5F2C19} deleted successfully
HKEY_USERS\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE6C85AA-4BDA-418B-9771-694FEAEDAF12} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758} deleted successfully
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
Deleted from C:\Users\PHILEM~1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default\prefs.js:
user_pref("browser.startup.homepage", "https://my.yahoo.com/");
user_pref("browser.newtab.url", "http://search.swagbucks.com/?f=51");
user_pref("browser.search.defaultenginename", "Yahoo!");
user_pref("browser.search.defaultenginename.US", "Google");
user_pref("browser.search.selectedEngine", "Yahoo!");
user_pref("browser.search.useDBForOrder", true);
 
Added to C:\Users\PHILEM~1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default\prefs.js:
 
ProfilePath: C:\Users\PHILEM~1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default
 
user.js not found
---- FireFox user.js and prefs.js backups ---- 
 
prefs_20170706_0629_.backup
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PureLeadsSetupx21715.exe deleted
C:\PROGRA~3\{A5CCDB92-FA53-47D1-89E6-32B82D86621A} deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted
C:\Users\PHILEM~1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default\jetpack deleted
"C:\Windows\Installer\a17adf6.msi" deleted
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\PHILEM~1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default
- Garmin Communicator - C:\Users\philemer1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- FireShot - %ProfilePath%\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
- Garmin Communicator - %ProfilePath%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
- AdBlocker Ultimate - %ProfilePath%\extensions\adblockultimate@adblockultimate.net.xpi
- quot;Suchmaschinen verwaltenquot; Schaltflche - %ProfilePath%\extensions\jid1-XGhxOf1M8UPpsQ@jetpack.xpi
- New Tabs at the End - %ProfilePath%\extensions\new-tabs-at-end@forerunnerdesigns.com.xpi
- QuickDrag - %ProfilePath%\extensions\quickdrag@mozilla.ktechcomputing.com.xpi
- Undetermined - %ProfilePath%\extensions\supportfreecontent@mozilla.org.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\philemer1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default
9BF98236C009EB0A5571E9CA96847269 - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll - Shockwave Flash
AE7B288233C212C62CD544BF768C45E6 - C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll - Shockwave for Director / Shockwave for Director
 
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.86
 
 
SearchBar - philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjefgkhmchopegjeicnblodnidbammed
AwardWallet - philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lppkddfmnlpjbojooindbmcokchjgbib
Backspace to go Back - philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlffgllnjjkheddehpolbanogdeaogbc
Chrome Media Router - philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Chromium Fix ======================
 
C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully
C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully
C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage deleted successfully
C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d16fk4ms6rqz1v.cloudfront.net_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay  Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4"
 
==== Reset Google Chrome ======================
 
C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2C0D8C2E79C150C439A9B5310AEF56C5 deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sansa Updater deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2C0D8C2E79C150C439A9B5310AEF56C5 deleted successfully
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\philemer1\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\philemer1\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\philemer1\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\philemer1\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\philemer1\AppData\Local\Mozilla\Firefox\Profiles\0jbi0bbi.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=41 folders=36 90407022 bytes)
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\PHILEM~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Thu 07/06/2017 at 18:32:43.92 ======================


#4 philemer

philemer
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 06 July 2017 - 07:52 PM

Just reran AdwCleaner and it found no threats. The initial scan showed quite a few. Hope this doesn't mess up your work. :-)

 

Thanks again.....Next?



#5 philemer

philemer
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 06 July 2017 - 07:58 PM

Update: I just found the original log for AdwCleaner.

 

# AdwCleaner v6.047 - Logfile created 06/07/2017 at 17:46:39
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-06.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : philemer1 - ENVY-LAPTOP
# Running from : C:\Users\philemer1\Downloads\adwcleaner_6.047.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\philemer1\AppData\Local\globalUpdate
Folder Found:  C:\ProgramData\AVG Secure Search
Folder Found:  C:\ProgramData\Application Data\AVG Secure Search
Folder Found:  C:\Program Files (x86)\globalUpdate
Folder Found:  C:\Program Files (x86)\predm
Folder Found:  C:\Users\philemer1\AppData\Local\com
 
 
***** [ Files ] *****
 
File Found:  C:\Users\philemer1\AppData\Local\AnyProtectScannerSetup.exe
File Found:  C:\Users\philemer1\AppData\Roaming\aps.uninstall.scan.results
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\plsvcv2
Key Found:  [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\plsvcv2
Key Found:  HKLM\SOFTWARE\Classes\speedupmypc
Key Found:  [x64] HKLM\SOFTWARE\Classes\speedupmypc
Key Found:  HKCU\Software\Classes\CLSID\{BEBBC426-4F16-4567-8FE1-BE198C982027}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{63C40CBE-DE43-4B56-BCEB-E14B825CF245}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
Key Found:  HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\GlobalUpdate
Key Found:  HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Mozilla\Extends
Key Found:  HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Deal Keeper
Key Found:  HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\video MediaPlay-Air
Key Found:  HKCU\Software\GlobalUpdate
Key Found:  HKCU\Software\Mozilla\Extends
Key Found:  HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found:  HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found:  HKLM\SOFTWARE\GlobalUpdate
Key Found:  HKLM\SOFTWARE\Uniblue
Key Found:  HKLM\SOFTWARE\MaxPower
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Deal Keeper
Key Found:  [x64] HKCU\Software\GlobalUpdate
Key Found:  [x64] HKCU\Software\Mozilla\Extends
Key Found:  [x64] HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/search?q=venice+italy&form=WNSGPH&qs=AS&cvid=08edef8ac0534bbb832497c005b78246&pq=venice&nclid=DFE723B7678C370667D7D694EF0CFA0F&ts=
Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/search?q=venice+italy&form=WNSGPH&qs=AS&cvid=08edef8ac0534bbb832497c005b78246&pq=venice&nclid=DFE723B7678C370667D7D694EF0CFA0F&t
Value Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [AnyProtect Scanner]
Value Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [MalwareProtectionLive]
Key Found:  HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
Key Found:  [x64] HKCU\Software\Google\Chrome\Extensions\bmkckgpgekmanipelfidlhmkfcjicion
 
 
***** [ Web browsers ] *****
 
Firefox pref Found:  [C:\Users\philemer1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default\prefs.js] - "extensions.adblockultimate@adblockultimate.net.white-list-domains" -  "[\"www.swagbucks.com\",\"www.hawaiinews
Firefox pref Found:  [C:\Users\philemer1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default\prefs.js] - "extensions.quick_start.enable_search1" -  false
Firefox pref Found:  [C:\Users\philemer1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default\prefs.js] - "extensions.quick_start.sd.closeWindowWithLastTab_prev_state" -  false
Chrome pref Found:  [C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bmkckgpgekmanipelfidlhmkfcjicion
Chrome pref Found:  [C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - mallpejgeafdahhflmliiahjdpgbegpk
 
[!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.google.com/chrome/answer/3097271?hl=en [!]
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [7503 Bytes] - [06/07/2017 17:46:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7576 Bytes] ##########


#6 philemer

philemer
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 06 July 2017 - 09:28 PM

Another update: I opened a Mozilla/Firefox browser a minute ago and the Hijack is over. Seems to be working normally.  :bananas:

 

What would you suggest for next step?



#7 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:49 PM

Posted 07 July 2017 - 02:22 AM

Glad that things have improved.

Let’s have a couple more scans to see how things are now.

Run Zemana AntiMalware

Download Zemana AntiMalware:

  • open the program and without changing any options, press Scan
  • after the scan is finished, if threats are detected press Next to remove them

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

  • open Zemana AntiMalware again and locate the report
  • please paste the contents into your reply.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe)

Logs to include with next post:

Zemana AntiMalware report
Frst.txt
Addition.txt


Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 philemer

philemer
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 07 July 2017 - 09:01 PM

Thanks, Satchfan. I'll complete these steps tomorrow morning.

 

Cheers!



#9 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:49 PM

Posted 08 July 2017 - 01:46 AM

:thumbup2:


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 philemer

philemer
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 08 July 2017 - 10:17 AM

Here is the Zemana report:

 

Zemana AntiMalware 2.74.2.76 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2017/7/8
Operating System       : Windows 10 64-bit
Processor              : 8X Intel® Core™ i7-4702MQ CPU @ 2.20GHz
BIOS Mode              : UEFI
CUID                   : 1237AE8890E0F699C6F976
Scan Type              : System Scan
Duration               : 8m 55s
Scanned Objects        : 95648
Detected Objects       : 3
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Firefox Search
Status             : Scanned
Object             : Swagbucks - http://swagbucks.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Search

realplayer setup.exe
Status             : Scanned
Object             : %userprofile%\downloads\realplayer setup.exe
MD5                : B2324ABA22871D7C6797932381A6BC4C
Publisher          : WeDownload, Ltd
Size               : 797664
Version            : -
Detection          : Adware:Win32/BulkHeur.3f36db!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\realplayer setup.exe

realplayer setup(1).exe
Status             : Scanned
Object             : %userprofile%\downloads\realplayer setup(1).exe
MD5                : 44FD717681ADEBC17BAC758E5CF28FC0
Publisher          : WeDownload, Ltd
Size               : 797664
Version            : -
Detection          : Adware:Win32/BulkHeur.3f36db!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\realplayer setup(1).exe


Cleaning Result
-------------------------------------------------------
Cleaned               : 3
Reported as safe      : 0
Failed                : 0
 



#11 philemer

philemer
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 08 July 2017 - 10:27 AM

FRST.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by philemer1 (08-07-2017 09:21:07)
Running from C:\Users\philemer1\Downloads
Windows 10 Home Version 1703 (X64) (2017-06-24 22:11:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3581045672-1612819324-1139848935-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3581045672-1612819324-1139848935-503 - Limited - Disabled)
Guest (S-1-5-21-3581045672-1612819324-1139848935-501 - Limited - Disabled)
philemer1 (S-1-5-21-3581045672-1612819324-1139848935-1002 - Administrator - Enabled) => C:\Users\philemer1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (HKLM-x32\...\WTA-c5524137-f4d0-4f68-8d43-28ec93df5d46) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Airport Mania (HKLM-x32\...\WTA-aefff5c0-87f6-4bf8-8be0-73488df7ae65) (Version: 2.2.0.95 - WildTangent) Hidden
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.82 - NVIDIA Corporation) Hidden
Azkend 2: The World Beneath (HKLM-x32\...\WTA-82dec467-8a67-4ed6-aa96-3ff50ba3453f) (Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-05306c68-571c-4b42-baf8-064b4a9d9485) (Version: 2.2.0.98 - WildTangent) Hidden
Bounce Symphony (HKLM-x32\...\WTA-9b5f706d-a7d7-4844-b7f4-52953035fea4) (Version: 2.2.0.97 - WildTangent) Hidden
Bridge Master 2000 Audrey Grant (HKLM-x32\...\Bridge Master 2000 Audrey Grant) (Version:  - Bridge Base Inc.)
Build-a-lot (HKLM-x32\...\WTA-d121fd6b-35af-4d6a-a331-05e454648593) (Version: 2.2.0.98 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-d7fae457-7a13-4788-844b-ba139fb29595) (Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-9edc3cbe-d922-4955-8717-e8993a7e0f83) (Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (HKLM-x32\...\WTA-a0b23231-e88c-42f6-b03b-cb06ee71e1e2) (Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-198a6988-9e4a-4731-9454-bbf6179fbd33) (Version: 3.0.2.32 - WildTangent) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 29.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (HKLM-x32\...\WTA-054375e9-a2bd-4616-9ba1-0ea5f17a2993) (Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (HKLM-x32\...\WTA-431213ba-95e4-4bb8-97aa-ea3060954457) (Version: 3.0.2.38 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GOTO Bridge XVI (HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\GOTO Bridge16) (Version: 1.0.0.0 - Goto.Games)
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-283e0e6c-75ef-4d32-8daf-2308144e420d) (Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-7158cd15-5fb5-40a7-a658-c79be6dbe5f4) (Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{1154543C-D5D0-49BE-A004-82EE0A3746AE}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{6B1ECC61-B581-400D-BFAF-101B1AAEA5AB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.57 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1053 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-100c2128-10ae-4281-945a-68aaf85f6e2e) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-0ade91f7-d902-475e-b940-16eda7b77053) (Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (HKLM-x32\...\WTA-79baf2a8-a6e6-4630-9d0c-7791791815de) (Version: 3.0.2.48 - WildTangent) Hidden
Learn to Play Bridge (HKLM-x32\...\Learn_to_Play_Bridge) (Version:  - )
Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0  - Millennia Corporation)
Luxor Evolved (HKLM-x32\...\WTA-9aeb2a63-0441-47f0-bb05-5c2e41b88f1c) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (HKLM-x32\...\WTA-b3b6df4e-fd04-4f1d-8b36-6ad02d21d8dd) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-52064c53-c2c0-4c67-a8ca-110459147ddd) (Version: 2.2.0.98 - WildTangent) Hidden
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.82 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Peggle Nights (HKLM-x32\...\WTA-1345b9c5-0008-4578-9be5-75b43653efe0) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-6419faa6-b2ee-4c22-989f-b625bf1b6050) (Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.1.1.2 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-2e7a6774-47a6-483d-a5ea-653cf29da0d2) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-91bfae74-a26a-4b2e-af0a-4137408eaaa2) (Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (HKLM-x32\...\WTA-fcede332-e6a6-4d6b-b4d6-0691437766f5) (Version: 2.2.0.98 - WildTangent) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\Spotify) (Version: 1.0.56.451.gb2f539fc - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-caae243d-c072-45e7-8681-7100dec8e017) (Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-1572177c-8c97-4ded-a737-e25574ff9746) (Version: 3.0.2.32 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.15 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Jewel Shop (HKLM-x32\...\WTA-0e769caf-55b1-4e3a-9cb7-482660a16bdb) (Version: 3.0.2.32 - WildTangent) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
Zuma's Revenge (HKLM-x32\...\WTA-f924df6c-17ab-43f6-aae6-f3d2e1609f5c) (Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-08] ()
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers01: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt_20150827_12_19_26.dll [2015-08-27] (Cyberlink)
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers02: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt_20150827_12_19_26.dll [2015-08-27] (Cyberlink)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-08] ()
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08145A84-D0FA-48D8-B774-C093067D2170} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-07-29] (Intel)
Task: {16AE7B06-3B2B-4501-9846-C2FD11450231} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-10-28] (CyberLink Corp.)
Task: {17F02479-A707-4C0A-9498-EF5582039BA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {1B95C45A-3930-4AD7-A010-2394BA467850} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {20566E91-DA86-4E32-9D8C-64B4632BFF7F} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {22D24F5F-BC8F-4B5E-AB23-23B3A6D5A37E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {28C11180-B173-4AB6-9C7A-F0564359875E} - System32\Tasks\HP AR Program Upload - a92f283553d34c388c9519dc330755dcc60bfe0d4e0c4e319f591032c1deb875 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {2A10E163-351D-4F24-903F-BFDBA2E27675} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2E638330-F1F7-477E-B718-718B84C38782} - System32\Tasks\HP AR Program Upload - 5d0c7b7ff57a4c7db0217b01c00dfd9c8892efff74c0498190f7c897fa5816ce => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {33B9EC48-B939-4512-AA92-0F171FD7496A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3F4711C1-2202-4D15-AF7F-4C8F7BA75070} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {401A4C41-4A12-4FF5-88AC-3944A2654103} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4461D3CA-69D8-45AA-8631-2B8265DA35BB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {458E958C-8AAD-4BA2-826F-4D1658811857} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4C155924-3795-44E2-BB9B-717BDEC3C8DE} - System32\Tasks\HP AR Program Upload - 72c25606d915415d8c77ad4fef95db55f6548b599dcc4ad0919441df28400e7f => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {512015E2-F761-459D-8D93-62FCF1B5767E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {5973DEA3-676C-43B0-B8AF-26E47662DF17} - System32\Tasks\HPCeeScheduleForphilemer1 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {5F4D5EA7-6D3E-4C4B-A122-5AA48F4ED950} - System32\Tasks\HP AR Program Upload - 586de0718bf24a80a960c5d3bb912cb3a4111b93edc34f19bd02b2c03377510b => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {5F7545ED-0158-40B8-9A45-0F39BDC57DCA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {6867A8A0-90AB-4D13-A018-C16E3B70B7E2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {71F5BDEA-94FD-4395-BF3F-250492D3BF40} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {81A8700F-6DDF-4309-8F35-B86CC69E1B92} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {884F7870-9360-48FE-A29B-33D011D226B2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8CB6D634-DCFA-42C5-AA22-F8FC60BA55CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {8D12B770-2361-4961-ADAF-7139F6E05A97} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-09-02] (Synaptics Incorporated)
Task: {8F99D985-A76E-4933-8F3D-6E100F1CE964} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {9F7BBA20-7F50-4963-9496-54905BBA3FD7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A6DFD3AD-282B-4543-AC9D-8A0D03B9C0FA} - System32\Tasks\HP AR Program Upload - d963eca0bcc3412abe21897c2892815556c20b6dc5bf4be0b3a78d3aa16d88d1 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {B116C521-DD3A-4F82-A217-B020BABCF2E0} - System32\Tasks\HP AR Program Upload - 05ddeb7df0974d8292f9a1038034b8ac309f325913a04a919c30b0972b2983d3 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {CA8E2BB2-E932-4F30-BB3D-9FAEC507CA4D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DB4475F3-72BE-42B6-98D3-03A4A7B66FEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated)
Task: {E1602C6C-D286-457D-9517-C1A34C14AB87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
Task: {E87B0D7D-76C8-4A1E-8237-3E084C1DEC73} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F0A2D7D1-0B4B-4F7B-9E6B-214F61BE7B69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {F249BC45-ADE7-46CB-AFAA-02FAA213331F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F4EAE9D5-A1F9-45AC-AB40-E56E84D6EE09} - \WPD\SqmUpload_S-1-5-21-3581045672-1612819324-1139848935-1002 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForphilemer1.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2013-10-14 11:23 - 2013-10-14 11:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 11:24 - 2013-10-14 11:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 11:25 - 2013-10-14 11:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2017-03-18 14:58 - 2017-03-18 14:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 14:59 - 2017-03-18 20:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-01 23:05 - 2016-11-01 23:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2013-10-14 11:30 - 2013-10-14 11:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2017-06-21 08:40 - 2017-06-21 08:40 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 08:40 - 2017-06-21 08:40 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 08:40 - 2017-06-21 08:40 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 08:40 - 2017-06-21 08:40 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2016-09-29 11:12 - 2016-06-14 14:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-02-08 21:07 - 2013-08-09 06:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\philemer1\Pictures\20150320_165306.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "RealPlayer Cloud Service UI.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "SimplePass"
HKLM\...\StartupApproved\Run: => "OPBHOBroker"
HKLM\...\StartupApproved\Run: => "OPBHOBrokerDesktop"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "AccelerometerSysTrayApplet"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk"
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\StartupApproved\Run: => "HP Photosmart 7520 series (NET)"
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DAAB29DACF139317CCE1FCB23B654B35"
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\StartupApproved\Run: => "SansaDispatch"
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E18D447B-D076-4521-9324-D7E0C430AB3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{294465F1-1EEF-4B16-AB29-AF205E140FDA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{11E95C43-1F5A-4CA1-9F65-E8A467700071}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{244B5806-AF95-451C-BD5A-5DAA3BA3E33A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1F424E34-E929-4CC8-B88B-B084D92E3527}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A9269AAA-A56A-4A21-989E-14B56CF71298}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{036168D2-C1AE-4EE5-9FFB-4FC6891AB8FA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A66A2228-2410-4CB1-868C-35910CCDE30E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A6995F7D-ACFC-474C-ADE4-38F42E45153F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E2E5BACA-07A5-48F0-9A48-D0FDEE6100DD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{2007D3A3-5690-4F8C-B0CE-F3D127BCEBD3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{7F371DDF-3EC5-410C-A0B1-9A0266B0052B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{3E3B7839-D191-4BEC-9B2B-60666FA8F663}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{00AED86C-4A21-41E3-B9A8-4FD38D47BCA3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{40632441-BD6B-495D-A09E-1CA1499DD41F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [UDP Query User{A20E8D88-BDF3-4E9B-9C4D-D7FF50643862}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{1F183245-45DC-4595-9BDE-CAA9AE072306}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{0DAAEDB2-E3BB-48A9-B1FF-0BBBB853E4A1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [UDP Query User{90924254-6E51-4419-8460-A17C768ECFF7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{3286D75B-E801-4512-BB53-167A3C74E085}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{65FF237F-58A6-49A8-9086-A468776903A7}C:\users\philemer1\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\philemer1\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4D116767-52A1-47BF-94E0-899B09710E0C}C:\users\philemer1\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\philemer1\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A124A274-8A07-4516-9883-52E92A21DB8A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{239A4802-543A-4908-A24C-BF5827A16030}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{73A8BB50-C26A-4CD3-B858-53376D327150}C:\users\philemer1\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\philemer1\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{487A2FE3-AC89-4BB1-B0C4-E413AF52F8B0}C:\users\philemer1\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\philemer1\appdata\roaming\spotify\spotify.exe
FirewallRules: [{34C822C2-4EED-48A8-8EEA-A5C545ED0713}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{CF0495E6-93BF-4571-81CE-1D641EBB6370}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{97CFE666-0CC1-4CEE-A19F-D0ED98E1EE08}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\DeviceSetup.exe
FirewallRules: [{BB49C178-8526-4991-A618-13EFD96C491E}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\SendAFax.exe
FirewallRules: [{3D78C5E1-231C-4667-B1F2-016AF531462B}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\DigitalWizards.exe
FirewallRules: [{7FCB4331-D805-4ECB-9F23-3B7648C814B2}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\FaxApplications.exe
FirewallRules: [{AF2AFF78-7E2B-4E56-805A-B36AC79EEE83}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{8FCEDA88-412A-4512-8C39-843E6C457B68}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{353B147D-8FF5-4BD6-9B9B-34F0BEEE6552}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1EC80915-DBAC-4F85-9D5F-3C600D3420B7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D3B0994C-0C25-4FB9-82C2-F171B29A2F20}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9C52626E-7C5D-46E5-9E26-7A0DD71C604F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3666CEE8-DB06-462A-9E09-88CB96E6CEC7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5B501C93-B2F2-4892-9134-A851C34C336D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{A289AC7B-F0F2-418A-90A4-DA1725017946}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{89F79FC8-7FE2-4FC8-9FB4-3D9F8D9A35AD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{285C6B7D-9645-4FCB-9FFB-E8E36FBB4A43}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{0A4A28A5-738D-421F-9D1B-233698E0831A}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{D1AB65F1-7244-4E60-AF8C-B8103598032E}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{DD3F0178-81BD-4433-8973-A32D3C4553A8}] => (Allow) LPort=1900
FirewallRules: [{65403878-0C0B-4320-BDA7-F27DA4A78EBB}] => (Allow) LPort=2869
FirewallRules: [{75DBECFF-08A1-4488-A4D4-716F16934AA7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{271721FE-70F4-4EC2-82E1-2BE16B206844}] => (Allow) C:\Users\philemer1\Downloads\SuperCalculator8-73902874.exe
FirewallRules: [{9711498E-262B-4EBC-BEE1-B251CC16CFA2}] => (Allow) C:\Users\philemer1\Downloads\SuperCalculator8-73902874.exe
FirewallRules: [{59AA5ADC-659A-4BCE-8BEE-F778FAA0BC88}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{A9E8FE8C-AC45-4FB0-88D3-FF7DD6CD9343}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5021A398-A180-48C8-869B-CDBDB41B301D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Restore Points =========================

24-06-2017 16:39:47 Windows Update
02-07-2017 18:24:21 Scheduled Checkpoint
05-07-2017 16:17:49 HPSF Applying updates
06-07-2017 17:57:44 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2017 09:20:44 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 09:15:44 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 09:10:44 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 09:05:44 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 09:00:44 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 08:55:44 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 08:52:05 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 08:47:04 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 08:42:04 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 08:37:04 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (07/08/2017 08:55:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/08/2017 08:55:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/08/2017 08:55:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpsrv service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/08/2017 08:55:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpsrv service to connect.

Error: (07/08/2017 08:55:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (07/07/2017 07:41:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (07/07/2017 06:30:42 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (07/06/2017 06:32:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/06/2017 06:32:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/06/2017 06:32:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpsrv service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
  Date: 2017-07-07 18:28:47.234
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmwu.inf_amd64_a2527a6474fd95b3\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-06 17:19:27.460
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmwu.inf_amd64_a2527a6474fd95b3\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-04 17:29:08.046
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmwu.inf_amd64_a2527a6474fd95b3\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-25 17:55:35.312
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmwu.inf_amd64_a2527a6474fd95b3\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 34%
Total physical RAM: 8124.02 MB
Available physical RAM: 5299.4 MB
Total Virtual: 8636.02 MB
Available Virtual: 5881.09 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:907.42 GB) (Free:819.58 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22.41 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)

Partition: GPT.

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: DC950105)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

and

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-07-2017
Ran by philemer1 (08-07-2017 09:21:07)
Running from C:\Users\philemer1\Downloads
Windows 10 Home Version 1703 (X64) (2017-06-24 22:11:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3581045672-1612819324-1139848935-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3581045672-1612819324-1139848935-503 - Limited - Disabled)
Guest (S-1-5-21-3581045672-1612819324-1139848935-501 - Limited - Disabled)
philemer1 (S-1-5-21-3581045672-1612819324-1139848935-1002 - Administrator - Enabled) => C:\Users\philemer1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (HKLM-x32\...\WTA-c5524137-f4d0-4f68-8d43-28ec93df5d46) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Airport Mania (HKLM-x32\...\WTA-aefff5c0-87f6-4bf8-8be0-73488df7ae65) (Version: 2.2.0.95 - WildTangent) Hidden
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.82 - NVIDIA Corporation) Hidden
Azkend 2: The World Beneath (HKLM-x32\...\WTA-82dec467-8a67-4ed6-aa96-3ff50ba3453f) (Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-05306c68-571c-4b42-baf8-064b4a9d9485) (Version: 2.2.0.98 - WildTangent) Hidden
Bounce Symphony (HKLM-x32\...\WTA-9b5f706d-a7d7-4844-b7f4-52953035fea4) (Version: 2.2.0.97 - WildTangent) Hidden
Bridge Master 2000 Audrey Grant (HKLM-x32\...\Bridge Master 2000 Audrey Grant) (Version:  - Bridge Base Inc.)
Build-a-lot (HKLM-x32\...\WTA-d121fd6b-35af-4d6a-a331-05e454648593) (Version: 2.2.0.98 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle Of Egypt Collector's Edition (HKLM-x32\...\WTA-d7fae457-7a13-4788-844b-ba139fb29595) (Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (HKLM-x32\...\WTA-9edc3cbe-d922-4955-8717-e8993a7e0f83) (Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (HKLM-x32\...\WTA-a0b23231-e88c-42f6-b03b-cb06ee71e1e2) (Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4628 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (HKLM-x32\...\WTA-198a6988-9e4a-4731-9454-bbf6179fbd33) (Version: 3.0.2.32 - WildTangent) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 29.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (HKLM-x32\...\WTA-054375e9-a2bd-4616-9ba1-0ea5f17a2993) (Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (HKLM-x32\...\WTA-431213ba-95e4-4bb8-97aa-ea3060954457) (Version: 3.0.2.38 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GOTO Bridge XVI (HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\GOTO Bridge16) (Version: 1.0.0.0 - Goto.Games)
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-283e0e6c-75ef-4d32-8daf-2308144e420d) (Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (HKLM-x32\...\WTA-7158cd15-5fb5-40a7-a658-c79be6dbe5f4) (Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{1154543C-D5D0-49BE-A004-82EE0A3746AE}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 7520 series Basic Device Software (HKLM\...\{27ABA988-D480-4F44-B0FD-45E5656D2CFE}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 7520 series Help (HKLM-x32\...\{08295D09-E002-48F8-905D-34E4B08509BA}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 7520 series Product Improvement Study (HKLM\...\{16B872EE-C458-41BD-BEAE-52758A3F3168}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7045.4591 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{6B1ECC61-B581-400D-BFAF-101B1AAEA5AB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.00.57 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1053 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-100c2128-10ae-4281-945a-68aaf85f6e2e) (Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (HKLM-x32\...\WTA-0ade91f7-d902-475e-b940-16eda7b77053) (Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (HKLM-x32\...\WTA-79baf2a8-a6e6-4630-9d0c-7791791815de) (Version: 3.0.2.48 - WildTangent) Hidden
Learn to Play Bridge (HKLM-x32\...\Learn_to_Play_Bridge) (Version:  - )
Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0  - Millennia Corporation)
Luxor Evolved (HKLM-x32\...\WTA-9aeb2a63-0441-47f0-bb05-5c2e41b88f1c) (Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (HKLM-x32\...\WTA-b3b6df4e-fd04-4f1d-8b36-6ad02d21d8dd) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{45898170-E68C-4F02-AA35-C2186BF347A3}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}) (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-52064c53-c2c0-4c67-a8ca-110459147ddd) (Version: 2.2.0.98 - WildTangent) Hidden
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.82 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Peggle Nights (HKLM-x32\...\WTA-1345b9c5-0008-4578-9be5-75b43653efe0) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-6419faa6-b2ee-4c22-989f-b625bf1b6050) (Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.1.1.2 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-2e7a6774-47a6-483d-a5ea-653cf29da0d2) (Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-91bfae74-a26a-4b2e-af0a-4137408eaaa2) (Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (HKLM-x32\...\WTA-fcede332-e6a6-4d6b-b4d6-0691437766f5) (Version: 2.2.0.98 - WildTangent) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\Spotify) (Version: 1.0.56.451.gb2f539fc - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
Tales of Lagoona (HKLM-x32\...\WTA-caae243d-c072-45e7-8681-7100dec8e017) (Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-1572177c-8c97-4ded-a737-e25574ff9746) (Version: 3.0.2.32 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.10.15 - WildTangent) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Jewel Shop (HKLM-x32\...\WTA-0e769caf-55b1-4e3a-9cb7-482660a16bdb) (Version: 3.0.2.32 - WildTangent) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.76 - Zemana Ltd.)
Zuma's Revenge (HKLM-x32\...\WTA-f924df6c-17ab-43f6-aae6-f3d2e1609f5c) (Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers01: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-08] ()
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers01: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt_20150827_12_19_26.dll [2015-08-27] (Cyberlink)
ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers02: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt_20150827_12_19_26.dll [2015-08-27] (Cyberlink)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.)
ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Intel Corporation)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers06: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-07-08] ()
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08145A84-D0FA-48D8-B774-C093067D2170} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-07-29] (Intel)
Task: {16AE7B06-3B2B-4501-9846-C2FD11450231} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-10-28] (CyberLink Corp.)
Task: {17F02479-A707-4C0A-9498-EF5582039BA8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {1B95C45A-3930-4AD7-A010-2394BA467850} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {20566E91-DA86-4E32-9D8C-64B4632BFF7F} - System32\Tasks\HPCustParticipation HP Photosmart 7520 series => C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {22D24F5F-BC8F-4B5E-AB23-23B3A6D5A37E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {28C11180-B173-4AB6-9C7A-F0564359875E} - System32\Tasks\HP AR Program Upload - a92f283553d34c388c9519dc330755dcc60bfe0d4e0c4e319f591032c1deb875 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {2A10E163-351D-4F24-903F-BFDBA2E27675} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2E638330-F1F7-477E-B718-718B84C38782} - System32\Tasks\HP AR Program Upload - 5d0c7b7ff57a4c7db0217b01c00dfd9c8892efff74c0498190f7c897fa5816ce => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {33B9EC48-B939-4512-AA92-0F171FD7496A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3F4711C1-2202-4D15-AF7F-4C8F7BA75070} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {401A4C41-4A12-4FF5-88AC-3944A2654103} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4461D3CA-69D8-45AA-8631-2B8265DA35BB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {458E958C-8AAD-4BA2-826F-4D1658811857} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4C155924-3795-44E2-BB9B-717BDEC3C8DE} - System32\Tasks\HP AR Program Upload - 72c25606d915415d8c77ad4fef95db55f6548b599dcc4ad0919441df28400e7f => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {512015E2-F761-459D-8D93-62FCF1B5767E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {5973DEA3-676C-43B0-B8AF-26E47662DF17} - System32\Tasks\HPCeeScheduleForphilemer1 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {5F4D5EA7-6D3E-4C4B-A122-5AA48F4ED950} - System32\Tasks\HP AR Program Upload - 586de0718bf24a80a960c5d3bb912cb3a4111b93edc34f19bd02b2c03377510b => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {5F7545ED-0158-40B8-9A45-0F39BDC57DCA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {6867A8A0-90AB-4D13-A018-C16E3B70B7E2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {71F5BDEA-94FD-4395-BF3F-250492D3BF40} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {81A8700F-6DDF-4309-8F35-B86CC69E1B92} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {884F7870-9360-48FE-A29B-33D011D226B2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8CB6D634-DCFA-42C5-AA22-F8FC60BA55CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HP Inc.)
Task: {8D12B770-2361-4961-ADAF-7139F6E05A97} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-09-02] (Synaptics Incorporated)
Task: {8F99D985-A76E-4933-8F3D-6E100F1CE964} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {9F7BBA20-7F50-4963-9496-54905BBA3FD7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A6DFD3AD-282B-4543-AC9D-8A0D03B9C0FA} - System32\Tasks\HP AR Program Upload - d963eca0bcc3412abe21897c2892815556c20b6dc5bf4be0b3a78d3aa16d88d1 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {B116C521-DD3A-4F82-A217-B020BABCF2E0} - System32\Tasks\HP AR Program Upload - 05ddeb7df0974d8292f9a1038034b8ac309f325913a04a919c30b0972b2983d3 => C:\Program Files\HP\HP Photosmart 7520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {CA8E2BB2-E932-4F30-BB3D-9FAEC507CA4D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DB4475F3-72BE-42B6-98D3-03A4A7B66FEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated)
Task: {E1602C6C-D286-457D-9517-C1A34C14AB87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
Task: {E87B0D7D-76C8-4A1E-8237-3E084C1DEC73} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F0A2D7D1-0B4B-4F7B-9E6B-214F61BE7B69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {F249BC45-ADE7-46CB-AFAA-02FAA213331F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F4EAE9D5-A1F9-45AC-AB40-E56E84D6EE09} - \WPD\SqmUpload_S-1-5-21-3581045672-1612819324-1139848935-1002 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForphilemer1.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2013-10-14 11:23 - 2013-10-14 11:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 11:24 - 2013-10-14 11:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 11:25 - 2013-10-14 11:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 11:22 - 2013-10-14 11:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 11:35 - 2013-10-14 11:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2017-03-18 14:58 - 2017-03-18 14:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 14:59 - 2017-03-18 20:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-01 23:05 - 2016-11-01 23:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2013-10-14 11:30 - 2013-10-14 11:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2017-06-21 08:40 - 2017-06-21 08:40 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 08:40 - 2017-06-21 08:40 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 08:40 - 2017-06-21 08:40 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 08:40 - 2017-06-21 08:40 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2016-09-29 11:12 - 2016-06-14 14:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-02-08 21:07 - 2013-08-09 06:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\philemer1\Pictures\20150320_165306.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "RealPlayer Cloud Service UI.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "SimplePass"
HKLM\...\StartupApproved\Run: => "OPBHOBroker"
HKLM\...\StartupApproved\Run: => "OPBHOBrokerDesktop"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "AccelerometerSysTrayApplet"
HKLM\...\StartupApproved\Run32: => "YouCam Service"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk"
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\StartupApproved\Run: => "HP Photosmart 7520 series (NET)"
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DAAB29DACF139317CCE1FCB23B654B35"
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\StartupApproved\Run: => "SansaDispatch"
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E18D447B-D076-4521-9324-D7E0C430AB3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{294465F1-1EEF-4B16-AB29-AF205E140FDA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{11E95C43-1F5A-4CA1-9F65-E8A467700071}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{244B5806-AF95-451C-BD5A-5DAA3BA3E33A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{1F424E34-E929-4CC8-B88B-B084D92E3527}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A9269AAA-A56A-4A21-989E-14B56CF71298}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{036168D2-C1AE-4EE5-9FFB-4FC6891AB8FA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A66A2228-2410-4CB1-868C-35910CCDE30E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A6995F7D-ACFC-474C-ADE4-38F42E45153F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E2E5BACA-07A5-48F0-9A48-D0FDEE6100DD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{2007D3A3-5690-4F8C-B0CE-F3D127BCEBD3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{7F371DDF-3EC5-410C-A0B1-9A0266B0052B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{3E3B7839-D191-4BEC-9B2B-60666FA8F663}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{00AED86C-4A21-41E3-B9A8-4FD38D47BCA3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{40632441-BD6B-495D-A09E-1CA1499DD41F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [UDP Query User{A20E8D88-BDF3-4E9B-9C4D-D7FF50643862}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{1F183245-45DC-4595-9BDE-CAA9AE072306}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{0DAAEDB2-E3BB-48A9-B1FF-0BBBB853E4A1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [UDP Query User{90924254-6E51-4419-8460-A17C768ECFF7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{3286D75B-E801-4512-BB53-167A3C74E085}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{65FF237F-58A6-49A8-9086-A468776903A7}C:\users\philemer1\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\philemer1\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{4D116767-52A1-47BF-94E0-899B09710E0C}C:\users\philemer1\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\philemer1\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A124A274-8A07-4516-9883-52E92A21DB8A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{239A4802-543A-4908-A24C-BF5827A16030}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{73A8BB50-C26A-4CD3-B858-53376D327150}C:\users\philemer1\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\philemer1\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{487A2FE3-AC89-4BB1-B0C4-E413AF52F8B0}C:\users\philemer1\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\philemer1\appdata\roaming\spotify\spotify.exe
FirewallRules: [{34C822C2-4EED-48A8-8EEA-A5C545ED0713}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{CF0495E6-93BF-4571-81CE-1D641EBB6370}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{97CFE666-0CC1-4CEE-A19F-D0ED98E1EE08}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\Bin\DeviceSetup.exe
FirewallRules: [{BB49C178-8526-4991-A618-13EFD96C491E}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\SendAFax.exe
FirewallRules: [{3D78C5E1-231C-4667-B1F2-016AF531462B}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\DigitalWizards.exe
FirewallRules: [{7FCB4331-D805-4ECB-9F23-3B7648C814B2}] => (Allow) C:\Program Files\HP\HP Photosmart 7520 series\bin\FaxApplications.exe
FirewallRules: [{AF2AFF78-7E2B-4E56-805A-B36AC79EEE83}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{8FCEDA88-412A-4512-8C39-843E6C457B68}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{353B147D-8FF5-4BD6-9B9B-34F0BEEE6552}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1EC80915-DBAC-4F85-9D5F-3C600D3420B7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D3B0994C-0C25-4FB9-82C2-F171B29A2F20}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9C52626E-7C5D-46E5-9E26-7A0DD71C604F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3666CEE8-DB06-462A-9E09-88CB96E6CEC7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5B501C93-B2F2-4892-9134-A851C34C336D}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{A289AC7B-F0F2-418A-90A4-DA1725017946}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{89F79FC8-7FE2-4FC8-9FB4-3D9F8D9A35AD}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{285C6B7D-9645-4FCB-9FFB-E8E36FBB4A43}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{0A4A28A5-738D-421F-9D1B-233698E0831A}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{D1AB65F1-7244-4E60-AF8C-B8103598032E}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{DD3F0178-81BD-4433-8973-A32D3C4553A8}] => (Allow) LPort=1900
FirewallRules: [{65403878-0C0B-4320-BDA7-F27DA4A78EBB}] => (Allow) LPort=2869
FirewallRules: [{75DBECFF-08A1-4488-A4D4-716F16934AA7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{271721FE-70F4-4EC2-82E1-2BE16B206844}] => (Allow) C:\Users\philemer1\Downloads\SuperCalculator8-73902874.exe
FirewallRules: [{9711498E-262B-4EBC-BEE1-B251CC16CFA2}] => (Allow) C:\Users\philemer1\Downloads\SuperCalculator8-73902874.exe
FirewallRules: [{59AA5ADC-659A-4BCE-8BEE-F778FAA0BC88}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{A9E8FE8C-AC45-4FB0-88D3-FF7DD6CD9343}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5021A398-A180-48C8-869B-CDBDB41B301D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Restore Points =========================

24-06-2017 16:39:47 Windows Update
02-07-2017 18:24:21 Scheduled Checkpoint
05-07-2017 16:17:49 HPSF Applying updates
06-07-2017 17:57:44 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2017 09:20:44 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 09:15:44 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 09:10:44 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 09:05:44 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 09:00:44 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 08:55:44 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 08:52:05 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 08:47:04 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 08:42:04 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/08/2017 08:37:04 AM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0


System errors:
=============
Error: (07/08/2017 08:55:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/08/2017 08:55:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/08/2017 08:55:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpsrv service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/08/2017 08:55:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpsrv service to connect.

Error: (07/08/2017 08:55:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (07/07/2017 07:41:29 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (07/07/2017 06:30:42 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (07/06/2017 06:32:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/06/2017 06:32:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/06/2017 06:32:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpsrv service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
  Date: 2017-07-07 18:28:47.234
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmwu.inf_amd64_a2527a6474fd95b3\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-06 17:19:27.460
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmwu.inf_amd64_a2527a6474fd95b3\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-04 17:29:08.046
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmwu.inf_amd64_a2527a6474fd95b3\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-25 17:55:35.312
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmwu.inf_amd64_a2527a6474fd95b3\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 34%
Total physical RAM: 8124.02 MB
Available physical RAM: 5299.4 MB
Total Virtual: 8636.02 MB
Available Virtual: 5881.09 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:907.42 GB) (Free:819.58 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22.41 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)

Partition: GPT.

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: DC950105)

Partition: GPT.

==================== End of Addition.txt ============================



#12 philemer

philemer
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 08 July 2017 - 10:33 AM

I may have posted a dup. report above. Here is the other:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-07-2017
Ran by philemer1 (administrator) on ENVY-LAPTOP (08-07-2017 09:19:53)
Running from C:\Users\philemer1\Downloads
Loaded Profiles: philemer1 (Available Profiles: philemer1)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2017-07-05] (IDT, Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2015-09-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-06-26] (Dropbox, Inc.)
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\Run: [HP Photosmart 7520 series (NET)] => C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1720584 2015-02-08] (CyberLink Corp.)
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\...\Run: [SansaDispatch] => C:\Users\philemer1\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465288 2015-10-09] (SanDisk Corporation)
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [804352 2017-03-18] (Microsoft Corporation)
Startup: C:\Users\philemer1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk [2016-08-16]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{01402862-4091-463f-8b12-29f14e4eb1f4}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{caf8f92d-2c81-400e-9aa8-004772d21ef9}: [DhcpNameServer] 192.168.0.1 205.171.2.25

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://my.yahoo.com/
SearchScopes: HKLM -> {5EA47470-B9B7-4A60-8ACB-0EB88E902EB1} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3581045672-1612819324-1139848935-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3581045672-1612819324-1139848935-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-16] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)

FireFox:
========
FF ProfilePath: C:\Users\philemer1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default [2017-07-08]
FF Homepage: Mozilla\Firefox\Profiles\0jbi0bbi.default -> hxxps://my.yahoo.com/
FF Extension: (AdBlocker Ultimate) - C:\Users\philemer1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-12-28]
FF Extension: (&Manage search engines& button) - C:\Users\philemer1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default\Extensions\jid1-XGhxOf1M8UPpsQ@jetpack.xpi [2016-07-12]
FF Extension: (New Tabs at the End) - C:\Users\philemer1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default\Extensions\new-tabs-at-end@forerunnerdesigns.com.xpi [2016-04-28]
FF Extension: (QuickDrag) - C:\Users\philemer1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default\Extensions\quickdrag@mozilla.ktechcomputing.com.xpi [2016-04-28]
FF Extension: (Support Free Content) - C:\Users\philemer1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default\Extensions\supportfreecontent@mozilla.org.xpi [2017-01-20]
FF Extension: (FireShot) - C:\Users\philemer1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-08-29]
FF Extension: (Garmin Communicator) - C:\Users\philemer1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2016-04-28]
FF Extension: (Adblock Plus) - C:\Users\philemer1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-07]
FF SearchPlugin: C:\Users\philemer1\AppData\Roaming\Mozilla\Firefox\Profiles\0jbi0bbi.default\searchplugins\firefox-add-ons.xml [2016-01-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-16] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default [2017-07-07]
CHR Extension: (Google Slides) - C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-06]
CHR Extension: (Google Docs) - C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-06]
CHR Extension: (Google Drive) - C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-06]
CHR Extension: (YouTube) - C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-06]
CHR Extension: (Google Sheets) - C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-06]
CHR Extension: (Google Docs Offline) - C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-06]
CHR Extension: (Gmail) - C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-06]
CHR Extension: (Chrome Media Router) - C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-06]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2297104 2015-10-12] (Broadcom Corporation.)
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2015-03-03] (CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-06-26] (Dropbox, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
S2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-12] (HP)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2015-09-03] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [781280 2013-07-29] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2017-07-05] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15546512 2017-06-19] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [56128 2016-10-12] (HP)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [227144 2015-10-12] (Broadcom Corporation.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [42312 2016-10-12] (HP)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 irstrtdv; C:\WINDOWS\System32\drivers\irstrtdv.sys [20192 2013-07-29] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
R1 MpKsld009e3a9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{480E83AD-0BAB-4E77-854D-C0C30C771A58}\MpKsld009e3a9.sys [44928 2017-07-08] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmwu.inf_amd64_a2527a6474fd95b3\nvlddmkm.sys [14456920 2017-05-18] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56376 2016-08-04] (NVIDIA Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\SysWOW64\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation                           )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-07-08] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-07-08] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-08 09:19 - 2017-07-08 09:20 - 00021837 _____ C:\Users\philemer1\Downloads\FRST.txt
2017-07-08 09:19 - 2017-07-08 09:19 - 00000000 ____D C:\FRST
2017-07-08 09:18 - 2017-07-08 09:18 - 02437120 _____ (Farbar) C:\Users\philemer1\Downloads\FRST64.exe
2017-07-08 08:38 - 2017-07-08 09:19 - 00072714 _____ C:\WINDOWS\ZAM.krnl.trace
2017-07-08 08:38 - 2017-07-08 09:19 - 00038333 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-07-08 08:38 - 2017-07-08 08:38 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-07-08 08:38 - 2017-07-08 08:38 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-07-08 08:38 - 2017-07-08 08:38 - 00001228 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-07-08 08:38 - 2017-07-08 08:38 - 00000000 ____D C:\Users\philemer1\AppData\Local\Zemana
2017-07-08 08:38 - 2017-07-08 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-07-08 08:38 - 2017-07-08 08:38 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-07-08 08:37 - 2017-07-08 08:37 - 06589840 _____ (Zemana Ltd. ) C:\Users\philemer1\Downloads\Zemana.AntiMalware.Setup.exe
2017-07-06 18:37 - 2017-07-06 18:37 - 00000000 ____D C:\Users\philemer1\AppData\Local\NetworkTiles
2017-07-06 18:31 - 2017-07-06 18:18 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2017-07-06 18:18 - 2017-07-06 18:30 - 00000000 ____D C:\zoek_backup
2017-07-06 18:17 - 2017-07-06 18:17 - 01309184 _____ C:\Users\philemer1\Downloads\zoek.exe
2017-07-06 18:05 - 2017-07-06 18:05 - 00000998 _____ C:\Users\philemer1\Desktop\JRT - Shortcut.lnk
2017-07-06 17:59 - 2017-07-06 17:59 - 00001623 _____ C:\Users\philemer1\Desktop\JRT.txt
2017-07-06 17:57 - 2017-07-06 17:57 - 01663672 _____ (Malwarebytes) C:\Users\philemer1\Downloads\JRT.exe
2017-07-06 17:51 - 2017-07-06 17:51 - 04110280 _____ C:\Users\philemer1\Downloads\adwcleaner_6.047 (1).exe
2017-07-06 17:45 - 2017-07-06 17:45 - 00001121 _____ C:\Users\philemer1\Desktop\adwcleaner_6.047 - Shortcut.lnk
2017-07-06 17:44 - 2017-07-06 18:51 - 00000000 ____D C:\AdwCleaner
2017-07-06 17:42 - 2017-07-06 17:42 - 04110280 _____ C:\Users\philemer1\Downloads\adwcleaner_6.047.exe
2017-07-06 16:53 - 2017-07-06 16:53 - 00236464 _____ C:\Users\philemer1\Downloads\PHILLIP EMERSON_TransUnion Personal Credit Report_20170706.pdf
2017-07-06 16:01 - 2017-07-06 16:01 - 00001324 _____ C:\Users\philemer1\Desktop\FREE CREDIT REPORTS PULLED - Shortcut.lnk
2017-07-05 20:34 - 2017-07-06 23:17 - 00016826 _____ C:\Users\philemer1\Documents\FREE CREDIT REPORTS PULLED.odt
2017-07-05 20:31 - 2017-07-05 20:31 - 00243156 _____ C:\Users\philemer1\Downloads\SUSAN EMERSON_TransUnion Personal Credit Report_20170705.pdf
2017-07-05 16:24 - 2017-07-05 16:24 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2017-07-05 16:24 - 2017-07-05 16:23 - 08153088 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNHP.dll
2017-07-05 16:24 - 2017-07-05 16:23 - 08078848 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNGUI.exe
2017-07-05 16:24 - 2017-07-05 16:23 - 06101504 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2017-07-05 16:24 - 2017-07-05 16:23 - 02230784 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNX.dll
2017-07-05 16:24 - 2017-07-05 16:23 - 01897984 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl
2017-07-05 16:24 - 2017-07-05 16:23 - 01703424 _____ (IDT, Inc.) C:\WINDOWS\sttray64.exe
2017-07-05 16:24 - 2017-07-05 16:23 - 00464384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slapoi64.dll
2017-07-05 16:24 - 2017-07-05 16:23 - 00253952 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNJ.exe
2017-07-05 16:24 - 2017-07-05 16:23 - 00224768 _____ (IDT, Inc.) C:\WINDOWS\system32\HPToneCtrls64.dll
2017-07-05 16:24 - 2017-07-05 16:23 - 00042508 _____ C:\WINDOWS\system32\DREAMWORKS.XML
2017-07-05 16:23 - 2017-07-05 16:23 - 02213376 _____ (IDT, Inc.) C:\WINDOWS\system32\stapo64.dll
2017-07-05 16:23 - 2017-07-05 16:23 - 00697856 ____N (IDT, Inc.) C:\WINDOWS\system32\stapi64.dll
2017-07-05 16:23 - 2017-07-05 16:23 - 00551936 _____ (IDT, Inc.) C:\WINDOWS\system32\Drivers\stwrt64.sys
2017-07-05 16:23 - 2017-07-05 16:23 - 00499200 _____ (IDT, Inc.) C:\WINDOWS\system32\stcplx64.dll
2017-07-05 16:23 - 2017-07-05 16:23 - 00256000 _____ (IDT, Inc.) C:\WINDOWS\system32\st646491.dll
2017-07-03 23:46 - 2017-07-03 23:46 - 00831603 _____ C:\Users\philemer1\Downloads\Boise Private Dining Menu.pdf
2017-07-03 20:11 - 2017-07-03 20:11 - 00065408 _____ C:\Users\philemer1\Downloads\Statement0531170109(2).pdf
2017-07-03 20:10 - 2017-07-03 20:10 - 00048821 _____ C:\Users\philemer1\Downloads\Statement0630170109.pdf
2017-07-02 21:11 - 2017-07-02 21:12 - 10965998 _____ C:\Users\philemer1\Downloads\JCS_Core1_5.17.pdf
2017-07-02 20:43 - 2017-07-02 20:43 - 00258901 _____ C:\Users\philemer1\Downloads\1709101(1).pdf
2017-07-02 20:36 - 2017-07-02 20:36 - 00258901 _____ C:\Users\philemer1\Downloads\1709101.pdf
2017-07-02 19:27 - 2017-07-02 23:32 - 00016156 _____ C:\Users\philemer1\Documents\July, 2017, Unit meeting minutes.odt
2017-06-29 17:35 - 2017-06-29 17:35 - 00532486 _____ C:\Users\philemer1\Downloads\United-Award-Chart(1).pdf
2017-06-29 14:18 - 2017-06-29 14:18 - 00532486 _____ C:\Users\philemer1\Downloads\United-Award-Chart.pdf
2017-06-27 15:29 - 2017-06-27 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-26 10:33 - 2017-06-26 10:33 - 00037241 _____ C:\Users\philemer1\Downloads\Ola I ka ha.pdf
2017-06-26 04:27 - 2017-06-26 04:27 - 00049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-06-26 04:27 - 2017-06-26 04:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-06-26 04:27 - 2017-06-26 04:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-06-26 04:27 - 2017-06-26 04:27 - 00045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-06-24 17:41 - 2017-07-06 17:22 - 00000000 ____D C:\Windows.old
2017-06-24 17:40 - 2017-06-24 17:40 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-24 17:40 - 2017-06-24 17:40 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-24 17:40 - 2017-06-24 17:40 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-24 17:40 - 2017-06-24 17:40 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-24 17:40 - 2017-06-24 17:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-24 17:40 - 2017-06-24 17:40 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-24 17:40 - 2017-06-24 17:40 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-24 17:40 - 2017-06-24 17:40 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-06-24 17:40 - 2017-06-24 17:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-06-24 17:40 - 2017-06-24 17:40 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-06-24 17:40 - 2017-06-24 17:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-24 17:40 - 2017-06-24 17:40 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-24 17:40 - 2017-06-24 17:40 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-24 17:40 - 2017-06-24 17:40 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-24 17:40 - 2017-06-24 17:40 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-24 17:40 - 2017-06-24 17:40 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-06-24 17:40 - 2017-06-24 17:40 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-06-24 17:40 - 2017-06-24 17:40 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-24 17:40 - 2017-06-24 17:40 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-24 17:40 - 2017-06-24 17:40 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-24 17:39 - 2017-06-24 17:39 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-24 17:39 - 2017-06-24 17:39 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-06-24 17:39 - 2017-06-24 17:39 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-24 17:39 - 2017-06-24 17:39 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-24 17:39 - 2017-06-24 17:39 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-24 17:39 - 2017-06-24 17:39 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-24 17:34 - 2017-06-24 17:34 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-06-24 17:34 - 2017-06-24 15:46 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-06-24 17:30 - 2017-06-24 17:30 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-24 17:30 - 2017-06-24 17:30 - 00000000 ____D C:\Program Files\MSBuild
2017-06-24 17:30 - 2017-06-24 17:30 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-24 17:30 - 2017-06-24 17:30 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-24 17:30 - 2017-06-24 17:30 - 00000000 ____D C:\inetpub
2017-06-24 17:30 - 2017-02-10 13:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-06-24 17:30 - 2017-02-10 13:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-24 17:30 - 2017-02-10 13:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-06-24 17:30 - 2017-02-10 13:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-06-24 17:30 - 2017-02-10 13:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-24 17:30 - 2017-02-10 13:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-06-24 17:29 - 2017-06-24 17:29 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-06-24 16:39 - 2017-06-24 16:39 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-24 16:35 - 2017-06-24 16:35 - 00000020 ___SH C:\Users\philemer1\ntuser.ini
2017-06-24 16:10 - 2017-06-24 16:10 - 00000000 _SHDL C:\Users\Default\My Documents
2017-06-24 16:07 - 2017-06-24 16:09 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-06-24 16:07 - 2017-06-24 16:09 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-06-24 16:03 - 2017-07-08 09:01 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4D1277BB-1891-488F-8CBF-6B71F894C884}
2017-06-24 16:03 - 2017-07-08 08:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-24 16:03 - 2017-07-05 10:42 - 00003280 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForphilemer1
2017-06-24 16:03 - 2017-06-24 16:42 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-24 16:03 - 2017-06-24 16:38 - 00003388 _____ C:\WINDOWS\System32\Tasks\Intel® Rapid Start Technology Manager
2017-06-24 16:03 - 2017-06-24 16:03 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-06-24 16:03 - 2017-06-24 16:03 - 00003452 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-06-24 16:03 - 2017-06-24 16:03 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-24 16:03 - 2017-06-24 16:03 - 00003278 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-24 16:03 - 2017-06-24 16:03 - 00003228 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-06-24 16:03 - 2017-06-24 16:03 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-24 16:03 - 2017-06-24 16:03 - 00003054 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - a92f283553d34c388c9519dc330755dcc60bfe0d4e0c4e319f591032c1deb875
2017-06-24 16:03 - 2017-06-24 16:03 - 00003054 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 72c25606d915415d8c77ad4fef95db55f6548b599dcc4ad0919441df28400e7f
2017-06-24 16:03 - 2017-06-24 16:03 - 00003054 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 05ddeb7df0974d8292f9a1038034b8ac309f325913a04a919c30b0972b2983d3
2017-06-24 16:03 - 2017-06-24 16:03 - 00002812 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3581045672-1612819324-1139848935-1002
2017-06-24 16:03 - 2017-06-24 16:03 - 00002758 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - d963eca0bcc3412abe21897c2892815556c20b6dc5bf4be0b3a78d3aa16d88d1
2017-06-24 16:03 - 2017-06-24 16:03 - 00002758 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 5d0c7b7ff57a4c7db0217b01c00dfd9c8892efff74c0498190f7c897fa5816ce
2017-06-24 16:03 - 2017-06-24 16:03 - 00002758 _____ C:\WINDOWS\System32\Tasks\HP AR Program Upload - 586de0718bf24a80a960c5d3bb912cb3a4111b93edc34f19bd02b2c03377510b
2017-06-24 16:03 - 2017-06-24 16:03 - 00002512 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Photosmart 7520 series
2017-06-24 16:03 - 2017-06-24 16:03 - 00002380 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3581045672-1612819324-1139848935-500
2017-06-24 16:03 - 2017-06-24 16:03 - 00002346 _____ C:\WINDOWS\System32\Tasks\YCMServiceAgent
2017-06-24 16:03 - 2017-06-24 16:03 - 00002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2017-06-24 16:03 - 2017-06-24 16:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-06-24 16:03 - 2017-06-24 16:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-06-24 16:03 - 2014-02-08 21:33 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1053612403-34488525-1719042254-500
2017-06-24 16:03 - 2014-01-11 14:26 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1742617748-703038015-3167542582-500
2017-06-24 16:03 - 2013-09-01 09:19 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1314184813-1300351738-2939004454-500
2017-06-24 16:03 - 2013-08-26 00:11 - 00003592 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2323992412-533519598-971084482-500
2017-06-24 15:57 - 2017-06-24 15:57 - 00000000 ____D C:\ProgramData\USOShared
2017-06-24 15:56 - 2017-06-24 15:56 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-24 15:53 - 2017-06-24 15:58 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-06-24 15:52 - 2017-07-04 00:02 - 00000000 ____D C:\Users\philemer1
2017-06-24 15:52 - 2017-06-24 15:52 - 00000000 _SHDL C:\Users\philemer1\My Documents
2017-06-24 15:52 - 2017-06-24 15:52 - 00000000 _SHDL C:\Users\philemer1\Documents\My Videos
2017-06-24 15:52 - 2017-06-24 15:52 - 00000000 _SHDL C:\Users\philemer1\Documents\My Pictures
2017-06-24 15:52 - 2017-06-24 15:52 - 00000000 _SHDL C:\Users\philemer1\Documents\My Music
2017-06-24 15:51 - 2017-07-08 09:00 - 01140106 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-24 15:51 - 2017-06-24 16:02 - 01002010 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-06-24 15:51 - 2017-06-24 15:51 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-06-24 15:50 - 2017-07-08 08:55 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-24 15:50 - 2017-07-08 08:55 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-24 15:50 - 2017-06-24 15:53 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-24 15:50 - 2017-06-24 15:53 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-24 15:50 - 2017-06-24 15:53 - 00000000 ____D C:\Program Files\Intel
2017-06-24 15:50 - 2017-06-24 15:53 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-06-24 15:50 - 2017-06-24 15:50 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-06-24 15:50 - 2017-06-24 15:50 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-06-24 15:50 - 2017-05-01 14:52 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-06-24 15:50 - 2017-05-01 14:51 - 06437312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-06-24 15:50 - 2017-05-01 14:51 - 02479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-06-24 15:50 - 2017-05-01 14:51 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-06-24 15:50 - 2017-05-01 14:51 - 00548800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-06-24 15:50 - 2017-05-01 14:51 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-06-24 15:50 - 2017-05-01 14:51 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-06-24 15:50 - 2017-05-01 14:51 - 00069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-06-24 15:50 - 2017-04-25 15:11 - 07944687 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-06-24 15:50 - 2016-11-01 23:05 - 00103952 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-06-24 15:50 - 2016-11-01 23:05 - 00099848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-06-24 15:49 - 2017-06-24 15:58 - 00000000 ____D C:\ProgramData\Validity
2017-06-24 15:49 - 2017-06-24 15:49 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-06-24 15:49 - 2017-06-24 15:49 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-06-24 15:49 - 2017-06-24 15:49 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-06-24 15:49 - 2017-06-24 15:49 - 00000000 ____D C:\Program Files\Synaptics
2017-06-24 15:49 - 2017-03-18 14:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-24 15:46 - 2017-07-08 09:15 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-24 15:46 - 2017-07-08 08:55 - 00261680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-21 08:42 - 2017-06-24 16:36 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-20 20:44 - 2017-06-20 20:44 - 00246035 _____ C:\Users\philemer1\Downloads\ACFrOgAza0Q0rxv-sfUNHdRsSlDS8SpWV9FmDpAJYYfbl8wHGq_1Qjhx5CiXKrQWp_wR-bo3WxlTAQmJmYwYHDmlpE8ClT1l_egGGVMIGUl-HXd0zvGosbwgo_Cf1cw=
2017-06-20 14:12 - 2017-06-20 23:56 - 00016616 _____ C:\Users\philemer1\Documents\AC & Furnace data.odt
2017-06-17 12:18 - 2017-06-17 12:18 - 00341599 _____ C:\Users\philemer1\Downloads\Statement0430170109(2).pdf
2017-06-17 10:45 - 2017-06-17 10:45 - 00065408 _____ C:\Users\philemer1\Downloads\Statement0531170109(1).pdf
2017-06-17 08:59 - 2017-06-17 08:59 - 00698827 _____ C:\Users\philemer1\Downloads\Statement_Jun 2017 (1).pdf
2017-06-16 11:29 - 2017-06-16 11:29 - 00057206 _____ C:\Users\philemer1\Downloads\michaelsu2nt.pdf
2017-06-15 10:09 - 2017-06-15 10:09 - 01043312 _____ C:\Users\philemer1\Downloads\acadia.pdf
2017-06-15 10:06 - 2017-06-15 10:06 - 00114981 _____ C:\Users\philemer1\Downloads\route01.pdf
2017-06-13 22:39 - 2017-06-13 22:39 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-13 18:52 - 2017-06-13 18:52 - 01123816 _____ C:\Users\philemer1\Downloads\Statement_May 2017(2).pdf
2017-06-13 18:51 - 2017-06-13 18:51 - 00809014 _____ C:\Users\philemer1\Downloads\Statement_May 2017(1).pdf
2017-06-13 18:50 - 2017-06-13 18:50 - 00698828 _____ C:\Users\philemer1\Downloads\Statement_Jun 2017.pdf
2017-06-13 18:50 - 2017-06-13 18:50 - 00596042 _____ C:\Users\philemer1\Downloads\Statement_May 2017.pdf
2017-06-12 14:38 - 2017-06-12 14:39 - 00356053 _____ C:\Users\philemer1\Downloads\ReportCard.pdf
2017-06-11 22:44 - 2017-06-11 22:44 - 00250363 _____ C:\Users\philemer1\Downloads\resortMap.pdf
2017-06-11 22:44 - 2017-06-11 22:44 - 00113693 _____ C:\Users\philemer1\Downloads\roadMap.pdf
2017-06-11 22:43 - 2017-06-11 22:43 - 00220748 _____ C:\Users\philemer1\Downloads\lakeMap.pdf
2017-06-11 21:39 - 2017-06-11 21:39 - 01945267 _____ C:\Users\philemer1\Downloads\Smith%20Lake%20Assessment_201205251155013524.pdf
2017-06-11 21:39 - 2017-06-11 21:39 - 01945267 _____ C:\Users\philemer1\Downloads\Smith%20Lake%20Assessment_201205251155013524(1).pdf
2017-06-11 13:39 - 2017-06-11 13:39 - 00044798 _____ C:\Users\philemer1\Downloads\Conventional-Wisdom-part11-2009-06(2).pdf
2017-06-11 13:38 - 2017-06-11 13:38 - 00038370 _____ C:\Users\philemer1\Downloads\126027M.pdf
2017-06-10 16:35 - 2017-06-10 16:35 - 00192601 _____ C:\Users\philemer1\Downloads\Hyatt-Regency-Boston-Harbor-Fact-Sheet-040616.pdf
2017-06-10 13:43 - 2017-06-10 13:00 - 01117053 _____ C:\Users\philemer1\Documents\World of Hyatt form.PDF
2017-06-10 10:25 - 2017-06-10 10:35 - 00013858 _____ C:\Users\philemer1\Documents\bridge donatio request.odt
2017-06-09 11:56 - 2017-06-09 11:56 - 00316727 _____ C:\Users\philemer1\Downloads\GP160016_PointCombining_RequestForm_EN_00b_R2(2).pdf
2017-06-09 10:33 - 2017-06-09 10:33 - 00316727 _____ C:\Users\philemer1\Downloads\GP160016_PointCombining_RequestForm_EN_00b_R2(1).pdf
2017-06-09 10:27 - 2017-06-09 10:27 - 00316727 _____ C:\Users\philemer1\Downloads\GP160016_PointCombining_RequestForm_EN_00b_R2.pdf
2017-06-09 10:02 - 2017-06-09 10:02 - 00154351 _____ C:\Users\philemer1\Downloads\Point_Combining_RequestForm_En.pdf
2017-06-09 09:14 - 2017-06-09 09:14 - 00180412 _____ C:\Users\philemer1\Downloads\PointCombining_RequestForm_En.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-08 08:57 - 2014-07-28 13:55 - 00000000 ____D C:\Users\philemer1\Documents\Youcam
2017-07-08 08:56 - 2016-11-18 09:02 - 00000000 ____D C:\Users\philemer1\AppData\LocalLow\Mozilla
2017-07-08 08:55 - 2017-03-18 05:40 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-07-08 08:55 - 2015-12-26 13:14 - 00000000 __SHD C:\Users\philemer1\IntelGraphicsProfiles
2017-07-08 08:55 - 2015-12-26 11:35 - 00147656 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_99E320F5.sys
2017-07-07 19:11 - 2014-07-30 12:27 - 00028741 _____ C:\Users\philemer1\Documents\Budget__Family.ods
2017-07-07 17:44 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-06 23:17 - 2016-11-13 20:27 - 00026842 _____ C:\Users\philemer1\Documents\2017 Trips.odt
2017-07-06 17:34 - 2014-07-30 12:27 - 00070630 _____ C:\Users\philemer1\Documents\Recent apps & churn date.ods
2017-07-06 15:41 - 2014-07-29 14:22 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-06 07:31 - 2017-03-18 15:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-05 16:36 - 2016-09-14 12:10 - 00000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForphilemer1.job
2017-07-05 16:24 - 2017-03-18 15:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-05 16:24 - 2014-02-08 21:09 - 00000000 ____D C:\Program Files\IDT
2017-07-05 16:23 - 2013-08-31 21:49 - 00000000 ____D C:\SWSetup
2017-07-04 08:37 - 2016-11-17 23:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-04 08:37 - 2014-10-18 17:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-04 08:36 - 2016-09-26 09:35 - 00000000 ____D C:\Users\philemer1\AppData\Local\ConnectedDevicesPlatform
2017-07-03 20:09 - 2014-07-30 12:27 - 00040392 _____ C:\Users\philemer1\Documents\Open CC.ods
2017-07-02 23:22 - 2016-12-20 11:41 - 00027168 _____ C:\Users\philemer1\Documents\Hawaii 2018.odt
2017-07-02 18:18 - 2016-10-14 20:15 - 00024542 _____ C:\Users\philemer1\Documents\Credit Card Comparison.ods
2017-07-02 13:00 - 2014-07-28 13:54 - 00000000 ____D C:\Users\philemer1\AppData\Local\Packages
2017-07-02 08:02 - 2014-07-30 12:27 - 00040607 _____ C:\Users\philemer1\Documents\All miles and points_OD.ods
2017-07-01 20:47 - 2017-06-04 14:53 - 00020244 _____ C:\Users\philemer1\Documents\June, 2017, Unit meeting mintes.odt
2017-06-27 17:25 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-27 15:36 - 2014-11-09 13:38 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 15:30 - 2016-11-17 17:46 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-27 12:46 - 2014-07-30 12:27 - 00046909 _____ C:\Users\philemer1\Documents\Freq Flyer Programs.odt
2017-06-26 20:10 - 2017-01-13 11:56 - 00020784 _____ C:\Users\philemer1\Documents\Kitchen Remodel subs.odt
2017-06-26 08:56 - 2014-08-04 15:14 - 00000000 ____D C:\Users\philemer1\AppData\Local\Spotify
2017-06-26 08:56 - 2014-08-04 15:13 - 00000000 ____D C:\Users\philemer1\AppData\Roaming\Spotify
2017-06-25 06:35 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-06-24 19:00 - 2017-03-18 14:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-24 17:45 - 2017-03-18 15:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-06-24 17:41 - 2017-03-18 15:06 - 00000000 ____D C:\WINDOWS\Setup
2017-06-24 17:41 - 2017-03-18 15:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-24 17:41 - 2017-03-18 15:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-24 17:41 - 2017-03-18 15:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-24 17:41 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-06-24 17:41 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-24 17:41 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-24 17:41 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-06-24 17:41 - 2017-03-18 15:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-24 17:41 - 2017-03-18 15:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-24 17:41 - 2017-03-18 05:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-06-24 17:30 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-06-24 17:30 - 2017-03-18 14:59 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-06-24 17:30 - 2017-03-18 14:59 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-06-24 17:30 - 2017-03-18 14:59 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-06-24 17:30 - 2017-03-18 14:59 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-06-24 17:30 - 2017-03-18 14:59 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-06-24 17:30 - 2017-03-18 14:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-06-24 17:30 - 2017-03-18 14:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-06-24 17:30 - 2017-03-18 14:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-06-24 17:30 - 2017-03-18 14:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-06-24 17:30 - 2017-03-18 14:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-06-24 17:30 - 2017-03-18 14:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-06-24 17:30 - 2017-03-18 14:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-06-24 17:30 - 2017-03-18 14:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-06-24 17:30 - 2017-03-18 14:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-06-24 17:30 - 2017-03-18 14:56 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2017-06-24 17:30 - 2017-03-18 14:56 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2017-06-24 17:30 - 2017-03-18 14:56 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2017-06-24 17:30 - 2017-03-18 14:56 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2017-06-24 17:30 - 2017-03-18 14:56 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2017-06-24 17:30 - 2017-03-18 14:56 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2017-06-24 17:30 - 2017-03-18 14:56 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2017-06-24 17:30 - 2017-03-18 14:56 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2017-06-24 17:30 - 2017-03-18 14:56 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2017-06-24 17:30 - 2017-03-18 14:56 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2017-06-24 17:30 - 2017-03-18 14:56 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2017-06-24 17:30 - 2017-03-18 14:56 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2017-06-24 17:30 - 2017-03-18 14:56 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2017-06-24 17:30 - 2017-03-18 14:56 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2017-06-24 17:30 - 2017-03-18 14:56 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2017-06-24 17:30 - 2017-03-18 14:56 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2017-06-24 17:30 - 2017-03-18 14:56 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2017-06-24 17:30 - 2017-03-18 14:56 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2017-06-24 16:42 - 2015-12-26 13:17 - 00002386 _____ C:\Users\philemer1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-24 16:42 - 2015-12-26 13:17 - 00000000 ___RD C:\Users\philemer1\OneDrive
2017-06-24 16:36 - 2017-03-18 15:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-24 16:36 - 2014-07-28 21:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-24 16:09 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-06-24 16:09 - 2017-03-18 05:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-24 16:07 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\Registration
2017-06-24 16:07 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-06-24 16:03 - 2017-03-18 20:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-06-24 16:03 - 2015-12-26 11:39 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-06-24 16:02 - 2017-03-18 15:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-24 15:59 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-06-24 15:58 - 2017-05-23 19:58 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-06-24 15:58 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-24 15:58 - 2017-03-18 15:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-24 15:58 - 2017-03-12 12:22 - 00000000 ____D C:\Users\philemer1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bridge Master 2000 Audrey Grant
2017-06-24 15:58 - 2017-01-25 05:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-06-24 15:58 - 2016-10-28 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0
2017-06-24 15:58 - 2016-09-29 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-06-24 15:58 - 2015-12-26 14:35 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2017-06-24 15:58 - 2015-12-14 23:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Learn to Play Bridge
2017-06-24 15:58 - 2014-12-19 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-24 15:58 - 2014-12-13 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-24 15:58 - 2014-07-29 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-24 15:58 - 2014-02-08 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-06-24 15:58 - 2014-02-08 21:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-06-24 15:58 - 2014-02-08 21:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-06-24 15:58 - 2014-01-11 13:59 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-06-24 15:58 - 2014-01-11 13:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-06-24 15:58 - 2014-01-11 13:52 - 00000000 ____D C:\WINDOWS\en
2017-06-24 15:58 - 2014-01-11 13:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2017-06-24 15:58 - 2014-01-11 13:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-06-24 15:57 - 2017-03-18 15:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-06-24 15:54 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-24 15:54 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-24 15:54 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-24 15:54 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-24 15:54 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-24 15:54 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-06-24 15:54 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-24 15:54 - 2014-01-11 13:49 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-06-24 15:54 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2017-06-24 15:54 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2017-06-24 15:53 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-06-24 15:53 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\InputMethod
2017-06-24 15:53 - 2017-03-18 15:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-24 15:53 - 2017-02-22 11:18 - 00000000 ____D C:\Users\philemer1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goto.Games
2017-06-24 15:53 - 2016-05-31 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-06-24 15:53 - 2015-10-09 19:05 - 00000000 ____D C:\Users\philemer1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk
2017-06-24 15:53 - 2014-01-11 13:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2017-06-24 15:53 - 2014-01-11 13:45 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-06-24 15:51 - 2017-03-18 05:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-06-24 15:50 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\Help
2017-06-22 11:02 - 2016-02-25 11:02 - 00020767 _____ C:\Users\philemer1\Documents\worldmark & Wyndham.ods
2017-06-15 08:52 - 2014-07-30 12:27 - 00042090 _____ C:\Users\philemer1\Documents\Our Timeshares.ods
2017-06-13 22:40 - 2014-12-19 10:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-13 22:40 - 2014-12-19 10:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-13 22:20 - 2014-07-30 09:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-13 22:17 - 2014-07-30 09:55 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-10 12:35 - 2016-11-17 17:51 - 00000000 ___RD C:\Users\philemer1\Dropbox
2017-06-10 12:35 - 2016-11-17 17:46 - 00000000 ____D C:\Users\philemer1\AppData\Local\Dropbox

==================== Files in the root of some directories =======

2014-07-28 14:38 - 2014-07-28 14:38 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-04 17:29

==================== End of FRST.txt ============================


Edited by philemer, 08 July 2017 - 10:34 AM.


#13 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:49 PM

Posted 08 July 2017 - 04:55 PM

That’s looking somewhat better but there are things that still need to be dealt with.

================================================

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://my.yahoo.com/
SearchScopes: HKLM -> {5EA47470-B9B7-4A60-8ACB-0EB88E902EB1} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3581045672-1612819324-1139848935-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3581045672-1612819324-1139848935-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
CHR Extension: (Chrome Web Store Payments) - C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-06]
CHR Extension: (Chrome Media Router) - C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-06]
Task: {22D24F5F-BC8F-4B5E-AB23-23B3A6D5A37E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {33B9EC48-B939-4512-AA92-0F171FD7496A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3F4711C1-2202-4D15-AF7F-4C8F7BA75070} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {401A4C41-4A12-4FF5-88AC-3944A2654103} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9F7BBA20-7F50-4963-9496-54905BBA3FD7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CA8E2BB2-E932-4F30-BB3D-9FAEC507CA4D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E87B0D7D-76C8-4A1E-8237-3E084C1DEC73} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F249BC45-ADE7-46CB-AFAA-02FAA213331F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F4EAE9D5-A1F9-45AC-AB40-E56E84D6EE09} - \WPD\SqmUpload_S-1-5-21-3581045672-1612819324-1139848935-1002 -> No File <==== ATTENTION
CMD: ipconfig /flushdns
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Run Malwarebytes Anti-Malware

Please download and run the installer for Malwarebytes 3.0.

  • follow the prompts to install the program, (Malwarebytes 3.0 will automatically upgrade Malwarebytes Anti-Malware 2.x to Malwarebytes 3.0)
  • at the end, be sure a checkmark is placed next to the following
    • Launch Malwarebytes Anti-Malware
    • a 14 day trial of the Premium features is pre-selected: deselect this if you don’t want it, (it won’t diminish the scanning and removal capabilities of the program)
  • click Finish
  • on the Dashboard, click Update Now
  • after the update completes, click the Scan Now' button
  • if an update is available, clicking the Update Now button will update it
  • a Threat Scan will begin.
  • when the scan is complete, if malware has been detected, click Apply Actions to allow MBAM to clean what was found
  • when the prompt to restart the computer appears, click Yes
  • after the restart once you are back at your desktop, open MBAM once more
  • click on the ‘History’ tab, the ‘Application Logs’
  • double-click on the scan log which shows the date and time of the scan just performed
  • click Copy to Clipboard
  • please paste the contents of the clipboard into your reply.

Logs to include with the next post:

Fixlog.txt
Mbam.txt


Can you tell me if there are any outstanding problems.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 philemer

philemer
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 AM

Posted 09 July 2017 - 11:44 AM

That’s looking somewhat better but there are things that still need to be dealt with.

================================================

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
HKU\S-1-5-21-3581045672-1612819324-1139848935-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://my.yahoo.com/
SearchScopes: HKLM -> {5EA47470-B9B7-4A60-8ACB-0EB88E902EB1} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3581045672-1612819324-1139848935-1002 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3581045672-1612819324-1139848935-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
CHR Extension: (Chrome Web Store Payments) - C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-06]
CHR Extension: (Chrome Media Router) - C:\Users\philemer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-06]
Task: {22D24F5F-BC8F-4B5E-AB23-23B3A6D5A37E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {33B9EC48-B939-4512-AA92-0F171FD7496A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3F4711C1-2202-4D15-AF7F-4C8F7BA75070} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {401A4C41-4A12-4FF5-88AC-3944A2654103} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9F7BBA20-7F50-4963-9496-54905BBA3FD7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CA8E2BB2-E932-4F30-BB3D-9FAEC507CA4D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E87B0D7D-76C8-4A1E-8237-3E084C1DEC73} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F249BC45-ADE7-46CB-AFAA-02FAA213331F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F4EAE9D5-A1F9-45AC-AB40-E56E84D6EE09} - \WPD\SqmUpload_S-1-5-21-3581045672-1612819324-1139848935-1002 -> No File <==== ATTENTION
CMD: ipconfig /flushdns
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Run Malwarebytes Anti-Malware

Please download and run the installer for Malwarebytes 3.0.

  • follow the prompts to install the program, (Malwarebytes 3.0 will automatically upgrade Malwarebytes Anti-Malware 2.x to Malwarebytes 3.0)
  • at the end, be sure a checkmark is placed next to the following
    • Launch Malwarebytes Anti-Malware
    • a 14 day trial of the Premium features is pre-selected: deselect this if you don’t want it, (it won’t diminish the scanning and removal capabilities of the program)
  • click Finish
  • on the Dashboard, click Update Now
  • after the update completes, click the Scan Now' button
  • if an update is available, clicking the Update Now button will update it
  • a Threat Scan will begin.
  • when the scan is complete, if malware has been detected, click Apply Actions to allow MBAM to clean what was found
  • when the prompt to restart the computer appears, click Yes
  • after the restart once you are back at your desktop, open MBAM once more
  • click on the ‘History’ tab, the ‘Application Logs’
  • double-click on the scan log which shows the date and time of the scan just performed
  • click Copy to Clipboard
  • please paste the contents of the clipboard into your reply.

Logs to include with the next post:

Fixlog.txt
Mbam.txt


Can you tell me if there are any outstanding problems.

Satchfan

 

 

fixlist.txt attempt did not work. Here's what I did:

 

1 opened new notepad window and pasted your text into it

2. saved it as fixlist.txt

3. copied and moved it into the FRST log folder

4. ran FRST again and it could not detect firxtlist.txt- sorry but not sure what I did wrong

 

Then ran MBAM 3.0 and the results are below:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 7/9/17
Scan Time: 10:18 AM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2325
License: Trial

-System Information-
OS: Windows 10 (Build 15063.413)
CPU: x64
File System: NTFS
User: Envy-Laptop\philemer1

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 394309
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 3 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.MindSpark, C:\USERS\PHILEMER1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage, Quarantined, [283], [240305],1.0.2325
PUP.Optional.MindSpark, C:\USERS\PHILEMER1\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage-journal, Quarantined, [283], [240305],1.0.2325

Physical Sector: 0
(No malicious items detected)


(end)

 

I don't have any visible problems with my system. Can we stop now or do you want to retry anything?  If so I guess I need  more complete instruction as I did something wrong. :-)

Thanks much.


Edited by philemer, 09 July 2017 - 01:11 PM.


#15 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:49 PM

Posted 09 July 2017 - 02:01 PM

Your computer is fine.

 

Although you have no obvious problems there are still some settings in the registry that you could do without but we need to do a further scan to make sure that what Malwarebytes found is no longer on your computer.

 

Run Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • after extraction, double-click on the new Start Emsisoft Emergency Kit icon on your desktop
  • the first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates: click Yes so that it downloads the latest database updates
  • when update the is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning
  • when the scan has completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan
  • when the threats have been quarantined, click the View report button in the lower-right corner and the scan log will open in Notepad
  • please save the Notepad log on your desktop and post the contents in your next reply
  • when you close Emsisoft Emergency Kit it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

Satchfan

 

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users