Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Groovorio


  • This topic is locked This topic is locked
11 replies to this topic

#1 MrBeer

MrBeer

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 25 November 2017 - 11:31 AM

I have picked up groovorio which Malwarebytes finds and I quarantine and I rerun Malwarebytes after quarantining groovorion it is still there.

Below is Malwarebytes report.

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 11/14/17
Scan Time: 11:22 AM
Log File: 06913276-c958-11e7-a76c-34e6d7068052.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3254
License: Premium
 
-System Information-
OS: Windows 10 (Build 15063.674)
CPU: x64
File System: NTFS
User: System
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 486953
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 1 hr, 1 min, 21 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 2
PUP.Optional.Groovario, C:\USERS\BOB'S DELL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [16176], [455244],1.0.3254
PUP.Optional.Groovario, C:\USERS\BOB'S DELL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [16176], [455244],1.0.3254
 
Physical Sector: 0
(No malicious items detected)
 
 

(end) 

 

Any Help would be appreciated 

MrBeer



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 PM

Posted 26 November 2017 - 08:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

To remove this you will possibly have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Run Malwarebyte normally.

If you need additional help please run this program.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs

Wait for further instructions.

#3 MrBeer

MrBeer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 28 November 2017 - 10:30 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2017 01
Ran by Bob's Dell (27-11-2017 09:30:56)
Running from C:\Users\Bob's Dell\Downloads
Windows 10 Pro Version 1703 15063.726 (X64) (2017-05-12 17:41:08)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3244128890-3775068740-4053759828-500 - Administrator - Disabled)
Bob's Dell (S-1-5-21-3244128890-3775068740-4053759828-1000 - Administrator - Enabled) => C:\Users\Bob's Dell
DefaultAccount (S-1-5-21-3244128890-3775068740-4053759828-503 - Limited - Disabled)
Guest (S-1-5-21-3244128890-3775068740-4053759828-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3244128890-3775068740-4053759828-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1Password 4.6.2.626 (HKLM-x32\...\1Password4_is1) (Version: 4.0 - AgileBits)
Acronis True Image (HKLM-x32\...\{8404919F-69E9-47C4-8AC5-6820415748D1}) (Version: 21.0.6209 - Acronis) Hidden
Acronis True Image (HKLM-x32\...\{8404919F-69E9-47C4-8AC5-6820415748D1}Visible) (Version: 21.0.6209 - Acronis)
ActiveHome Pro (HKLM-x32\...\ActiveHomePro) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 26.0.0.118 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Photoshop Elements 13 (HKLM-x32\...\{609818B9-23EB-4196-B466-EFE05E92A32F}) (Version: 13.1 - Adobe Systems Incorporated)
AHP version 3.318 (HKLM-x32\...\{7E1B8A7A-AEE1-439B-A61F-56D8C1D4AE6D}_is1) (Version: 3.318 - tuicemen software)
ANT Drivers Installer x64 (HKLM\...\{B9218A36-7AD3-4046-8D77-31F51DC0D795}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D811A40A-9791-497C-B9DC-2D89C8E95EA1}) (Version: 6.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{8B47B514-F5D2-4E0D-B951-6E250618A7CD}) (Version: 6.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{31A0B634-BCF4-4D3F-8336-87FEACFEE142}) (Version: 11.0.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Avast Pro Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version:  - )
Canon MX710 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX710_series) (Version:  - Canon Inc.)
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - Canon Inc.)
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.34 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6282 - CDBurnerXP)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 8.0.4.3 - Foolish IT LLC)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.3.1 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{99B7C4B5-DC14-441D-A5B6-7340F682BC81}) (Version: 3.1.1117.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 4.0.18189 - Invincea, Inc.)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell System Detect (HKU\S-1-5-21-3244128890-3775068740-4053759828-1000\...\d24084d039586cae) (Version: 8.5.0.4 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.2207.101.108 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
Dropbox (HKLM-x32\...\Dropbox) (Version: 39.4.49 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Elevated Installer (HKLM-x32\...\{B85F70BE-A5A3-48A2-A790-AF6001F026E0}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
Fidelity Active Trader Pro® (HKU\S-1-5-21-3244128890-3775068740-4053759828-1000\...\a36ba76f6187edff) (Version: 10.6.706.0 - Fidelity Investments)
Fidelity Active Trader Pro® DEMO (HKU\S-1-5-21-3244128890-3775068740-4053759828-1000\...\53caeafee91400dd) (Version: 10.41.106.0 - Fidelity Investments)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
FreeOCR v5.4 (HKLM-x32\...\freeocr_is1) (Version:  - )
Garmin City Navigator North America NT 2016.10 (HKLM-x32\...\{F9390291-4BC2-411B-A41E-A843AC632FB1}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5b328687-2baf-4fb6-b6c7-c49fb4840cba}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5F4164CE-621E-4AFD-BBFE-1BBE2299710E}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{4E9533AB-7743-4B73-A5D2-42207E159E11}) (Version: 5.7.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapInstall (HKLM-x32\...\{F0D44E64-51EE-4888-A1FD-F13108B75A43}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin POI Loader (HKLM-x32\...\{3213ED5E-7BBE-4613-BE69-8B1E4FE520DD}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Drive (HKLM-x32\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{FF99A618-BCA5-4658-B9FF-CCF57C177610}) (Version: 7.1.0.34 - Apple Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{4e75a24b-6cc4-4a46-accf-525f8a08c533}) (Version: 10.1.1.18 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation)
Intel® Network Connections 19.2.104.00 (HKLM\...\PROSetDX) (Version: 19.2.104.00 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1449.356) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0506 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{552523b2-40ad-46b3-94f6-2b99d0860d5c}) (Version: 18.40.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
Java 8 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation)
MAGIX 3D Maker (embedded MSI) (HKLM-x32\...\{BEDE9FAE-E4B4-4651-A0DE-0EA991C7AF94}) (Version: 6.0.0.10 - MAGIX AG)
MAGIX PhotoStory on CD & DVD 9 deluxe (HKLM-x32\...\{5AA8442F-47E9-4616-BB51-E3A551F4C81F}) (Version: 9.0.3.2 - MAGIX AG) Hidden
MAGIX PhotoStory on CD & DVD 9 deluxe (HKLM-x32\...\MAGIX_MSI_Fotos_auf_CD_DVD_9_dlx) (Version: 9.0.3.2 - MAGIX AG)
MAGIX PhotoStory on DVD 2013 Deluxe (HKLM\...\{06974942-B91E-4211-BABB-A2CC99CF64A7}) (Version: 12.0.2.78 - MAGIX AG) Hidden
MAGIX PhotoStory on DVD 2013 Deluxe (HKLM-x32\...\MAGIX_{06974942-B91E-4211-BABB-A2CC99CF64A7}) (Version: 12.0.2.78 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\{CA064946-7770-4590-B1C9-5C0AC73C38FC}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed 2 (MSI) (HKLM-x32\...\{999CED54-DFBD-4ED6-97FC-23D6E6052716}) (Version: 6.0.1.2 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM\...\{DC2D57A3-59E2-41D8-B382-85A0EEB4FC50}) (Version: 7.0.1.27 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MAGIX_{DC2D57A3-59E2-41D8-B382-85A0EEB4FC50}) (Version: 7.0.1.27 - MAGIX AG)
MAGIX Xtreme Photo Designer 6 (HKLM-x32\...\{6C8F82F7-BE6A-4D5E-9F86-5EE7B6A6E1AC}) (Version: 6.0.29.0 - MAGIX AG)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6005.4 - Waves Audio Ltd.) Hidden
Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{C058FC5D-565F-4360-A562-0527A3D993DC}) (Version: 2.3.2211 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3244128890-3775068740-4053759828-1000\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft OneNote Home and Student 2016 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.8625.2127 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
Mozy Restore Manager (HKLM-x32\...\{ACBF3584-2D91-4EB1-9EFF-8DCECB2A7A84}) (Version: 2.2.1.564 - Mozy, Inc)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.28.00 - NETGEAR Inc.)
NETGEAR USB Control Center   (HKLM-x32\...\{A98ED5B6-8D40-4D1A-ADC5-86D45AD4F7AD}) (Version: 1.36 - NETGEAR)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\{1BCDE46C-168C-463A-81F4-B763F2D20537}) (Version: 3.0.08.52 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{1BCDE46C-168C-463A-81F4-B763F2D20537}) (Version: 3.0.08.52 - O2Micro International LTD.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Photo Transfer App (HKLM-x32\...\com.erclab.air.phototransferapp) (Version: 2.4 - UNKNOWN)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.11.1 - Intuit)
Quicken 2017 (HKLM-x32\...\{E5AE4F66-CDA1-432A-A69E-C685D454ABDA}) (Version: 26.1.15.5 - Quicken)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6075 - Realtek Semiconductor Corp.)
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SPANISH for PC version 1 (HKLM-x32\...\{475EB026-A824-43DF-94FD-856568F70F26}_is1) (Version: 1 - Bilingual Books Inc.)
Splashtop Personal (HKLM-x32\...\{E7CF0F14-8C1D-41F3-85ED-579C108262C7}) (Version: 2.6.4.0 - Splashtop Inc.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0067 - ST Microelectronics)
System Mechanic (HKLM-x32\...\{BF979795-8FC8-4FB5-AC26-CC753CA140BE}) (Version: 17.0.1.11 - iolo technologies, LLC) Hidden
System Mechanic (HKLM-x32\...\InstallShield_{BF979795-8FC8-4FB5-AC26-CC753CA140BE}) (Version: 17.0.1.11 - iolo technologies, LLC)
System Mechanic (HKLM-x32\...\InstallShield_{DD0DFA41-5139-45D0-986C-3C1A5C648CAA}) (Version: 16.5.3.1 - iolo technologies, LLC)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Intel Corporation (iaStorA) HDC  (07/22/2015 14.5.2.1088) (HKLM\...\03D7382F4D343B67528506692B8E766E0C24EB23) (Version: 07/22/2015 14.5.2.1088 - Intel Corporation)
Windows Driver Package - Intel Corporation (iaStorA) HDC  (11/17/2015 14.8.1.1043) (HKLM\...\C3968081C27DE5E6D26026C92CEE47C38A86ADE8) (Version: 11/17/2015 14.8.1.1043 - Intel Corporation)
Windows Driver Package - Intel Corporation (iaStorA) SCSIAdapter  (07/22/2015 14.5.2.1088) (HKLM\...\E79C25EABD7A8E254C0B6F6BB06FBF0BD676BB86) (Version: 07/22/2015 14.5.2.1088 - Intel Corporation)
Windows Driver Package - Intel Corporation (iaStorA) SCSIAdapter  (11/17/2015 14.8.1.1043) (HKLM\...\A0A971B6BB8AC48E328E1BA665EEE9B5663C890C) (Version: 11/17/2015 14.8.1.1043 - Intel Corporation)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windscribe version 1.70 build 4 (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.70 build 4 - Windscribe)
WordPerfect Office 2002 OEM (HKLM-x32\...\{29D88826-2AB9-11D5-8854-00902761A46D}) (Version: 10 - Corel) Hidden
WordPerfect Office 2002 OEM (HKLM-x32\...\WordPerfect Office 2002 OEM) (Version:  - )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3244128890-3775068740-4053759828-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [     AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-03-02] ()
ShellIconOverlayIdentifiers: [     AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-03-02] ()
ShellIconOverlayIdentifiers: [     AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-03-02] ()
ShellIconOverlayIdentifiers: [     AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-03-02] ()
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-26] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-26] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-17] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-26] (AVAST Software)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers1: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\System Mechanic\Incinerator.dll [2017-06-27] (iolo technologies, LLC)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2017-10-19] (Apple Inc.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-26] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-10] (Google)
ContextMenuHandlers4: [Incinerator] -> {E8215BEA-3290-4C73-964B-75502B9B41B2} => C:\Program Files (x86)\System Mechanic\Incinerator.dll [2017-06-27] (iolo technologies, LLC)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-10-24] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2016-10-24] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2017-11-17] ()
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-26] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {025393CF-2D29-44F6-B753-97E226A490AD} - System32\Tasks\CryptoPrevent Update => C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPrevent.exe [2017-10-05] (Foolish IT LLC)
Task: {04EB0E8A-B407-4351-B0B0-2A155537A585} - System32\Tasks\ioloTUDsDownloader => C:\Program Files (x86)\System Mechanic\ioloSmartUpdater.exe [2017-06-27] (iolo technologies, LLC)
Task: {0E9B0B5C-9FF3-4A29-8479-0868A68DD87B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0EE39237-7ACA-4E80-943D-461F2A797E44} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {0FBA0914-BB81-4C1E-9C06-32C7C0F36166} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {13CA29AB-FB98-44C9-AC88-361BFD85BD2E} - System32\Tasks\SafeZone scheduled Autoupdate 1450811402 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-08-04] (Avast Software)
Task: {1B00DE87-7499-4BAA-9E4A-BB940ADA25DE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-09-26] (Dropbox, Inc.)
Task: {1CEF15FD-60FD-41C9-B6A3-B8D8002CE7FA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-26] (Piriform Ltd)
Task: {1FDE9238-BD6C-4BA1-86A9-5908A6FA015D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {27DEBC22-170E-444E-BD38-425B3C0A6FEE} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2956E29D-A64D-413D-B892-F5AA2AC347BB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2AA1C6C5-1360-4170-A641-A8FCF71B9FB9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {32659F15-3F1C-45EF-A74B-71327AD98A18} - System32\Tasks\AdobeAAMUpdater-1.0-BobsDell-PC-Bob's Dell => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {393BC13E-BD8E-48DA-A6E8-89644765D8BF} - System32\Tasks\ioloSmartUpdater => C:\Program Files (x86)\System Mechanic\ioloSmartUpdater.exe [2017-06-27] (iolo technologies, LLC)
Task: {3999671B-80BF-4CDF-A95C-93FD2F0FE480} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3A9B9CEB-9981-4598-A958-47F26DC4CECD} - System32\Tasks\ioloToaster => C:\Program Files (x86)\System Mechanic\ioloToaster.exe [2017-06-27] (iolo technologies, LLC)
Task: {3CBC40D7-5079-4162-B3CF-8BB086B1F88F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {49072A42-1C33-4821-800D-28DD295D6786} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4CE93E3A-904A-4304-B28E-908FBD2C9981} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-12-10] (Realtek Semiconductor)
Task: {4FF356D2-FE47-4920-B00B-3E8B260DCA26} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {528B6446-B6F7-44E3-AA71-6203798B4E57} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {53C82D5D-CAA2-4928-AD01-FD5CA9402E42} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {54109BBB-2683-44C6-91B1-2BE1D8DD35E5} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-10-09] ()
Task: {54C24529-FE0D-45F3-921C-72B199731A29} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5C51D6C7-CE08-433D-A6AB-7D0824DD9BDD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {63882D74-4B0D-4654-86EE-D96AE3948093} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6563DB5C-54FD-4007-98A3-1F779956369C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6699E251-A260-40CE-9B14-4B8D4F8B0340} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-26] (AVAST Software)
Task: {67A0748C-7691-4099-B996-002FC2F3E33B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-11-15] (Microsoft Corporation)
Task: {6A73D90C-B17C-4761-8357-1A346F1A3327} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {6BC9FEFB-CBC5-48BF-8748-176A6CEA6EE9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-02] (Microsoft Corporation)
Task: {74B79B52-5FD9-4C14-BAB0-205B4C4DD9F9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {74BB2D74-68D9-4B21-8B7E-DF81F3440AA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {79E85422-7627-4E17-BF12-00E65E9365FC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {7BE089A2-9843-4396-A1FC-D4BD1BF89449} - System32\Tasks\{749D9438-EFCF-4499-B503-D86D6A869B30} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSU.exe" -c /UninstallRemove C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\uninst.ini <==== ATTENTION
Task: {7D8B7781-D5F1-404A-B496-8B91A6A62AB2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {7E5C1BF7-4A33-491D-B08E-46B026B3E961} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-27] ()
Task: {86604DDA-E5A2-409E-BB95-AD14C254940A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {87EFFD35-58C4-4CA6-9C9C-ADBD5F86F865} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {8D269BC6-F661-4857-82A0-59AF89998A9C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8E6710CB-0CA5-4302-917A-E1FACA615DD4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9020D4CB-C50F-49D9-A075-72179DC0E1A2} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\System Mechanic\iologovernor64.exe [2017-06-27] (iolo technologies, LLC)
Task: {92BE7943-78D8-4C4B-883D-3B2AAF434323} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {956E5D6B-B7F3-4C65-9555-D510764398D4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {A2FAB866-53F5-487F-A773-14B2F24529E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {A4611457-7528-4789-99C8-CDB3980C9481} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A92FEBB9-9355-4369-8034-7154DDF54304} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {AA09421C-6384-4C3D-88EB-0CA913D001FE} - System32\Tasks\ioloActiveCare => C:\Program Files (x86)\System Mechanic\SystemMechanic.exe [2017-06-27] (iolo technologies, LLC)
Task: {B1450FE1-82E8-40F1-8F3F-5749E0F9E20E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B76C131C-133A-45A9-A16A-643FA5E43F47} - System32\Tasks\Dell\Command Update => C:\Program Files (x86)\Dell\CommandUpdate\DellCommandUpdate.exe [2017-05-30] (Dell Inc.)
Task: {BA7F3875-7416-4EF5-B045-A03824D3AFA2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD1BB27C-5E00-4724-AFB6-C9C145EC4A66} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C1913C94-0842-490C-B755-F95332E09ABA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C4E48C34-ADDC-4041-8BB9-CAFE2C199FD0} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CA7B729F-43F4-4083-8F30-6C336CF72417} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {CD8FB594-5DC0-423A-8BA1-3EF8AF2B6738} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CE4EEC05-AE50-4266-B124-7496745958B2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D1DC68A4-98AB-4E28-A3AB-57E2DAE194CC} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-09-26] (Dropbox, Inc.)
Task: {D9D73F08-B430-4CB7-8E6C-BAFBFF0CBFFA} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {DA5EBFDD-F0C4-44BB-802B-EC827B4A9BF5} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DA9D1E83-01AA-4187-BDB9-6D13247DE477} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DCCEC6D9-E34F-4A14-AEFA-2A14AED52435} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-27] ()
Task: {DCFF048E-C5EC-49FF-9C80-615995C5703E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-02] (Microsoft Corporation)
Task: {DEFA4483-6F0A-4CCD-B0DA-A50264D1B0B7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E1F7B6F4-B533-4796-A3B2-BF537AC7B33E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {E2CD16C4-7DF7-4BB0-917C-46CCDAA9769E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {E34C81CD-6D44-4E22-BDA2-579A3D5199E2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E5509C74-F810-401A-AB3F-97C8AFBEE78F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EEBCACEE-F1E6-4733-8605-4054B40682B3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FFD0BCF8-7926-4344-A2B0-908C275D350D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-01 17:12 - 2016-09-01 17:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 22:51 - 2017-10-18 22:51 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-04-08 14:09 - 2017-04-08 14:09 - 001279464 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
2017-06-30 09:13 - 2017-06-30 09:13 - 006086232 _____ () C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
2017-10-02 11:38 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-10-02 11:38 - 2017-11-01 08:54 - 002358736 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-02 10:46 - 2017-03-02 10:46 - 005823600 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2017-03-18 15:58 - 2017-03-18 15:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-06-23 23:53 - 2016-10-24 19:09 - 000384496 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-04-08 13:59 - 2017-04-08 13:59 - 000589104 _____ () C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
2017-10-20 14:22 - 2017-10-20 14:22 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-10-20 14:22 - 2017-10-20 14:22 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-06-22 16:57 - 2017-06-22 16:57 - 005118944 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
2013-07-29 10:28 - 2013-07-29 10:28 - 004114944 _____ () C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
2017-03-07 10:57 - 2017-03-07 10:57 - 007014728 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2017-09-13 17:33 - 2017-09-13 17:33 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-03-18 15:59 - 2017-03-18 21:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-26 08:11 - 2017-11-26 08:11 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-11-16 09:05 - 2017-11-10 04:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-16 09:05 - 2017-11-10 04:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-06-22 16:55 - 2017-06-22 16:55 - 003638232 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2017-06-22 16:55 - 2017-06-22 16:55 - 001315464 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\services_mms_addon.dll
2016-08-29 20:16 - 2016-08-29 20:16 - 000685488 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll
2017-06-22 16:54 - 2017-06-22 16:54 - 020922488 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2017-06-22 15:24 - 2017-06-22 15:24 - 000397232 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2016-08-15 10:28 - 2016-08-15 10:28 - 000129968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2017-03-07 10:48 - 2017-03-07 10:48 - 000248240 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2016-11-23 13:41 - 2016-11-23 13:41 - 000160168 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\libevent.dll
2017-11-26 08:11 - 2017-11-26 08:11 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-26 08:11 - 2017-11-26 08:11 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-07-10 16:31 - 2017-07-10 16:31 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-26 08:11 - 2017-11-26 08:11 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-26 08:11 - 2017-11-26 08:11 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-26 08:10 - 2017-11-26 08:10 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-10-18 22:52 - 2017-10-18 22:52 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-10-18 22:51 - 2017-10-18 22:51 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-11-27 12:46 - 2016-03-17 16:04 - 000376832 _____ () C:\Program Files (x86)\1Password 4\js3215R.dll
2017-06-22 15:23 - 2017-06-22 15:23 - 007996848 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_resources.dll
2017-06-22 15:24 - 2017-06-22 15:24 - 000049584 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
2016-08-29 22:57 - 2016-08-29 22:57 - 000444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2016-08-29 20:16 - 2016-08-29 20:16 - 000115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll
2017-11-15 16:16 - 2017-11-13 05:26 - 000725312 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-11-15 16:16 - 2017-11-13 05:26 - 002075456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-10-05 07:06 - 2017-11-13 05:26 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-10-05 07:06 - 2017-11-13 05:28 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-11-15 16:16 - 2017-11-13 05:26 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-11-15 16:16 - 2017-11-13 05:26 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-10-05 07:06 - 2017-11-13 05:26 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-10-05 07:06 - 2017-11-13 05:29 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-11-15 16:16 - 2017-11-13 05:26 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-11-15 16:16 - 2017-11-13 05:26 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-10-05 07:06 - 2017-11-13 05:28 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-10-05 07:06 - 2017-11-13 05:29 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-10-05 07:06 - 2017-11-13 05:29 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-10-05 07:06 - 2017-11-13 05:29 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-10-05 07:06 - 2017-11-13 05:29 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000155464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-10-05 07:06 - 2017-11-13 05:29 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-10-05 07:06 - 2017-11-13 05:29 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-10-05 07:06 - 2017-11-13 05:29 - 000100688 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-10-05 07:06 - 2017-11-13 05:29 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-10-05 07:06 - 2017-11-13 05:29 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-10-05 07:06 - 2017-11-13 05:29 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-10-05 07:06 - 2017-11-13 05:26 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-10-05 07:06 - 2017-11-13 05:29 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-11-15 16:16 - 2017-11-13 05:26 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-11-15 16:16 - 2017-11-13 05:28 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-11-15 16:16 - 2017-11-13 05:26 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-11-15 16:16 - 2017-11-13 05:28 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-10-05 07:06 - 2017-11-13 05:29 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-11-15 16:16 - 2017-11-13 05:28 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-10-05 07:06 - 2017-11-13 05:29 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-11-15 16:16 - 2017-11-13 05:28 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:3698 [0]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:3749 [0]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSIHANDLE:3847 [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3244128890-3775068740-4053759828-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bob's Dell\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeActiveFileMonitor13.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: ClickToRunSvc => 2
MSCONFIG\Services: Intel® PROSet Monitoring Service => 2
MSCONFIG\Services: O2FLASH => 2
MSCONFIG\Services: SSUService => 2
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-3244128890-3775068740-4053759828-1000\...\StartupApproved\Run: => "NETGEARGenie"
HKU\S-1-5-21-3244128890-3775068740-4053759828-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3244128890-3775068740-4053759828-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7CA5348A-5A01-470F-8CF6-1A2860175002}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{CB140206-DB0E-4AD0-A16C-36C1E18DF555}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{7118D427-5038-472A-A32E-F5C139555BB5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
FirewallRules: [{B6AE7E14-5497-46B0-B8DD-F2FC25945ABB}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe
FirewallRules: [{7EA3CDD6-67DF-4F3B-8D4A-AE5F328F7329}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe
FirewallRules: [{2DAE9C9E-973B-454D-80A8-B22FF7772457}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe
FirewallRules: [{F585E39B-8A71-4288-B7EA-E8CF7F0BA6C5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
FirewallRules: [{40F85923-4BD9-4217-A40E-8A03C47DF0AD}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe
FirewallRules: [{4C21D0D0-0E62-42DB-8155-A086B09F2F58}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
FirewallRules: [{991F0B38-4D7C-473C-91B9-B0DFC180E47D}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
FirewallRules: [{AD42CFCC-7455-425D-8705-AEED5EB052FF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{77555BEC-8B32-43DB-9ACF-0318C33CC1B6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [UDP Query User{6C115E8F-4267-4919-8F53-F58F0E64A3B8}C:\program files (x86)\netgear\usb control center\control center.exe] => (Block) C:\program files (x86)\netgear\usb control center\control center.exe
FirewallRules: [TCP Query User{1F5A243D-A5DD-475E-A351-7547A58626D7}C:\program files (x86)\netgear\usb control center\control center.exe] => (Block) C:\program files (x86)\netgear\usb control center\control center.exe
FirewallRules: [{4FF09538-3E20-491A-9EFB-5F390FC5FF3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{009FD332-03B3-4A06-88AC-0BA4A86CF195}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8457644B-D7F7-4988-80ED-7897756525AE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{ECD13D9F-9B23-4801-87CB-F192714725FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A0D23A54-E8CA-46B2-A868-AF7B9053C2D8}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{77907BDA-A839-4D83-B8EA-6166D024EBAF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{32F00F20-70DB-419F-9BE7-2919C9A97297}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
FirewallRules: [{43F72F40-BD11-4DE7-AB28-28D7A05DEA5F}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe
FirewallRules: [{CFDE23AE-8D99-40DC-BF4B-8F13D82DCDB4}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe
FirewallRules: [{C8CC591B-AC2F-407C-B35C-8E995776D44A}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe
FirewallRules: [{E902B759-CB77-43EC-8072-A158B5349795}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
FirewallRules: [{3E557BAF-EFDA-4A5E-BE02-F463A4C0EC9A}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe
FirewallRules: [{DE7E17E1-83D4-4EB0-A2B5-0FF229D345F5}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
FirewallRules: [{153E359A-B737-4A9A-A374-8DBA3A6E7077}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
FirewallRules: [{4AFB9CAF-D0E0-4C99-A4E9-E621C5EE3BE9}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{774E4DA5-F80C-424E-8657-5DE6F386F832}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{FAE19D46-C606-46E5-AD10-D16764E21B73}] => (Allow) LPort=7423
FirewallRules: [{72C15388-A99D-4821-A172-A40E4D65421C}] => (Allow) C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
FirewallRules: [{03253AEB-4FD9-497E-B648-32923EAC3260}] => (Allow) C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe
FirewallRules: [{E2A83D74-E222-4875-9C38-6150D2A6EB93}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{E23E996F-1683-46BB-A46B-FB1F14A4CCA3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{52B48E4F-4143-45AE-A02D-9A8830B2C024}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{959E4AFB-2D42-4A89-A47D-2301C379C1E9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{03A24B44-5F73-48F7-86FC-017358CD88A9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4492609E-0D54-4304-B3DD-422A58B4DEB1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{48A40718-C079-4F02-AB05-E92FCEB36BF6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7A4D9178-BA21-4F32-8587-7BF930FB1FA6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{87FF7366-3C21-4F64-B51E-FACDF7752C4D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{799F238E-8AC7-4ABD-869C-926487EFEC17}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{B0EDED48-BCB0-4528-A7ED-F09E4540B969}C:\users\bob's dell\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\bob's dell\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{5BD20008-A07A-46B1-A81C-590B8634D75F}C:\users\bob's dell\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\bob's dell\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0D34FA64-4A76-4D93-BEA9-014920BAF329}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{D4807C74-02E6-4B54-8815-664D429C2EE5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{9F7535FC-00CA-4189-98C1-CF83FF56190F}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{72D138E1-2EEC-49F2-9896-D32AD1C24342}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{4CD754D8-AD50-4F5D-BDFA-4739330C4386}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{7691F431-85E8-4173-A2A1-11AF09F39FC8}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{609666C9-8A9D-44D7-97F9-5459690DBB61}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{1393D3D6-22DD-4C8F-8EF0-D2AB8DE72D44}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{1B5284CC-FB4E-40B6-9897-3AF698856E5E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0EB77D2C-6F91-4604-98AE-4C561723B141}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3323E287-3621-4633-8C73-F29A976789C0}] => (Allow) C:\Users\Bob's Dell\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{35243FFD-400D-464C-979E-32017D71B9E9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{79DE557F-77FE-41EB-AED1-5FCB538D8FD2}] => (Allow) LPort=2869
FirewallRules: [{FC440C20-BE13-495F-8511-51956C07ECE8}] => (Allow) LPort=1900
FirewallRules: [{1D7AD348-7DAB-46D2-BC73-D6AF70B4DDCD}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{6F647788-26EC-49B2-A4A3-079934B09FCF}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{487234CC-6068-4A14-9BA4-4A84C9A91F92}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{2ABBB9C7-E703-4B5F-9970-A4162D78E7D3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{05A28F89-DE63-4273-9145-DE5C7C39FD8E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{9D89FD04-8073-4AEC-A43F-49EDF4223B13}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{F5B30B6F-FF5E-4BCA-902D-C544EE0D6D64}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{9239B2CE-7D38-4751-9C4D-F64AC2CFB1D4}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{832BF054-2E78-4197-B9FE-CD667CC40D56}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{13E87AF5-042E-4BDC-A264-79C22C9CC545}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{49BCD4A5-5BEC-4091-8B85-5750232FE71D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{CBC86F48-59EB-4858-84FF-338C625EA293}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
FirewallRules: [{C835E42D-45BE-457B-959A-15AC397B1E3B}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
FirewallRules: [{FBAC7757-3E0B-4CAD-B9D7-3F48B19AF8B7}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe
FirewallRules: [{57DC5784-598C-4F86-B914-2AB8C72E29E5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
FirewallRules: [{45D4F6A6-08F8-4550-A39D-1C973D3D34F9}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe
FirewallRules: [{4558E09F-18AE-4C18-B165-9C6059DCCDDB}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe
FirewallRules: [{CBB32A81-512A-4CDF-8D52-FD34CADB05B3}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe
FirewallRules: [{9F552241-515B-41A5-882F-71F8475AC328}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
FirewallRules: [{6E79E5AA-6253-4588-B20D-1B9FD80D383F}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{2739A8D6-2BF5-41D9-B0A5-BFD4FE882FCA}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{A5935AAA-61DE-4699-ABFF-250E7476FED2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{37F3E8B1-2BB5-4B8F-AFE0-A235F030AD6D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1FBD1971-DE0B-4849-99C5-76615D3E0065}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0E479C56-BB4C-4353-9917-4D4AACF18AA4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4B1C0A20-ED82-4350-A295-9D961E65F797}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BBFC15E3-0DB6-41B1-A5AB-68A27B486F10}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1169C5C4-2422-4908-9573-AA1C74AC9E5B}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909\SZBrowser.exe
FirewallRules: [{6F837896-686C-4783-A422-2DDF3A27A884}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\4.58.2552.909_0\SZBrowser.exe
FirewallRules: [{59D9D815-566C-4410-8660-76383E5C2CE0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{03063359-77AC-4D4C-B771-5B16B3060B00}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{BA6E863B-4C21-4EA3-8669-F6103B01CC45}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
07-11-2017 12:40:12 Windows Update
15-11-2017 09:19:36 Windows Update
23-11-2017 16:09:41 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/27/2017 07:20:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BobsDell-PC)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/26/2017 12:42:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 1Password.Edge.Native.exe, version: 6.8.470.0, time stamp: 0x59e7984d
Faulting module name: KERNELBASE.dll, version: 10.0.15063.726, time stamp: 0x32774c02
Exception code: 0xe0434352
Fault offset: 0x000ecbb2
Faulting process id: 0x1b6c
Faulting application start time: 0x01d366ddf087f40f
Faulting application path: C:\Program Files\WindowsApps\DC5C6510.1Password_6.8.470.0_x64__2v019pwa6amcg\Native\1Password.Edge.Native.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 804d3715-bfd5-4950-94df-aa5d4190cff5
Faulting package full name: DC5C6510.1Password_6.8.470.0_x64__2v019pwa6amcg
Faulting package-relative application ID: App
 
Error: (11/26/2017 12:42:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: 1Password.Edge.Native.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
   at AgileBits.OnePassword.Edge.Native.Program.OpenAppStream()
   at AgileBits.OnePassword.Edge.Native.Program+<>c__DisplayClass5_2+<<ConnectToUniversalAsync>b__1>d.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+<>c.<ThrowAsync>b__6_1(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
Error: (11/26/2017 08:59:28 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (11/26/2017 08:55:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: anti_ransomware_service.exe, version: 1.0.1.509, time stamp: 0x58d570b0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x3f391be1
Faulting process id: 0x1474
Faulting application start time: 0x01d366be13ea36a5
Faulting application path: C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
Faulting module path: unknown
Report Id: 03f1eccf-a5fe-411f-8898-3d1bcc843f5b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/26/2017 08:55:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: anti_ransomware_service.exe, version: 1.0.1.509, time stamp: 0x58d570b0
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000409
Fault offset: 0x0000f20c
Faulting process id: 0x1474
Faulting application start time: 0x01d366be13ea36a5
Faulting application path: C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
Faulting module path: C:\WINDOWS\SYSTEM32\MSVCR120.dll
Report Id: 3c0f14b7-161e-4cd2-b7c6-6cd5b99d77fc
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/26/2017 08:54:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: anti_ransomware_service.exe, version: 1.0.1.509, time stamp: 0x58d570b0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x3f391be1
Faulting process id: 0x734
Faulting application start time: 0x01d366bdf0a0872c
Faulting application path: C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
Faulting module path: unknown
Report Id: 198d7434-626a-408f-b28c-1d102bfd7f5a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/26/2017 08:54:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: anti_ransomware_service.exe, version: 1.0.1.509, time stamp: 0x58d570b0
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000409
Fault offset: 0x0000f20c
Faulting process id: 0x734
Faulting application start time: 0x01d366bdf0a0872c
Faulting application path: C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
Faulting module path: C:\WINDOWS\SYSTEM32\MSVCR120.dll
Report Id: 43b0a414-adb4-4ad3-b663-a24124fef76a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/26/2017 08:53:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BobsDell-PC)
Description: Activation of app Microsoft.Getstarted_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (11/26/2017 08:53:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: anti_ransomware_service.exe, version: 1.0.1.509, time stamp: 0x58d570b0
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000409
Fault offset: 0x0000f20c
Faulting process id: 0x12a4
Faulting application start time: 0x01d366bdc7f22d53
Faulting application path: C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
Faulting module path: C:\WINDOWS\SYSTEM32\MSVCR120.dll
Report Id: 0142dd4a-8b7e-4f97-b2d5-090bf6ac2af6
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (11/27/2017 09:11:38 AM) (Source: DCOM) (EventID: 10010) (User: BobsDell-PC)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.
 
Error: (11/26/2017 08:56:07 AM) (Source: DCOM) (EventID: 10010) (User: BobsDell-PC)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.
 
Error: (11/26/2017 08:55:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Acronis Active Protection ™ Service service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (11/26/2017 08:54:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Acronis Active Protection ™ Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/26/2017 08:53:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Acronis Active Protection ™ Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/26/2017 08:53:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/26/2017 08:53:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/26/2017 08:53:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
 
Error: (11/26/2017 08:53:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetPipeActivator service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/26/2017 08:53:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.
 
 
CodeIntegrity:
===================================
  Date: 2017-11-26 12:43:02.579
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-11-26 12:42:28.706
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-11-26 12:42:28.342
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-11-26 12:42:28.095
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-11-13 15:42:06.508
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-11-13 15:42:05.902
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-11-13 15:42:00.899
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-11-13 15:42:00.543
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-11-13 15:42:00.321
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-11-13 15:28:49.408
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 50%
Total physical RAM: 8097.46 MB
Available physical RAM: 4028.69 MB
Total Virtual: 8609.46 MB
Available Virtual: 3234.34 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:453.99 GB) (Free:132.42 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 31F01B93)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 PM

Posted 28 November 2017 - 11:16 AM

Hi,

I need to see the FRST.txt log.

You have posted the Addition.txt and attached the same log.

#5 MrBeer

MrBeer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 28 November 2017 - 06:15 PM

I am sorry, I am unable to upload text file. Message say "Post To Long"

MrBeer



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 PM

Posted 29 November 2017 - 08:37 AM



Hi,

You should be able to attach the file.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Or paste 1/2 or the log in one reply and the other half in a second post.

#7 MrBeer

MrBeer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 29 November 2017 - 08:41 AM

Thanks Nasdaq,

#8 MrBeer

MrBeer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 29 November 2017 - 04:55 PM

Attached is the text file.
MrBeer

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 PM

Posted 30 November 2017 - 07:30 AM

Hi,
Sorry the file is not attached.

Look at the instructions. It's a 2 steps process.

#10 MrBeer

MrBeer
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 30 November 2017 - 09:12 AM

Good Morning Nasdaq,
I swear I attached the file yesterday and clicked on Add Reply. This morning I retrieved the text file copied half the file and tried to put in the Reply to this topic and again received the "File to Long". So here goes the attach the file again.
MrBeer

Attached Files

  • Attached File  FRST.txt   788.66KB   2 downloads


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 PM

Posted 30 November 2017 - 02:24 PM

Hi,


 

I have picked up groovorio which Malwarebytes finds and I quarantine and I rerun Malwarebytes after quarantining groovorion it is still there.


Syncing issue.
To remove this you will possibly have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

Your Addition.txt file is clean.

If the problem is NOT solved let me know.
===

The FRST log is long due to the restrictions set by the CryptoPrevent program that is protecting your files.
The log was so long that it was also truncated.
---

p.s

For your added security.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 8 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation)

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,925 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:12 PM

Posted 06 December 2017 - 08:53 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users