Jump to content

malicous website blocked


Recommended Posts

Hi everytime I open a new broweser or browser tab I get "Malicious Website Blocked" pop up.  domain searchinterneat-a.akamaihd.net  what is causing this?

 

addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016 01
Ran by home (2016-06-19 18:10:35)
Running from C:\Users\home\Downloads
Windows 10 Pro Version 1511 (X64) (2015-11-26 17:27:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-743374957-2892435849-4266658744-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-743374957-2892435849-4266658744-503 - Limited - Disabled)
Guest (S-1-5-21-743374957-2892435849-4266658744-501 - Limited - Disabled)
home (S-1-5-21-743374957-2892435849-4266658744-1000 - Administrator - Enabled) => C:\Users\home
HomeGroupUser$ (S-1-5-21-743374957-2892435849-4266658744-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_G510af_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510af (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510af_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (HKLM-x32\...\Adobe_a04a925a57548091300ada368235fc6) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Ampps 3.3 (HKLM-x32\...\Ampps_is1) (Version:  - Softaculous Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5571 - CDBurnerXP)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Complete Control Program (HKLM-x32\...\{A5D94D75-6203-4D31-979C-DC0B466FF175}) (Version: 1.00.000 - Universal Remote Control, Inc.)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-743374957-2892435849-4266658744-1000\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-743374957-2892435849-4266658744-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
DerbyWeb v1 (HKLM-x32\...\DerbyWeb v1_is1) (Version: 1.0.0 - Lisano Enterprises)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DisplayLink Core Software (HKLM\...\{DF3F0788-16F0-4894-9748-677409D69100}) (Version: 7.9.630.0 - DisplayLink Corp.)
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FileZilla Client 3.10.3 (HKLM-x32\...\FileZilla Client) (Version: 3.10.3 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.59 - Google Inc.)
Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GrandPrix Race Manager v15 (HKLM-x32\...\GrandPrix Race Manager v15_is1) (Version: 15.0.901 - Lisano Enterprises)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IBackup Version - 11.0 (HKLM-x32\...\IBackup_is1) (Version: 11.0 - Pro Softnet Corp)
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{6EB4AC9E-01E9-4B8C-96C8-281ECAF3A687}) (Version: 5.0.10.2793 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
LTS Web Components (HKLM-x32\...\{687D640D-B505-453E-AB08-B6DA086A7093}_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Deploy 2.0 (HKLM\...\{5134B35A-B559-4762-94A4-FD4918977953}) (Version: 2.0.1070 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.7.0 (x86 en-US)) (Version: 31.7.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
Mozilla Thunderbird 38.7.1 (x86 en-US) (HKU\S-1-5-21-743374957-2892435849-4266658744-1000\...\Mozilla Thunderbird 38.7.1 (x86 en-US)) (Version: 38.7.1 - Mozilla)
Mozilla Thunderbird 38.7.1 (x86 en-US) (HKU\S-1-5-21-743374957-2892435849-4266658744-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Mozilla Thunderbird 38.7.1 (x86 en-US)) (Version: 38.7.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MX-900 Editor (HKLM-x32\...\{30C6798C-2BA6-47AC-AD99-F60F0EBF665D}) (Version: 1.10.044 - Universal Remote Control, Inc.)
My Checkbook 2.3.3 (HKLM-x32\...\{A3AD8566-122E-4E48-8102-2C9D69B896C5}_is1) (Version:  - Surprise Software)
My Checkbook version 3.2.0 (HKLM-x32\...\{036DAD20-7DBC-43A4-967C-9FE4D56EEDB8}_is1) (Version: 3.2.0 - Surprise Software)
Network64 (Version: 130.0.550.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Upwork version 4.1.321.0 (HKLM-x32\...\{F8678797-5A4B-43CF-88D0-EEF67DB3B55E}_is1) (Version: 4.1.321.0 - Upwork, Inc)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
WebClient (HKLM-x32\...\WebClient) (Version:  - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-743374957-2892435849-4266658744-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\home\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-743374957-2892435849-4266658744-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\home\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01168977-2308-4875-BD63-395C94F1B727} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {070E4FA1-C527-41C1-9375-47C9A3CD3E3D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {07C202CD-7522-466E-AE31-D9A137FA1734} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {07DF96E6-AACC-42E6-A753-631C4BB090E4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {0B4A73FE-4D19-4A77-BCEF-7F34F7C6411B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0F3027B3-0B62-4BCC-AAA5-81EB1A07FBAA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {167A4990-476F-485E-997F-30E28EE2D1EC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {181E0D92-649E-43C0-8D32-A6E0B5D90DFF} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-23] (Dropbox, Inc.)
Task: {21EEA867-55FB-44ED-A64B-1E084F912693} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {22AF8E7D-47AA-4210-AFDA-04845E5B1626} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {2B01DA89-9865-4FBA-B624-E9A16FFBD047} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {354652CA-ED42-44B3-8B3F-6D3F5A7D001F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {3999F955-1542-4619-BF55-69B2B3B3B2E3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {4551C470-AADD-47A4-8EE6-9A5FC9C8EBD5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {474B7871-7CE9-46C0-8558-12EE084D637E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {5CCEA85C-A4AD-428D-90BD-50C845D676AF} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {5CF67E20-71A4-4B69-81F5-C1FD55E5386F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {62885F73-A6B0-4CB0-8806-C11BD95F29F1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {6780DE28-D28A-4A29-BD98-51FF2796C887} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6C5E1485-C36E-4F45-8282-F510085B530D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {726DC727-3AF1-4AB2-82A4-6107EAC688CC} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {73FA77C8-D260-4471-B0EF-4AF3275659A3} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {743A2833-3E24-4A95-B41E-CD9E321A58CD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {750489E0-6DFC-4258-A47B-E8320FAC565E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {812474F9-3CC8-4C12-B2FA-278137261553} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {8247E18C-6E12-469D-B727-53E35C0D939B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {84B5AB39-E10D-4E02-9FA7-AB791ABCC4F6} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {8E277CDA-C301-4FED-B0EF-98393C38D16A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {95382CF2-3FB6-4EFD-B462-7D60E12439FB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {A16F0779-8319-4D01-8671-DF4BA9FBB1F0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A181DA8E-2EE9-421B-B684-F3AF016EE0DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A2622800-5618-4C40-B4D1-53ACDD11AFA2} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B195DF1A-84E3-43BD-8A61-AA3849EB9B3C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B1D38C30-501F-4CFC-919B-C409032C7188} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C4CC604D-6D36-433E-B1CE-DA04D56D7E91} - System32\Tasks\{7956B13F-4AEA-482E-821F-0C01D6183ACE} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.20.0.104&amp;LastError=404
Task: {CE1E7625-28DE-408F-B891-E333BCB48D3B} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {D1BAC486-EA87-4B63-98E4-3DB00AB08095} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {D7E5A434-B07E-445A-8C75-EE15D10AE564} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E3482F0E-0F1C-42A3-81F4-28570CF744C5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E3ECE412-F3F1-4C63-9727-A1E7FBD18A3B} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {F2876B2E-CF23-4F71-81AD-2BC34E387AB5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {F2E3DDA8-46A2-4058-B65C-7D63403D4C85} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-23] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-06-05 19:40 - 2013-10-23 15:24 - 00087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-12 19:59 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 19:59 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-23 19:33 - 2016-05-23 19:33 - 00959168 _____ () C:\Users\home\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-04-18 19:39 - 2016-04-18 19:39 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-17 21:16 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-14 16:56 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-14 16:56 - 2016-04-23 00:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-14 16:56 - 2016-04-22 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-14 16:56 - 2016-04-22 23:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-14 16:56 - 2016-04-23 00:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-18 01:35 - 2015-12-19 02:08 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-05-31 18:30 - 2012-11-01 11:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2015-05-31 18:30 - 2012-11-01 11:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2016-01-24 15:15 - 2016-01-21 19:53 - 00043520 _____ () C:\Program Files (x86)\IBackupWindows\RemoteManagement.dll
2015-06-04 20:55 - 2016-01-21 19:53 - 00013312 _____ () C:\Program Files (x86)\IBackupWindows\SqliteWrapper.dll
2015-06-04 20:55 - 2015-11-25 14:03 - 00834048 _____ () C:\Program Files (x86)\IBackupWindows\sqlite3.dll
2016-04-18 19:39 - 2016-04-18 19:39 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-18 19:39 - 2016-04-18 19:39 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-05-23 19:33 - 2016-05-23 19:33 - 00679624 _____ () C:\Users\home\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-02-23 21:29 - 2016-05-05 06:09 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-06-03 17:55 - 2016-05-05 06:10 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-06-03 17:55 - 2016-05-05 06:09 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-02-23 21:29 - 2016-05-05 06:09 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-02-23 21:29 - 2016-05-05 06:09 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-02-23 21:29 - 2016-05-31 14:34 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-02-23 21:29 - 2016-05-05 06:11 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-06-03 17:55 - 2016-05-05 06:09 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-02-23 21:29 - 2016-05-31 14:34 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-02-23 21:29 - 2016-05-05 06:09 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-06-03 17:55 - 2016-05-31 14:34 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-02-23 21:29 - 2016-05-05 06:10 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-06-03 17:55 - 2016-05-31 14:34 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-06-03 17:55 - 2016-05-31 14:34 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-02-23 21:29 - 2016-05-31 14:34 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-06-03 17:55 - 2016-05-31 14:34 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-06-03 17:55 - 2016-05-05 06:11 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-02-23 21:29 - 2016-05-05 06:11 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-02-23 21:29 - 2016-05-05 06:11 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-02-23 21:29 - 2016-05-05 06:11 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-23 21:29 - 2016-05-31 14:34 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-02-23 21:29 - 2016-05-05 06:11 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-02-23 21:29 - 2016-05-05 06:11 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-02-23 21:29 - 2016-05-05 06:11 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-02-23 21:29 - 2016-05-05 06:11 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-02-23 21:29 - 2016-05-05 06:11 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-23 21:29 - 2016-05-31 14:34 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-06-03 17:55 - 2016-05-05 06:09 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-06-03 17:55 - 2016-05-31 14:34 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-02-23 21:29 - 2016-05-05 06:11 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-02-23 21:29 - 2016-05-05 06:11 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-06-03 17:55 - 2016-05-31 14:33 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-02-23 21:29 - 2016-05-05 06:11 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-06-03 17:55 - 2016-05-31 14:34 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-23 21:29 - 2016-05-05 06:09 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-06-03 17:55 - 2016-05-05 06:10 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-02-23 21:29 - 2016-05-31 14:34 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-23 21:29 - 2016-05-31 14:34 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-23 21:29 - 2016-05-31 14:34 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-06-03 17:55 - 2016-05-31 14:34 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-02-23 21:29 - 2016-05-31 14:34 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-23 21:29 - 2016-05-05 06:11 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-23 21:29 - 2016-05-31 14:34 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-06-03 17:55 - 2016-05-31 14:34 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-06-03 17:55 - 2016-05-05 06:12 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-06-03 17:55 - 2016-05-31 14:34 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-06-03 17:55 - 2016-03-11 20:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-06-03 17:55 - 2016-05-31 14:34 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-06-03 17:55 - 2016-05-31 14:34 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-02-23 21:29 - 2016-05-05 06:10 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-06-03 17:55 - 2016-05-31 14:34 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-06-03 17:55 - 2016-05-31 14:34 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-06-03 17:55 - 2016-05-31 14:34 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-06-03 17:55 - 2016-05-31 14:34 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-06-03 17:55 - 2016-05-31 14:34 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-06-03 17:55 - 2016-05-31 14:34 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-02-23 21:29 - 2016-05-05 06:11 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-04-13 19:38 - 2016-05-31 14:34 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-02-23 21:29 - 2016-05-31 14:34 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-06-03 17:55 - 2016-05-31 14:34 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-06-03 17:55 - 2016-05-31 14:34 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00098816 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\win32api.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00110080 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\pywintypes27.dll
2016-06-19 18:02 - 2016-06-19 18:02 - 00364544 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\pythoncom27.dll
2016-06-19 18:02 - 2016-06-19 18:02 - 00320512 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\win32com.shell.shell.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00776704 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\_hashlib.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 01176576 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\wx._core_.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00806400 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\wx._gdi_.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00816128 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\wx._windows_.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 01067008 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\wx._controls_.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00733184 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\wx._misc_.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00682496 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\pysqlite2._sqlite.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00088064 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\_ctypes.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00119808 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\win32file.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00108544 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\win32security.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00007168 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\hashobjs_ext.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00017920 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\thumbnails_ext.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00088064 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\usb_ext.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00012288 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\common.time34.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00018432 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\win32event.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00167936 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\win32gui.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00046080 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\_socket.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 01208320 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\_ssl.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00128512 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\_elementtree.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00127488 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\pyexpat.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00038912 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\win32inet.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00036864 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\_psutil_windows.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00525208 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\windows._lib_cacheinvalidation.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00011264 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\win32crypt.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00077312 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\wx._html2.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00027136 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\_multiprocessing.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00020480 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\_yappi.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00035840 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\win32process.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00686080 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\unicodedata.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00078848 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\wx._animate.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00123392 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\wx._wizard.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00024064 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\win32pipe.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00010240 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\select.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00025600 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\win32pdh.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00017408 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\win32profile.pyd
2016-06-19 18:02 - 2016-06-19 18:02 - 00022528 ____R () C:\Users\home\AppData\Local\Temp\_MEI63082\win32ts.pyd
2014-02-19 18:51 - 2014-02-19 18:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-03-08 20:13 - 2016-03-08 20:13 - 01114136 _____ () C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\nmlrchpq.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2007-03-21 20:53 - 2007-03-21 20:53 - 00049152 _____ () C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\QuickTimeGlue.dll
2007-03-21 20:52 - 2007-03-21 20:52 - 00393216 _____ () C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\AdobeXMP.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-743374957-2892435849-4266658744-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-743374957-2892435849-4266658744-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{435A7ED9-F4A5-4FD4-A998-ABA657E42472}C:\users\home\appdata\local\temp\g2_1704\g2viewer.exe] => (Allow) C:\users\home\appdata\local\temp\g2_1704\g2viewer.exe
FirewallRules: [TCP Query User{0AE22696-9117-4CB6-8560-A2C5E0DA088E}C:\users\home\appdata\local\temp\g2_1704\g2viewer.exe] => (Allow) C:\users\home\appdata\local\temp\g2_1704\g2viewer.exe
FirewallRules: [UDP Query User{A09C7C62-7058-49B4-B8D1-9FD011B645E7}C:\users\home\appdata\local\temp\g2_1611\g2viewer.exe] => (Allow) C:\users\home\appdata\local\temp\g2_1611\g2viewer.exe
FirewallRules: [TCP Query User{A0207C50-8B3E-49A6-B5B7-A838ABE3C1D1}C:\users\home\appdata\local\temp\g2_1611\g2viewer.exe] => (Allow) C:\users\home\appdata\local\temp\g2_1611\g2viewer.exe
FirewallRules: [{6C0929C0-DD37-4537-AC16-21E77AEEE81E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{1D91058B-DFF9-427D-909E-7F52E53E0643}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{5EBACA0E-E54A-4974-99FC-D4F5ED860D8B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FE981B1D-5F8F-47B0-B0C6-A6F2C3C11D04}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{77E14805-7982-4544-9FB6-3DEB707807BE}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{1FD7B463-FC8F-48F2-B7D8-E7BA0BCA8070}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{39461B9F-806E-412C-9A47-C6A54181F0E7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{A0B8A7B1-A39D-46E7-B3E2-9A544A5A75EE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{D73C7B57-87A5-480A-9501-9070B0D6384D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{B82B9DFC-CF3C-4D02-8380-D3CC2D0FC354}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{B4148D1B-EFFB-4C05-90A8-A1F3B0DDA15F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{E0EA1E09-8D56-4CE6-B023-BAAE497421CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{6D6EA1E0-52F1-4640-B0C1-607895B881A8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{49D498C2-E107-467F-B689-20E7A20BA798}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{44CCD3EA-6C5E-493A-BB1C-73B9706105D9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{FD0F41D0-F122-4F91-8F12-A8430759F465}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{8CA38A1F-44F8-4564-AE46-60D8CD162237}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{068F40CF-25D2-475C-B884-046AC0BC2EFF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{0F16AB1C-A4E6-481F-B1DB-C4116013640A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{FF5BCF31-7224-48FF-B4F3-CF41E05F9E88}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{2A3C86E4-C623-46F4-98C4-75054CA6C13C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [TCP Query User{CE89EA37-CE03-49E1-BBF0-0B9F44D2CAD8}C:\users\home\appdata\local\temp\joi398c.tmp\join.me.exe] => (Allow) C:\users\home\appdata\local\temp\joi398c.tmp\join.me.exe
FirewallRules: [UDP Query User{9E2869F9-55CA-443A-AB89-C916F5D8077E}C:\users\home\appdata\local\temp\joi398c.tmp\join.me.exe] => (Allow) C:\users\home\appdata\local\temp\joi398c.tmp\join.me.exe
FirewallRules: [{5C234BE7-9E45-4A86-A4D8-EF6C1D024350}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{64AA7446-37EC-43EA-8EBB-EA7CE924611A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8B4DC038-F3A3-4755-B487-2AC0EAACBAD4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FE368B3F-4999-42FD-999D-B759E1C088A8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{E5354E65-4A0A-4A61-BEBD-E88A82816E6A}C:\ampps\mysql\bin\mysqld.exe] => (Allow) C:\ampps\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{7BCF54C8-74DC-47AD-A880-6F909F2CA5F4}C:\ampps\mysql\bin\mysqld.exe] => (Allow) C:\ampps\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{08F2D1F7-35D0-4FD4-8247-D679C4E29C8E}C:\ampps\apache\bin\httpd.exe] => (Allow) C:\ampps\apache\bin\httpd.exe
FirewallRules: [UDP Query User{0D30C990-39FB-4E0C-8E54-D3EA1AA03D67}C:\ampps\apache\bin\httpd.exe] => (Allow) C:\ampps\apache\bin\httpd.exe
FirewallRules: [TCP Query User{37D92BB3-3756-44D8-A0DC-EDA0C31B936E}C:\users\home\appdata\local\temp\g2_1775\g2viewer.exe] => (Allow) C:\users\home\appdata\local\temp\g2_1775\g2viewer.exe
FirewallRules: [UDP Query User{E664AF40-439F-4240-8A30-0595BAA0AD14}C:\users\home\appdata\local\temp\g2_1775\g2viewer.exe] => (Allow) C:\users\home\appdata\local\temp\g2_1775\g2viewer.exe
FirewallRules: [TCP Query User{F89321E3-3099-4B9E-8D9C-59DCEF18FA82}C:\program files (x86)\askpartnernetwork\toolbar\updater\tbnotifier.exe] => (Block) C:\program files (x86)\askpartnernetwork\toolbar\updater\tbnotifier.exe
FirewallRules: [UDP Query User{2FF94A3C-322C-408F-8221-580D3CED0823}C:\program files (x86)\askpartnernetwork\toolbar\updater\tbnotifier.exe] => (Block) C:\program files (x86)\askpartnernetwork\toolbar\updater\tbnotifier.exe
FirewallRules: [{CB4C03CC-3464-4354-9843-A413199C1DFF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CCFA3742-DE95-4B94-988B-B3AEE754938C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{165832B3-9C29-4784-9CDC-0AE0924F5761}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{89D56EDF-C53F-4BB4-BEC1-816DCEA2A37A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{39FF22F7-3DDC-4C04-A4DE-262FF9A75392}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{16CD39B5-FA6B-4BC1-A8BC-AD73A5917415}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{5332D9C7-F2FD-4210-A59D-686A8F658E73}C:\users\home\appdata\local\temp\g2_1826\g2viewer.exe] => (Allow) C:\users\home\appdata\local\temp\g2_1826\g2viewer.exe
FirewallRules: [UDP Query User{E36B7B08-0458-4A06-9645-00E3A2582A07}C:\users\home\appdata\local\temp\g2_1826\g2viewer.exe] => (Allow) C:\users\home\appdata\local\temp\g2_1826\g2viewer.exe
FirewallRules: [{DA58206C-8974-4085-96B9-3E410DD4B683}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4BF289E6-48B6-483D-ACED-C41E09214F66}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

12-06-2016 05:38:07 Windows Update
15-06-2016 21:58:31 Windows Update
19-06-2016 06:01:26 Windows Update

==================== Faulty Device Manager Devices =============

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2016 06:00:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686
Exception code: 0xc0000602
Fault offset: 0x000000000022885f
Faulting process id: 0xa08
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Faulting package full name: svchost.exe4
Faulting package-relative application ID: svchost.exe5

Error: (06/19/2016 06:00:57 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2568) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: 0(:0): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)

Error: (06/19/2016 06:00:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_ProfSvc, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: wbemcomn.dll, version: 10.0.10586.0, time stamp: 0x5632d7a5
Exception code: 0xc0000005
Fault offset: 0x000000000000f9f2
Faulting process id: 0xbcc
Faulting application start time: 0xsvchost.exe_ProfSvc0
Faulting application path: svchost.exe_ProfSvc1
Faulting module path: svchost.exe_ProfSvc2
Report Id: svchost.exe_ProfSvc3
Faulting package full name: svchost.exe_ProfSvc4
Faulting package-relative application ID: svchost.exe_ProfSvc5

Error: (06/19/2016 06:00:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_ProfSvc, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: wbemcomn.dll, version: 10.0.10586.0, time stamp: 0x5632d7a5
Exception code: 0xc0000005
Fault offset: 0x000000000000f9f2
Faulting process id: 0x3c8
Faulting application start time: 0xsvchost.exe_ProfSvc0
Faulting application path: svchost.exe_ProfSvc1
Faulting module path: svchost.exe_ProfSvc2
Report Id: svchost.exe_ProfSvc3
Faulting package full name: svchost.exe_ProfSvc4
Faulting package-relative application ID: svchost.exe_ProfSvc5

Error: (06/19/2016 06:01:33 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (06/17/2016 06:01:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: home-PC)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147009280 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (06/15/2016 11:23:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000409
Fault offset: 0x00000000000a9ba0
Faulting process id: 0x2424
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (06/15/2016 09:59:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (06/15/2016 09:07:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_MapsBroker, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: MosHostCore.dll, version: 10.0.10586.306, time stamp: 0x571af987
Exception code: 0x84000010
Fault offset: 0x0000000000020dd4
Faulting process id: 0x19d8
Faulting application start time: 0xsvchost.exe_MapsBroker0
Faulting application path: svchost.exe_MapsBroker1
Faulting module path: svchost.exe_MapsBroker2
Report Id: svchost.exe_MapsBroker3
Faulting package full name: svchost.exe_MapsBroker4
Faulting package-relative application ID: svchost.exe_MapsBroker5

Error: (06/15/2016 09:04:12 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1332) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU011F7.log.


System errors:
=============
Error: (06/19/2016 06:01:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (06/19/2016 06:01:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Geolocation Service service failed to start due to the following error:
%%1069 = The service did not start due to a logon failure.


Error: (06/19/2016 06:01:01 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The lfsvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50 = The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (06/19/2016 06:00:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The State Repository Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (06/19/2016 06:00:57 PM) (Source: DCOM) (EventID: 10010) (User: home-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (06/19/2016 06:00:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2e965 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/19/2016 06:00:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (06/19/2016 06:00:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Manager service terminated unexpectedly.  It has done this 2 time(s).

Error: (06/19/2016 06:00:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Profile Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (06/19/2016 06:00:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Geolocation Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-06-18 15:19:52.817
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-17 18:07:58.385
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-15 21:59:37.599
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-14 18:38:09.718
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-13 06:22:50.788
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-11 16:49:49.867
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-08 18:46:13.196
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-07 18:40:20.300
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-05 16:57:59.295
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-06-04 15:08:52.024
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G3258 @ 3.20GHz
Percentage of memory in use: 22%
Total physical RAM: 16267.39 MB
Available physical RAM: 12587.41 MB
Total Virtual: 32651.39 MB
Available Virtual: 29071.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.97 GB) (Free:407.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 98F83A33)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016 01
Ran by home (administrator) on HOME-PC (19-06-2016 18:08:02)
Running from C:\Users\home\Downloads
Loaded Profiles: home &  (Available Profiles: home & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Prosoftnet) C:\Program Files (x86)\IBackupWindows\ib_bglaunch.exe
(Prosoftnet) C:\Program Files (x86)\IBackupWindows\ib_tray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Prosoftnet) C:\Program Files (x86)\IBackupWindows\ib_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [402344 2015-12-19] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [IBackup Background process] => C:\Program Files (x86)\IBackupWindows\ib_bglaunch.exe [159984 2016-01-21] (Prosoftnet)
HKLM-x32\...\Run: [IBackup Tray] => C:\Program Files (x86)\IBackupWindows\ib_tray.exe [2134256 2016-01-21] (Prosoftnet)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23972712 2016-05-31] (Dropbox, Inc.)
HKU\S-1-5-21-743374957-2892435849-4266658744-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-743374957-2892435849-4266658744-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [232960 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-743374957-2892435849-4266658744-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google)
HKU\S-1-5-21-743374957-2892435849-4266658744-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [232960 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-05-31]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-05-31]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-05-31]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f7fb25de-5424-4909-b33d-30331b51a8b5}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-743374957-2892435849-4266658744-1000 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://search.coupons.com/search.asp?p=df&q={searchTerms}
SearchScopes: HKU\S-1-5-21-743374957-2892435849-4266658744-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://search.coupons.com/search.asp?p=df&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-31] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-31] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-31] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-31] (LastPass)

FireFox:
========
FF ProfilePath: C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\nmlrchpq.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-31] (LastPass)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @EDVR/WebClient -> C:\windows\system32\WebClient\npwebclient.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-31] (LastPass)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin-x32: LTS Web Components -> C:\Program Files (x86)\LTS Web Components\npLTSWebVideoPlugin.dll [2014-08-25] ()
FF Plugin HKU\S-1-5-21-743374957-2892435849-4266658744-1000: @citrixonline.com/appdetectorplugin -> C:\Users\home\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-743374957-2892435849-4266658744-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\home\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-08] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-05-18] (Coupons, Inc.)
FF Extension: LastPass - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\nmlrchpq.default\extensions\support@lastpass.com [2016-03-09]
FF Extension: yesware - C:\Users\home\AppData\Roaming\Mozilla\Firefox\Profiles\nmlrchpq.default\Extensions\jid1-T5mdAATMX3urKA@jetpack.xpi [2016-06-15]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-05-31] [not signed]
FF HKU\S-1-5-21-743374957-2892435849-4266658744-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-743374957-2892435849-4266658744-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-31]
CHR Extension: (Google Drive) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-21]
CHR Extension: (YouTube) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-21]
CHR Extension: (Google Search) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-31]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-743374957-2892435849-4266658744-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-743374957-2892435849-4266658744-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-05-18] (Coupons.com Inc.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-23] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-23] (Dropbox, Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [11075816 2015-10-16] (DisplayLink Corp.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-04-12] (Macrovision Europe Ltd.) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-08] (Hewlett-Packard Co.) [File not signed]
R2 IBService; C:\Program Files (x86)\IBackupWindows\ib_service.exe [242928 2016-01-21] (Prosoftnet)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.9.630.0.sys [67336 2015-11-07] ()
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-19 18:08 - 2016-06-19 18:08 - 00022716 _____ C:\Users\home\Downloads\FRST.txt
2016-06-19 18:07 - 2016-06-19 18:08 - 00000000 ____D C:\FRST
2016-06-19 18:07 - 2016-06-19 18:07 - 00000000 ____D C:\Users\home\Downloads\FRST-OlderVersion
2016-06-19 06:34 - 2016-06-19 18:07 - 02387456 _____ (Farbar) C:\Users\home\Downloads\FRST64.exe
2016-06-19 06:28 - 2016-06-19 06:28 - 00001263 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-19 06:28 - 2016-06-19 06:28 - 00001251 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-19 06:27 - 2016-06-19 06:27 - 00020487 _____ C:\Users\home\Desktop\bookmarks-2016-06-19.json
2016-06-19 06:26 - 2016-06-19 06:28 - 45032224 _____ C:\Users\home\Desktop\Firefox Setup 47.0.exe
2016-06-19 06:26 - 2016-06-19 06:26 - 45032224 _____ C:\Users\home\Downloads\Firefox Setup 47.0.exe
2016-06-19 06:20 - 2016-06-19 06:20 - 00682247 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9998_sod15658.pdf
2016-06-19 06:19 - 2016-06-19 06:19 - 00777028 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9999_sod15657.pdf
2016-06-19 06:18 - 2016-06-19 06:18 - 00777023 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s10000_sod15656.pdf
2016-06-19 06:16 - 2016-06-19 06:16 - 00680749 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9997_sod15655.pdf
2016-06-18 20:54 - 2016-06-18 20:54 - 00193459 _____ C:\Users\home\Downloads\StatementPdf(3)
2016-06-18 20:52 - 2016-06-18 20:52 - 00341468 _____ C:\Users\home\Downloads\StatementPdf(2)
2016-06-18 18:25 - 2016-06-18 18:25 - 00167043 _____ C:\Users\home\Downloads\PremierOutdoor_5Yr_6844SD5E.pdf
2016-06-18 06:41 - 2016-06-18 06:41 - 00682611 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9430_sod14602.pdf
2016-06-18 06:40 - 2016-06-18 06:40 - 00777138 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9980_sod15654.pdf
2016-06-18 06:38 - 2016-06-18 06:38 - 00777224 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9979_sod15653.pdf
2016-06-18 06:37 - 2016-06-18 06:37 - 00681947 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9977_sod15652.pdf
2016-06-18 06:36 - 2016-06-18 06:36 - 00777466 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9965_sod15651.pdf
2016-06-18 05:43 - 2016-06-18 05:43 - 00131824 _____ C:\Users\home\Downloads\ImageRequestor(4).cgi
2016-06-15 21:24 - 2016-06-15 21:24 - 00264073 _____ C:\Users\home\Downloads\APP100__P.831016.__.478520.___.I01.R.____.20160615122950.pdf
2016-06-15 21:22 - 2016-06-15 21:22 - 00681033 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9825_sod15469.pdf
2016-06-15 21:13 - 2016-06-19 18:02 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-06-15 21:10 - 2016-06-15 21:10 - 00001206 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-15 21:10 - 2016-06-15 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-15 21:10 - 2016-06-15 21:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-15 21:10 - 2016-06-15 21:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-15 21:10 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-06-15 21:10 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-06-15 21:10 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-06-15 21:09 - 2016-06-15 21:09 - 22851472 _____ (Malwarebytes ) C:\Users\home\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-15 10:29 - 2016-06-15 10:29 - 00654447 _____ C:\Users\home\Downloads\Adam Gilbert 22694 Carter Rd Woodhaven, MI 48183 -  Lloyds of London Approved Quote.pdf
2016-06-15 10:28 - 2016-06-15 10:28 - 01082476 _____ C:\Users\home\Downloads\Viktor and Angela Toghia 1300 Kentucky Springs Rd Acton, CA 93510 -  Lloyds of London Approved Quote.pdf
2016-06-15 10:26 - 2016-06-15 10:26 - 00655120 _____ C:\Users\home\Downloads\Scott Sprague 8973 E LAKE RD Hammondsport, NY 14840 -  Lloyds of London Approved Quote.pdf
2016-06-15 10:26 - 2016-06-15 10:26 - 00655120 _____ C:\Users\home\Downloads\Scott Sprague 8973 E LAKE RD Hammondsport, NY 14840 -  Lloyds of London Approved Quote(1).pdf
2016-06-15 10:25 - 2016-06-15 10:25 - 00653012 _____ C:\Users\home\Downloads\Sky Fulton 29330 Hwy 62 Trail, OR 97541 -  Lloyds of London Approved Quote.pdf
2016-06-15 10:24 - 2016-06-15 10:24 - 01797979 _____ C:\Users\home\Downloads\Rosemary Flanning 210 BOSTON , JONES, OK 73049 -  Lloyds of London Approved Quote.pdf
2016-06-15 10:23 - 2016-06-15 10:23 - 00654636 _____ C:\Users\home\Downloads\Mindy Misfeldt 7618 E HWY 30 Fremont, NE 68025 -  Lloyds of London Approved Quote.pdf
2016-06-15 10:21 - 2016-06-15 10:21 - 00656892 _____ C:\Users\home\Downloads\Allen George 4468 mayfair street Dearborn Heights, MI 48125 -  Lloyds of London Approved Quote 1.pdf
2016-06-15 10:20 - 2016-06-15 10:20 - 00756584 _____ C:\Users\home\Downloads\Johnny Barraza 3042 Del Sur Alamogordo, NM 88310 -  Lloyds of London Approved Quote.pdf
2016-06-15 10:19 - 2016-06-15 10:19 - 00477306 _____ C:\Users\home\Downloads\Bryan and Lisa Seibel 364 VALENCIA ROAD, EVANS CITY, PA 16033 -  Lloyds of London Approved Quote(1).pdf
2016-06-15 10:18 - 2016-06-15 10:18 - 01888491 _____ C:\Users\home\Downloads\ANDREA RIVAS, 144 ENGLISH COURT, BUSHKILL, PA 18324-7995 -  Lloyds of London Approved Quote.pdf
2016-06-15 10:15 - 2016-06-15 10:15 - 01809637 _____ C:\Users\home\Downloads\Bryan and Lisa Seibel 364 VALENCIA ROAD, EVANS CITY, PA 16033 -  Lloyds of London Approved Quote.pdf
2016-06-15 10:08 - 2016-06-15 10:08 - 00000001 _____ C:\Users\home\AppData\Local\setupsuccessful.txt
2016-06-15 10:07 - 2016-06-19 18:00 - 00000000 ____D C:\Users\home\AppData\LocalLow\Company
2016-06-15 10:07 - 2016-06-16 01:01 - 00000000 ____D C:\Program Files\Jifeseipgacrhs
2016-06-15 10:07 - 2016-06-15 10:07 - 00000000 ____D C:\Users\home\AppData\Local\Tempfolder
2016-06-15 10:07 - 2016-06-15 10:07 - 00000000 ____D C:\uninst
2016-06-15 10:06 - 2016-06-16 01:01 - 00000000 ____D C:\ProgramData\d650d0cf-6cdc-435d-b7aa-29ce3756cf70
2016-06-15 10:06 - 2016-06-16 01:01 - 00000000 ____D C:\Program Files (x86)\Mass Sea
2016-06-15 10:06 - 2016-06-16 01:01 - 00000000 ____D C:\a
2016-06-15 10:06 - 2016-06-15 10:08 - 00000000 _____ C:\Users\home\AppData\Local\stxtname.txt
2016-06-15 10:06 - 2016-06-15 10:06 - 00000000 _____ C:\Users\home\AppData\Local\run.txt
2016-06-15 10:04 - 2016-06-15 10:04 - 05926912 _____ C:\Users\home\Downloads\Wondershare_PDF_Editor_Pro_Crack_and_Serial_Number_Free.iso
2016-06-15 09:58 - 2016-06-15 09:58 - 00106493 _____ C:\Users\home\Downloads\sub_c44_p12_o30_s7685_sod15313.pdf
2016-06-15 09:55 - 2016-06-15 09:55 - 00106213 _____ C:\Users\home\Downloads\sub_c44_p12_o30_s7989_sod15312.pdf
2016-06-15 09:50 - 2016-06-15 09:50 - 00000000 ____D C:\ProgramData\Wondershare
2016-06-15 09:47 - 2016-06-15 09:47 - 00000000 ____D C:\Users\home\AppData\Local\Wondershare
2016-06-15 09:37 - 2016-06-16 01:01 - 00000000 ____D C:\Users\home\AppData\Roaming\Wondershare
2016-06-15 09:37 - 2016-06-15 09:37 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-06-15 09:36 - 2016-06-16 01:01 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-06-15 09:28 - 2016-06-15 09:28 - 00682384 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9694_sod15134.pdf
2016-06-14 21:18 - 2016-06-14 21:18 - 00682226 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9745_sod15306.pdf
2016-06-14 21:18 - 2016-06-14 21:18 - 00681962 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9746_sod15307.pdf
2016-06-14 20:48 - 2016-06-14 20:49 - 00260559 _____ C:\Users\home\Downloads\APP100__P.808016.__.478201.___.I01.R.____.20160614081708.pdf
2016-06-14 20:47 - 2016-06-14 20:47 - 00264341 _____ C:\Users\home\Downloads\APP100__P.831016.__.478270.___.I01.R.____.20160614111252.pdf
2016-06-14 20:31 - 2016-06-14 20:31 - 00777557 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9744_sod15301.pdf
2016-06-12 16:31 - 2016-06-12 16:31 - 00680991 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9588_sod14925.pdf
2016-06-12 05:58 - 2016-06-12 05:58 - 00682040 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9561_sod14914.pdf
2016-06-12 05:57 - 2016-06-12 05:57 - 00681598 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9562_sod14913.pdf
2016-06-12 05:56 - 2016-06-12 05:56 - 00776825 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9563_sod14912.pdf
2016-06-12 05:54 - 2016-06-12 05:54 - 00681980 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s9564_sod14911.pdf
2016-06-11 18:32 - 2016-06-19 06:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-03 17:55 - 2016-06-03 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-30 20:13 - 2016-05-30 20:13 - 00155308 _____ C:\Users\home\Downloads\order_history(2)
2016-05-30 20:12 - 2016-05-30 20:12 - 00155308 _____ C:\Users\home\Downloads\order_history(1)
2016-05-30 20:12 - 2016-05-30 20:12 - 00155308 _____ C:\Users\home\Downloads\order_history
2016-05-30 17:16 - 2016-05-30 17:16 - 00781437 _____ C:\Users\home\Downloads\Rick Wenzel 1685 S River Saginaw, MI 48609 - Lloyds of London Approved Quote_1.pdf
2016-05-30 17:16 - 2016-05-30 17:16 - 00781437 _____ C:\Users\home\Downloads\Rick Wenzel 1685 S River Saginaw, MI 48609 - Lloyds of London Approved Quote_1(2).pdf
2016-05-30 17:16 - 2016-05-30 17:16 - 00781437 _____ C:\Users\home\Downloads\Rick Wenzel 1685 S River Saginaw, MI 48609 - Lloyds of London Approved Quote_1(1).pdf
2016-05-30 17:15 - 2016-05-30 17:15 - 00683218 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s8870_sod13900(1).pdf
2016-05-30 17:11 - 2016-05-30 17:11 - 00683087 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s8745_sod13674.pdf
2016-05-29 18:17 - 2016-05-29 18:17 - 00682948 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s8909_sod13905.pdf
2016-05-29 18:16 - 2016-05-29 18:16 - 00697775 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s8908_sod13904.pdf
2016-05-29 18:14 - 2016-05-29 18:14 - 00777762 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s8907_sod13903.pdf
2016-05-29 18:13 - 2016-05-29 18:13 - 00681254 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s8906_sod13902.pdf
2016-05-27 20:04 - 2016-05-27 20:04 - 00682149 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s8870_sod13900.pdf
2016-05-22 21:26 - 2016-05-22 21:26 - 00783333 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s8461_sod13133.pdf
2016-05-22 21:22 - 2016-05-22 21:22 - 00130865 _____ C:\Users\home\Downloads\sub_c44_p12_o30_s6978_sod13376.pdf
2016-05-22 21:18 - 2016-05-22 21:18 - 00783040 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s7461_sod11445.pdf
2016-05-22 21:17 - 2016-05-22 21:17 - 00750815 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s7289_sod11192.pdf
2016-05-22 21:16 - 2016-05-22 21:16 - 00686640 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s7459_sod11480.pdf
2016-05-22 21:13 - 2016-05-22 21:13 - 00703287 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s6647_sod9892.pdf
2016-05-22 20:59 - 2016-05-22 20:59 - 00262521 _____ C:\Users\home\Downloads\APP100__P.808016.__.469698.___.I01.R.____.20160428163332.pdf
2016-05-22 20:54 - 2016-05-22 20:54 - 00782378 _____ C:\Users\home\Downloads\sub_c44_p12_o27_s8551_sod13289.pdf
2016-05-22 20:47 - 2016-05-22 20:47 - 00297888 _____ C:\Users\home\Downloads\sub_c44_p12_o36_s1443_sod13319.pdf
2016-05-22 20:45 - 2016-05-22 20:45 - 04627914 _____ C:\Users\home\Downloads\sub_c44_p12_o32_s1443_sod12951(1).pdf
2016-05-22 20:40 - 2016-05-22 20:40 - 00260802 _____ C:\Users\home\Downloads\APP100__P.808016.__.474683.___.I01.R.____.20160522183929.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-19 18:07 - 2015-11-26 12:58 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-19 18:07 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-19 18:05 - 2015-05-31 18:42 - 00000000 ____D C:\Users\home\AppData\LocalLow\LastPass
2016-06-19 18:03 - 2016-02-23 21:30 - 00000000 ___RD C:\Users\home\Dropbox
2016-06-19 18:02 - 2015-11-26 13:28 - 00000000 __SHD C:\Users\home\IntelGraphicsProfiles
2016-06-19 18:02 - 2015-11-26 12:56 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-19 18:02 - 2015-05-31 18:30 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-19 18:01 - 2016-02-23 20:34 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-19 18:01 - 2015-11-26 13:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-19 18:01 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-06-19 18:01 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-19 18:01 - 2015-05-31 18:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-19 18:00 - 2015-06-05 19:41 - 00000000 ____D C:\ProgramData\APN
2016-06-19 17:50 - 2016-02-23 20:34 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-19 17:40 - 2015-05-31 18:30 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-19 17:31 - 2015-06-05 07:52 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-19 16:06 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-19 00:14 - 2015-06-04 20:55 - 00000000 ____D C:\ProgramData\IBackup
2016-06-18 21:32 - 2014-07-18 18:59 - 00000000 ____D C:\Users\home\Documents\My Scans
2016-06-18 20:51 - 2008-12-07 12:30 - 01441792 _____ C:\Users\home\Desktop\address.mdb
2016-06-18 06:45 - 2015-05-31 19:14 - 00000000 ____D C:\Users\home\AppData\Roaming\Adobe
2016-06-18 05:45 - 2014-07-17 14:38 - 00601088 _____ C:\Users\home\Documents\My Checkbook Accounts.mcbd
2016-06-18 05:41 - 2015-12-12 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Upwork
2016-06-18 05:41 - 2015-12-12 21:27 - 00000000 ____D C:\Program Files (x86)\Upwork
2016-06-18 05:38 - 2015-05-31 19:40 - 00003072 _____ C:\Users\home\AppData\Roaming\com.surprisesoftware.mycheckbook.preferences
2016-06-17 18:03 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-16 01:02 - 2015-11-28 07:27 - 00000000 ____D C:\Users\DefaultAppPool
2016-06-16 01:02 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-16 01:02 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-06-16 01:02 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-06-16 01:02 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-06-16 01:02 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-06-16 01:01 - 2016-04-23 08:46 - 00000000 ____D C:\WINDOWS\SysWOW64\webclient
2016-06-16 01:01 - 2016-04-12 19:20 - 00000000 ____D C:\ProgramData\FLEXnet
2016-06-16 01:01 - 2016-03-05 08:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LTSWebComponents
2016-06-16 01:01 - 2016-03-05 08:53 - 00000000 ____D C:\Program Files (x86)\LTS Web Components
2016-06-16 01:01 - 2015-08-02 19:30 - 00000000 ____D C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\MyLiveChat
2016-06-16 01:01 - 2015-05-31 19:13 - 00000000 ____D C:\Users\home\AppData\Roaming\Thunderbird
2016-06-16 01:01 - 2015-05-31 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-06-16 00:57 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\registration
2016-06-16 00:57 - 2015-06-07 19:06 - 00000000 ____D C:\Users\home\AppData\Roaming\Skype
2016-06-15 22:03 - 2015-12-09 20:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-15 22:00 - 2015-12-09 20:02 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-15 21:33 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-15 21:04 - 2015-11-26 12:59 - 00000000 ____D C:\Users\home
2016-06-15 21:04 - 2015-06-02 07:46 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-06-15 20:38 - 2016-03-05 08:53 - 00000000 ___HD C:\Users\home\LTSWebComponents
2016-06-15 20:29 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-11 16:46 - 2015-06-03 13:27 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-11 16:41 - 2015-05-31 18:31 - 00002150 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-06-11 16:41 - 2015-05-31 18:31 - 00002148 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-06-11 16:41 - 2015-05-31 18:31 - 00002138 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-06-11 16:41 - 2015-05-31 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-06-03 17:55 - 2016-02-23 20:34 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-05-23 19:34 - 2015-11-26 13:33 - 00002397 _____ C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-23 19:34 - 2015-11-26 13:33 - 00000000 ___RD C:\Users\home\OneDrive
2016-05-21 17:20 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2015-05-31 18:43 - 2015-05-31 18:43 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-05-31 19:40 - 2016-06-18 05:38 - 0003072 _____ () C:\Users\home\AppData\Roaming\com.surprisesoftware.mycheckbook.preferences
2015-05-31 19:38 - 2015-05-31 19:39 - 0000694 _____ () C:\Users\home\AppData\Roaming\My Checkbook Preferences
2016-06-15 10:06 - 2016-06-15 10:06 - 0000000 _____ () C:\Users\home\AppData\Local\run.txt
2016-06-15 10:08 - 2016-06-15 10:08 - 0000001 _____ () C:\Users\home\AppData\Local\setupsuccessful.txt
2016-06-15 10:06 - 2016-06-15 10:08 - 0000000 _____ () C:\Users\home\AppData\Local\stxtname.txt
2015-08-25 16:39 - 2015-08-25 16:39 - 0000006 __RSH () C:\ProgramData\c759caa57bcfa4c287385479acbaa825be057576
2015-05-31 19:13 - 2015-05-31 19:41 - 0001618 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\home\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-15 21:58

==================== End of FRST.txt ============================

 

Link to post
Share on other sites

Hello and :welcome:

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked. option is checked.

    2873ryc.png

  • Press Scan button and wait.

  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please attach report into your next reply.

Link to post
Share on other sites

Please uninstall Coupon Printer for Windows from your Control Panel.

When you finish with FRST fix in next step, you will find Upload.zip archive on your Desktop. Upload it in your next reply.

 

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif


icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.