dsenn Posted July 11, 2016 ID:1050508 Share Posted July 11, 2016 MalwareBytes gives me warnings up to a few times per day about Trojan.Agent.ENM being discovered and quarentined. I am running NAV, MB, and RUBotted. Can anyone help me remove this infection? I ran FRST and attached the resultant files. I am running Stinger right now. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted July 12, 2016 ID:1050560 Share Posted July 12, 2016 Hello dsenn and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen. NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties" In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK" Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location..... Next, Follow the instructions in the following link to show hidden files:http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ Next, Download RKill from here: http://www.bleepingcomputer.com/download/rkill/ There are three buttons to choose from with different names on, select the first one and save it to your desktop. Double-click on the Rkill desktop icon to run the tool. If using Vista or Windows 7/8/10, right-click on it and Run As Administrator. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply. If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time. If the tool does not run from any of the links provided, please let me know. Next, Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. When the scan is complete Apply Actions to any found entries. Wait for the prompt to restart the computer to appear (if applicable), then click on Yes. After the restart once you are back at your desktop, open MBAM once more. To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to replyXML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Also post a recent Protection log: Click on the History tab > Application Logs. Double click on the Protection Log which shows the most recent Date and time.. Click Export > From export you have three options: > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Link to post Share on other sites More sharing options...
dsenn Posted July 12, 2016 Author ID:1050593 Share Posted July 12, 2016 Rkill 2.8.4 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/ Copyright 2008-2016 BleepingComputer.com More Information about Rkill can be found at this link:http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 07/12/2016 07:37:40 AM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: Checking Windows Service Integrity: * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual * EFS [Missing Service] * KeyIso [Missing Service] * Netlogon [Missing Service] * ProtectedStorage [Missing Service] * Windows Defender (WinDefend) is not Running. Startup Type set to: Manual * EFS [Missing Service] * KeyIso [Missing Service] * Netlogon [Missing Service] * ProtectedStorage [Missing Service] * TBS [Missing Service] * VaultSvc [Missing Service] * TBS [Missing Service] * VaultSvc [Missing Service] * SamSs [Missing ImagePath] * SamSs [Missing ImagePath] Searching for Missing Digital Signatures: Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: Checking HOSTS File: * No issues found. Program finished at: 07/12/2016 07:44:09 AM Execution time: 0 hours(s), 8 minute(s), and 26 seconds(s) * No issues found. Program finished at: 07/12/2016 07:44:10 AM Execution time: 0 hours(s), 6 minute(s), and 29 seconds(s) SCAN LOG from MalwareBytes Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/12/2016 Scan Time: 8:49 AM Logfile: Administrator: No Version: 0.0.0.0000 Malware Database: v2016.07.12.07 Rootkit Database: v2016.05.27.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Mom_and_Dad Scan Type: Threat Scan Result: Completed Objects Scanned: 388352 Time Elapsed: 56 min, 13 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) AND Malwarebytes Anti-Malware www.malwarebytes.org Update, 7/12/2016 12:04 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 12:07 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 12:19 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 12:22 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 12:34 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 12:37 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 12:49 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 12:52 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 1:04 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 1:07 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 1:19 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 1:22 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 1:34 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 1:37 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 1:49 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 1:52 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 2:04 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 2:07 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 2:19 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 2:22 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 2:34 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 2:37 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 2:49 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 2:52 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 3:04 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 3:07 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 3:19 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 3:22 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 3:34 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 3:37 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 3:49 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 3:52 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 4:04 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 4:07 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 4:19 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 4:22 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 4:34 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 4:37 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 4:49 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 4:52 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 5:04 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 5:07 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 5:19 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 5:22 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 5:34 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 5:37 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 5:49 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 5:52 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 6:04 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 6:07 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 6:19 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 6:22 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 6:34 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 6:37 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 6:49 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, No Internet connection detected, Update, 7/12/2016 6:52 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Failed, Unable to access update server, Update, 7/12/2016 7:04 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Malware Database, 2016.7.11.10, 2016.7.12.6, Protection, 7/12/2016 7:04 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Starting, Protection, 7/12/2016 7:04 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopping, Protection, 7/12/2016 7:04 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopped, Protection, 7/12/2016 7:05 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Success, Protection, 7/12/2016 7:05 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/12/2016 7:05 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, Scan, 7/12/2016 7:13 AM, SYSTEM, MOM_AND_DAD-HP, Manual, Start:7/12/2016 7:10 AM, Duration:2 min 50 sec, Threat Scan, Cancelled, 0 Malware Detections, 0 Non-Malware Detections, Protection, 7/12/2016 7:19 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malware Protection, Starting, Protection, 7/12/2016 7:19 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malware Protection, Started, Protection, 7/12/2016 7:19 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/12/2016 7:19 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, Update, 7/12/2016 7:52 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Malware Database, 2016.7.12.6, 2016.7.12.7, Protection, 7/12/2016 7:52 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Starting, Protection, 7/12/2016 7:52 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopping, Protection, 7/12/2016 7:52 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopped, Protection, 7/12/2016 7:52 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Success, Protection, 7/12/2016 7:52 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/12/2016 7:52 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, Update, 7/12/2016 8:49 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, IP Database, 2016.7.11.1, 2016.7.12.1, Update, 7/12/2016 8:49 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Domain Database, 2016.7.11.7, 2016.7.12.1, Protection, 7/12/2016 8:49 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Starting, Protection, 7/12/2016 8:49 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopping, Protection, 7/12/2016 8:49 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopped, Scan, 7/12/2016 8:49 AM, SYSTEM, MOM_AND_DAD-HP, Manual, Start:7/12/2016 7:52 AM, Duration:56 min 13 sec, Threat Scan, Completed, 1 Malware Detection, 0 Non-Malware Detections, Protection, 7/12/2016 8:50 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Success, Protection, 7/12/2016 8:50 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/12/2016 8:50 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Failed, Error, 7/12/2016 8:50 AM, SYSTEM, MOM_AND_DAD-HP, Protection, MWAC::CreateList - Rules IP Block List, 536870924, Protection, 7/12/2016 8:53 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malware Protection, Starting, Protection, 7/12/2016 8:53 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malware Protection, Started, Protection, 7/12/2016 8:53 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/12/2016 8:54 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, Update, 7/12/2016 9:04 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Malware Database, 2016.7.12.7, 2016.7.12.8, Protection, 7/12/2016 9:04 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Starting, Protection, 7/12/2016 9:04 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopping, Protection, 7/12/2016 9:04 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopped, Protection, 7/12/2016 9:04 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Success, Protection, 7/12/2016 9:04 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/12/2016 9:04 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, (end) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
kevinf80 Posted July 12, 2016 ID:1050598 Share Posted July 12, 2016 Run FRST again, make sure to use an account with Administrator status, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs.... Next, Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/ Quit all running programs. For Windows XP, double-click to start. For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run. Read and accept the EULA (End User Licene Agreement) Click Scan to scan the system. When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open. Close the program > Don't Fix anything! Let me see those logs in your reply.. Thank you, Kevin. Link to post Share on other sites More sharing options...
dsenn Posted July 12, 2016 Author ID:1050621 Share Posted July 12, 2016 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015 Ran by Mom_and_Dad (ATTENTION: The user is not administrator) on MOM_AND_DAD-HP (12-07-2016 10:13:07) Running from C:\Users\Mom_and_Dad\Downloads Loaded Profiles: Mom_and_Dad (Available Profiles: Mom_and_Dad & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 10 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> winlogon.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> lsm.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> stacsv64.exe Failed to access process -> svchost.exe Failed to access process -> WTabletServicePro.exe Failed to access process -> svchost.exe Failed to access process -> spoolsv.exe Failed to access process -> svchost.exe Failed to access process -> PhotoshopElementsFileAgent.exe Failed to access process -> armsvc.exe Failed to access process -> AdobeUpdateService.exe Failed to access process -> AESTSr64.exe Failed to access process -> AGSService.exe Failed to access process -> mainserv.exe Failed to access process -> AppleMobileDeviceService.exe Failed to access process -> mDNSResponder.exe Failed to access process -> bzserv.exe Failed to access process -> officeclicktorun.exe Failed to access process -> slimsvc.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> PresentationFontCache.exe Failed to access process -> GarminService.exe Failed to access process -> HPClientServices.exe Failed to access process -> HPSupportSolutionsFrameworkService.exe Failed to access process -> ITMRTSVC.exe Failed to access process -> mbae-svc.exe Failed to access process -> mbamscheduler.exe Failed to access process -> mbae64.exe Failed to access process -> conhost.exe Failed to access process -> mbamservice.exe Failed to access process -> nav.exe Failed to access process -> nst.exe Failed to access process -> NOBuAgent.exe Failed to access process -> pdfsvc.exe Failed to access process -> QBCFMonitorService.exe Failed to access process -> RNowSvc.exe Failed to access process -> RUBotSrv.exe Failed to access process -> SeaPort.EXE Failed to access process -> sftvsa.exe Failed to access process -> svchost.exe Failed to access process -> WLIDSVC.EXE Failed to access process -> dataserv.exe Failed to access process -> sftlist.exe Failed to access process -> WLIDSVCM.EXE Failed to access process -> vmware-usbarbitrator64.exe Failed to access process -> CVHSVC.EXE Failed to access process -> SearchIndexer.exe Failed to access process -> svchost.exe Failed to access process -> WUDFHost.exe Failed to access process -> PhotoshopElementsFileAgent.exe Failed to access process -> GenieTimelineService.exe Failed to access process -> GoProDeviceDetection.exe Failed to access process -> HPSA_Service.exe Failed to access process -> GoogleCrashHandler.exe Failed to access process -> GoogleCrashHandler64.exe Failed to access process -> wmpnetwk.exe (Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimeLineAgent.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe Failed to access process -> WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe Failed to access process -> Wacom_Tablet.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\PTIM.exe (Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe (Akamai Technologies, Inc.) C:\Users\Mom_and_Dad\AppData\Local\Akamai\netsession_win.exe (Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\ptSrv.exe (AT&T) C:\Users\Mom_and_Dad\AppData\Local\ATT Connect\Participant\ConnectLauncher.exe (Creative Home) C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2013 Deluxe\Planner\PLNRnote.exe (Akamai Technologies, Inc.) C:\Users\Mom_and_Dad\AppData\Local\Akamai\netsession_win.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe Failed to access process -> iPodService.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\nav.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe Failed to access process -> bztransmit64.exe Failed to access process -> conhost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe Failed to access process -> SearchProtocolHost.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\51.0.2704.103\nacl64.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\51.0.2704.103\nacl64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coNatHst.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe Failed to access process -> SearchFilterHost.exe Failed to access process -> taskhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard ) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated) HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [1088944 2016-05-12] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.) HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1532760 2011-06-14] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [567320 2011-02-08] (PDF Complete Inc) HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.) HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-05-27] (Adobe Systems Inc.) HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-06-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24204648 2016-07-05] (Dropbox, Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1010144 2016-05-31] (DivX, LLC) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-10] (Google Inc.) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [Google Update] => C:\Users\Mom_and_Dad\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [PTIM.exe] => C:\Program Files (x86)\WebEx\Productivity Tools\PTIM.exe [419344 2014-01-16] (Cisco WebEx LLC) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [371728 2014-01-16] (Cisco WebEx LLC) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-25] (Adobe Systems Incorporated) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Mom_and_Dad\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [Launch AT&T Connect Participant application] => C:\Users\Mom_and_Dad\AppData\Local\ATT Connect\Participant\ConnectLauncher.exe [312600 2015-04-22] (AT&T) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [] => [X] HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [882872 2016-05-27] (Adobe Systems Incorporated) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\RunOnce: [Application Restart #3] => C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [591528 2016-07-07] () HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2016-04-22] (Apple Inc.) AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(3).dll [88376 2013-07-24] (Zemana Ltd.) AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(3).dll [81160 2013-07-24] (Zemana Ltd.) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\x86\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\Genie9\Genie Timeline\x86\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\Genie9\Genie Timeline\x86\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\x86\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\x86\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2015-11-29] ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk [2011-11-28] ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2013 Deluxe\Planner\PLNRnote.exe (Creative Home) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2011-11-28] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Users\Mom_and_Dad\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-07-01] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{A8035D7D-E835-41E2-AAEA-91001C7B38F1}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ HKU\S-1-5-21-606606202-2619191921-1690171143-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {6CC66D7C-BD70-49AC-8C80-6BF8F94FCBC3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-606606202-2619191921-1690171143-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-606606202-2619191921-1690171143-1001 -> {6CC66D7C-BD70-49AC-8C80-6BF8F94FCBC3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-606606202-2619191921-1690171143-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = SearchScopes: HKU\S-1-5-21-606606202-2619191921-1690171143-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\S-1-5-21-606606202-2619191921-1690171143-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation) BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll [2014-01-16] (Cisco WebEx LLC) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.) BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation) BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-15] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll [2014-01-16] (Cisco WebEx LLC) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.) BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation) BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.425.1\NativeBHO.dll [2014-04-28] (WhiteSky) BHO-x32: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll No File BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-15] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll [2014-01-16] (Cisco WebEx LLC) Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.) Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll [2014-01-16] (Cisco WebEx LLC) Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.) Toolbar: HKU\S-1-5-21-606606202-2619191921-1690171143-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.) Toolbar: HKU\S-1-5-21-606606202-2619191921-1690171143-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-606606202-2619191921-1690171143-1001 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation) DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} hxxps://vpn.ual.com/CSHELL/extender.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2012-05-12] (Intuit, Inc.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Mom_and_Dad\AppData\Roaming\Mozilla\Firefox\Profiles\nc5kh6a3.default FF NewTab: hxxp://www.google.com/ FF DefaultSearchEngine.US: Google FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q= FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com FF Session Restore: -> is enabled. FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll [No File] FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-05-13] (DivX, LLC) FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-05-30] (GARMIN Corp.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-15] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-15] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] () FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin HKU\S-1-5-21-606606202-2619191921-1690171143-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin HKU\S-1-5-21-606606202-2619191921-1690171143-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn [2016-07-12] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-17] FF HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Firefox\Extensions: [ocplugin@webex.com] - C:\Program Files (x86)\WebEx\Productivity Tools FF Extension: WebEx Productivity Tools - C:\Program Files (x86)\WebEx\Productivity Tools [2014-02-21] Chrome: ======= CHR Profile: C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-09] CHR Extension: (Google Drive) - C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-09] CHR Extension: (YouTube) - C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-09] CHR Extension: (Google Search) - C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-09] CHR Extension: (HMA! IP Checker) - C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjonigebafgfomfofbodcbbijbibokl [2014-08-24] CHR Extension: (Google Docs Offline) - C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03] CHR Extension: (Norton Identity Safe) - C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-03-25] CHR Extension: (Chrome Web Store Payments) - C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Norton Security Toolbar) - C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-03-02] CHR Extension: (Gmail) - C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-09] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24] StartMenuInternet: Google Chrome - C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated) R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated) R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric) R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 bzserv; C:\Program Files (x86)\Backblaze\bzserv.exe [354984 2016-07-07] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009776 2016-05-27] (Microsoft Corporation) R2 cpextender; C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [368272 2014-01-16] (Check Point Software Technologies) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-29] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-29] (Dropbox, Inc.) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-11-10] (Macrovision Europe Ltd.) [File not signed] R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries) R2 GenieTimelineService; C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe [678464 2013-12-08] (Genie9) R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-05-12] () R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [72992 2014-07-07] (Hewlett-Packard Company) R2 ITMRTSVC; C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe [283912 2007-09-26] (CA, Inc.) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\NAV.exe [262928 2015-03-07] (Symantec Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [818712 2011-02-08] (PDF Complete Inc) R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-12-22] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed] R2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.) R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2016-03-22] () <==== ATTENTION (zero byte File/Folder) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2016-01-11] (Wacom Technology, Corp.) S4 IDVaultSvc; "C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-05-04] (Zemana Ltd.) R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.6.0.32\Definitions\BASHDefs\20160711.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation) R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [321424 2010-11-30] (EldoS Corporation) R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-03] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-03] (Symantec Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-06-02] () S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [46960 2016-07-07] () R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.6.0.32\Definitions\IPSDefs\20160711.001\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation) R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-24] (Zemana Ltd.) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-11] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.6.0.32\Definitions\VirusDefs\20160712.001\ENG64.SYS [138456 2016-06-29] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.6.0.32\Definitions\VirusDefs\20160712.001\EX64.SYS [2148056 2016-06-29] (Symantec Corporation) R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.) R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] () R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NAVx64\1507000.00B\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-03-02] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation) U5 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [24688 2016-07-06] () S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments) R3 VNA; C:\Windows\System32\DRIVERS\vna.sys [161256 2014-01-16] (Check Point Software Technologies) S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X] S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] S3 NPF; system32\drivers\NPF.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-12 06:58 - 2016-07-12 06:58 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Mom_and_Dad\Desktop\rkill.com 2016-07-12 06:57 - 2016-07-12 06:57 - 00000126 ___RH C:\Users\Mom_and_Dad\Downloads\Stinger.opt 2016-07-12 06:53 - 2016-07-12 06:53 - 00000612 _____ C:\Users\Mom_and_Dad\Desktop\Stinger.txt 2016-07-11 18:12 - 2016-07-11 18:12 - 00001203 _____ C:\Users\Mom_and_Dad\Desktop\MB_2.txt 2016-07-11 16:51 - 2016-07-11 16:51 - 00003579 _____ C:\Users\Mom_and_Dad\Downloads\Fixlist.txt 2016-07-11 16:50 - 2016-07-12 10:14 - 00052048 _____ C:\Users\Mom_and_Dad\Downloads\FRST.txt 2016-07-11 16:49 - 2016-07-11 16:49 - 02193920 _____ (Farbar) C:\Users\Mom_and_Dad\Downloads\FRST64.exe 2016-07-11 16:46 - 2016-07-11 16:52 - 00048877 _____ C:\Users\Mom_and_Dad\Downloads\Addition.txt 2016-07-11 16:45 - 2016-07-11 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-07-11 16:44 - 2016-07-11 16:44 - 00000098 _____ C:\Users\Mom_and_Dad\Desktop\MB Notes.txt 2016-07-11 16:30 - 2016-07-11 16:38 - 00007752 _____ C:\Users\Mom_and_Dad\Desktop\MB_1.txt 2016-07-11 16:21 - 2016-07-12 03:28 - 00000826 _____ C:\Users\Mom_and_Dad\Downloads\Stinger_11072016_162126.html 2016-07-11 16:14 - 2016-07-11 16:14 - 16620912 _____ (McAfee Inc) C:\Users\Mom_and_Dad\Downloads\stinger32.exe 2016-07-10 11:31 - 2016-07-10 11:31 - 00000266 _____ C:\Users\Mom_and_Dad\Downloads\Items_masterlist (1).vcf 2016-07-10 11:29 - 2016-07-10 11:29 - 00000266 _____ C:\Users\Mom_and_Dad\Downloads\Items_masterlist.vcf 2016-07-07 10:31 - 2016-07-12 09:27 - 00000000 ____D C:\Program Files (x86)\Backblaze 2016-07-07 10:31 - 2016-07-07 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backblaze 2016-07-07 10:31 - 2016-07-07 10:31 - 00000000 ____D C:\ProgramData\Backblaze 2016-07-07 10:19 - 2016-07-07 10:19 - 00046960 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2016-07-07 10:05 - 2016-07-07 11:50 - 00000000 ____D C:\Users\Mom_and_Dad\Desktop\Wandering Boy 2016-07-06 22:16 - 2016-07-06 22:16 - 06433376 _____ C:\Users\Mom_and_Dad\Downloads\install_backblaze_senn.family1c47c.exe 2016-07-06 21:38 - 2016-07-12 10:13 - 00000000 ____D C:\FRST 2016-07-06 21:14 - 2016-07-06 21:49 - 00000000 ____D C:\EEK 2016-07-06 21:07 - 2016-07-06 21:07 - 00000860 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2016-07-06 21:07 - 2016-07-06 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2016-07-06 21:07 - 2016-07-06 21:07 - 00000000 ____D C:\Program Files\RogueKiller 2016-07-06 21:03 - 2016-07-06 21:03 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys 2016-07-06 21:02 - 2016-07-06 21:02 - 00000000 ____D C:\ProgramData\RogueKiller 2016-07-06 20:50 - 2016-07-06 20:50 - 00184768 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys 2016-07-06 20:50 - 2016-07-06 20:50 - 00173504 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2016-07-06 20:43 - 2016-07-06 20:43 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Mom_and_Dad\Downloads\tdsskiller.exe 2016-07-06 16:31 - 2016-07-06 16:31 - 00000826 _____ C:\Users\Mom_and_Dad\Desktop\Handbrake.lnk 2016-07-06 16:18 - 2016-07-06 16:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mom_and_Dad\Downloads\revosetup (2).exe 2016-07-06 11:33 - 2016-07-06 11:33 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mom_and_Dad\Downloads\revosetup (1).exe 2016-07-06 11:32 - 2016-07-06 11:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mom_and_Dad\Downloads\revosetup.exe 2016-06-30 17:17 - 2016-06-30 17:17 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2016-06-30 17:17 - 2016-06-30 17:17 - 00001139 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2016-06-29 12:33 - 2016-06-29 12:33 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-06-29 12:33 - 2016-06-29 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-06-29 12:32 - 2016-06-29 12:33 - 00000000 ____D C:\Program Files\iTunes 2016-06-29 12:32 - 2016-06-29 12:32 - 00000000 ____D C:\Program Files\iPod 2016-06-29 12:32 - 2016-06-29 12:32 - 00000000 ____D C:\Program Files (x86)\iTunes 2016-06-29 12:27 - 2016-06-29 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2016-06-26 16:46 - 2016-06-26 16:46 - 00000000 ____D C:\Users\Mom_and_Dad\Downloads\DXe_Setups 2016-06-26 16:35 - 2016-06-26 16:35 - 00097151 _____ C:\Users\Mom_and_Dad\Downloads\DXe_Setups.zip 2016-06-25 21:03 - 2016-06-25 21:03 - 12916946 _____ C:\Users\Mom_and_Dad\Downloads\EFLU4850_Hi.wmv 2016-06-25 17:11 - 2016-06-25 17:11 - 11023608 _____ C:\Users\Mom_and_Dad\Downloads\EFLU4780.wmv 2016-06-25 16:45 - 2016-06-26 16:50 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Roaming\Horizon Hobby 2016-06-25 16:41 - 2016-06-25 16:41 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spektrum Programmer.lnk 2016-06-25 16:41 - 2016-06-25 16:41 - 00001111 _____ C:\Users\Public\Desktop\Spektrum Programmer.lnk 2016-06-25 16:37 - 2016-06-25 16:41 - 00000000 ____D C:\Program Files (x86)\Spektrum Programmer 2016-06-25 16:32 - 2016-06-25 16:32 - 15408536 _____ C:\Users\Mom_and_Dad\Downloads\Spektrum_Programmer-installer-2.0.0.0.exe 2016-06-17 07:34 - 2016-06-17 07:34 - 00000810 _____ C:\Users\Public\Desktop\GoPro Studio.lnk 2016-06-17 07:34 - 2016-06-17 07:34 - 00000000 ____D C:\Program Files (x86)\GoPro 2016-06-17 07:33 - 2016-06-17 07:33 - 00000860 _____ C:\Users\Public\Desktop\GoPro.lnk 2016-06-17 07:32 - 2016-06-17 07:32 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2016-06-17 07:32 - 2016-06-17 07:32 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2016-06-17 07:32 - 2016-06-17 07:32 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2016-06-17 07:32 - 2016-06-17 07:32 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2016-06-17 07:32 - 2016-06-17 07:32 - 00000000 ____D C:\Program Files\GoPro 2016-06-17 07:32 - 2016-06-17 07:32 - 00000000 ____D C:\Program Files (x86)\OpenAL 2016-06-16 15:42 - 2016-06-16 15:42 - 00316352 _____ (FTDI Ltd.) C:\Windows\system32\ftd2xx.dll 2016-06-16 15:42 - 2016-06-16 15:42 - 00274880 _____ (FTDI Ltd.) C:\Windows\system32\FTLang.dll 2016-06-16 15:42 - 2016-06-16 15:42 - 00274368 _____ (FTDI Ltd.) C:\Windows\SysWOW64\ftd2xx.dll 2016-06-16 15:42 - 2016-06-16 15:42 - 00168384 _____ (FTDI Ltd.) C:\Windows\system32\ftbusui.dll 2016-06-16 15:42 - 2016-06-16 15:42 - 00108352 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\ftdibus.sys 2016-06-16 14:16 - 2016-06-16 14:16 - 00000000 ____D C:\Users\Mom_and_Dad\Documents\MaxCut Jobs 2016-06-16 13:56 - 2016-06-20 16:50 - 00000000 ____D C:\ProgramData\Maxima Software 2016-06-16 13:56 - 2016-06-16 13:56 - 00000000 ____D C:\Users\Administrator\AppData\Local\IsolatedStorage 2016-06-16 13:53 - 2016-06-16 13:54 - 52120560 _____ (Maxima Software (Pty) Ltd) C:\Users\Mom_and_Dad\Downloads\maxcutsetup.exe 2016-06-16 09:45 - 2016-06-16 09:48 - 196443168 _____ (GoPro, Inc.) C:\Users\Mom_and_Dad\Downloads\GoProStudioPC-2.5.9.2658.exe 2016-06-15 09:01 - 2016-06-06 10:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-06-15 09:01 - 2016-06-06 10:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-06-15 09:01 - 2016-06-03 07:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-06-15 09:01 - 2016-05-27 07:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-06-15 09:01 - 2016-05-27 07:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-06-15 09:01 - 2016-05-27 07:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-06-15 09:01 - 2016-05-27 07:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2016-06-15 09:01 - 2016-05-22 07:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-06-15 09:01 - 2016-05-18 10:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-06-15 09:01 - 2016-05-18 10:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-06-15 09:01 - 2016-05-13 16:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-06-15 09:01 - 2016-05-13 16:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-06-15 09:01 - 2016-05-13 16:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-06-15 09:01 - 2016-05-13 16:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2016-06-15 09:01 - 2016-05-13 16:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2016-06-15 09:01 - 2016-05-13 15:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-06-15 09:01 - 2016-05-13 15:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2016-06-15 09:01 - 2016-05-13 15:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2016-06-15 09:01 - 2016-05-13 15:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2016-06-15 09:01 - 2016-05-13 15:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-06-15 09:01 - 2016-05-12 11:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-06-15 09:01 - 2016-05-12 11:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-06-15 09:01 - 2016-05-12 11:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-06-15 09:01 - 2016-05-12 11:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-06-15 09:01 - 2016-05-12 11:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll 2016-06-15 09:01 - 2016-05-12 11:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-06-15 09:01 - 2016-05-12 11:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-06-15 09:01 - 2016-05-12 11:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL 2016-06-15 09:01 - 2016-05-12 11:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-06-15 09:01 - 2016-05-12 09:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-06-15 09:01 - 2016-05-12 09:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-06-15 09:01 - 2016-05-12 08:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-06-15 09:01 - 2016-05-12 08:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-06-15 09:01 - 2016-05-12 08:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-06-15 09:01 - 2016-05-12 08:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-06-15 09:01 - 2016-05-12 08:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-06-15 09:01 - 2016-05-12 08:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-06-15 09:01 - 2016-05-12 08:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-06-15 09:01 - 2016-05-12 08:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-06-15 09:01 - 2016-05-12 08:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-06-15 09:01 - 2016-05-12 07:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-06-15 09:01 - 2016-05-12 07:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2016-06-15 09:01 - 2016-05-12 07:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2016-06-15 09:01 - 2016-05-11 11:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll 2016-06-15 09:01 - 2016-05-11 11:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2016-06-15 09:01 - 2016-05-11 11:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2016-06-15 09:01 - 2016-05-11 11:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll 2016-06-15 09:01 - 2016-05-11 09:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll 2016-06-15 09:01 - 2016-05-11 09:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll 2016-06-15 09:01 - 2016-05-11 09:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2016-06-15 09:01 - 2016-05-11 09:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll 2016-06-15 09:01 - 2016-05-11 09:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe 2016-06-15 09:01 - 2016-05-11 09:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe 2016-06-15 09:01 - 2016-05-11 08:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2016-06-15 09:01 - 2016-04-14 10:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2016-06-15 09:01 - 2016-04-14 10:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2016-06-15 09:01 - 2016-04-14 10:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-06-15 09:01 - 2016-04-14 10:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2016-06-15 09:01 - 2016-04-14 10:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2016-06-15 09:01 - 2016-04-14 10:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2016-06-15 09:01 - 2016-04-14 09:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2016-06-15 09:01 - 2016-04-14 09:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-06-15 09:01 - 2016-04-14 09:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2016-06-15 09:01 - 2016-04-14 09:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2016-06-15 09:01 - 2016-04-14 09:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2016-06-15 09:01 - 2016-04-14 09:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2016-06-15 09:01 - 2016-04-09 00:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-06-15 09:01 - 2016-04-09 00:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2016-06-15 09:01 - 2016-04-09 00:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-06-15 09:01 - 2016-04-09 00:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2016-06-15 09:01 - 2016-04-08 23:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2016-06-15 09:01 - 2016-04-08 23:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-12 10:10 - 2015-03-29 14:44 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-07-12 10:01 - 2013-07-22 11:31 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Local\A1F1CFB1-510C-49B3-A73A-E446CD26EA6C.aplzod 2016-07-12 09:55 - 2011-09-20 17:48 - 01710484 _____ C:\Windows\WindowsUpdate.log 2016-07-12 09:44 - 2011-11-10 19:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-12 09:43 - 2011-12-16 10:59 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606606202-2619191921-1690171143-1001UA.job 2016-07-12 09:32 - 2015-06-29 14:19 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-07-12 09:27 - 2015-03-29 14:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2016-07-12 09:20 - 2012-04-02 08:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-07-12 09:08 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-12 09:08 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-12 09:05 - 2015-11-15 17:54 - 00000000 ___RD C:\Users\Mom_and_Dad\Creative Cloud Files 2016-07-12 09:05 - 2015-11-15 16:26 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-07-12 09:05 - 2011-11-10 22:00 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Local\Adobe 2016-07-12 09:04 - 2012-05-31 19:18 - 00000000 ___RD C:\Users\Mom_and_Dad\Dropbox 2016-07-12 09:03 - 2015-06-29 14:19 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-07-12 09:03 - 2011-11-10 19:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-12 08:53 - 2011-09-20 17:59 - 00000000 ____D C:\ProgramData\PDFC 2016-07-12 08:52 - 2014-05-11 17:52 - 00032302 _____ C:\Windows\setupact.log 2016-07-12 08:52 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-12 08:51 - 2014-05-11 17:51 - 00009912 _____ C:\Windows\errord.log 2016-07-12 08:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\tracing 2016-07-12 07:17 - 2014-05-11 17:52 - 00735418 _____ C:\Windows\PFRO.log 2016-07-12 07:15 - 2013-10-09 09:25 - 00000000 ____D C:\Users\Administrator\AppData\Local\9FE687CB-5E9E-4F44-8CA5-343257504280.aplzod 2016-07-12 07:10 - 2011-09-20 18:02 - 00000000 ____D C:\ProgramData\Norton 2016-07-11 18:44 - 2011-09-20 17:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-07-11 17:43 - 2011-12-16 10:59 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606606202-2619191921-1690171143-1001Core.job 2016-07-11 17:05 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF 2016-07-11 16:45 - 2015-06-29 14:19 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-07-11 16:19 - 2016-04-26 12:08 - 00000000 ___RD C:\Users\Administrator\Creative Cloud Files 2016-07-11 16:19 - 2014-09-16 07:44 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe 2016-07-11 16:19 - 2011-11-28 11:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps 2016-07-11 16:18 - 2015-11-27 11:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-07-11 16:18 - 2014-12-03 11:26 - 00000000 ___RD C:\Users\Administrator\iCloudDrive 2016-07-07 11:15 - 2016-03-19 10:41 - 00000033 _____ C:\Users\Mom_and_Dad\AppData\Roaming\AdobeWLCMCache.dat 2016-07-07 10:31 - 2012-05-09 17:29 - 00000000 ___HD C:\.bzvol 2016-07-06 22:06 - 2011-11-29 11:24 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Local\CrashDumps 2016-07-06 21:01 - 2011-11-28 12:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2016-07-06 20:55 - 2013-07-12 15:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\NPE 2016-07-06 20:47 - 2011-11-12 09:17 - 00000000 ____D C:\Users\Administrator 2016-07-06 20:42 - 2013-09-09 17:14 - 00000000 ____D C:\Users\Mom_and_Dad\Downloads\ZoneAlarm 2016-07-06 20:42 - 2013-07-19 14:38 - 00000000 ____D C:\Users\Mom_and_Dad\Downloads\inSSIDer 2016-07-06 16:31 - 2014-01-07 17:44 - 00000000 ____D C:\Program Files\Handbrake 2016-07-06 16:22 - 2012-04-24 14:15 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Roaming\HandBrake 2016-07-06 11:37 - 2014-06-22 11:38 - 00000286 _____ C:\Windows\system32\.crusader 2016-06-30 17:23 - 2016-02-17 10:09 - 00000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs 2016-06-30 17:18 - 2014-03-28 21:30 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2016-06-30 17:15 - 2014-09-23 10:52 - 00000000 ____D C:\ProgramData\Package Cache 2016-06-30 17:15 - 2011-09-20 17:58 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-06-29 12:32 - 2011-11-11 07:29 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-06-28 21:02 - 2015-03-30 21:30 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Roaming\avidemux 2016-06-28 20:30 - 2016-03-19 18:26 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Roaming\OBS 2016-06-26 16:34 - 2009-07-13 23:13 - 00791808 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-25 16:41 - 2015-04-27 21:22 - 00009196 _____ C:\Windows\DPINST.LOG 2016-06-24 07:27 - 2013-05-25 20:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-06-24 07:26 - 2013-05-25 20:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-06-23 21:54 - 2013-05-25 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-06-23 21:44 - 2016-03-20 15:57 - 00000000 ____D C:\Users\Mom_and_Dad\Documents\Illustrator Projects 2016-06-23 11:31 - 2012-01-21 14:46 - 00000000 ____D C:\Users\Public\Downloads\Norton 2016-06-22 13:49 - 2015-03-29 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2016-06-21 12:52 - 2011-11-10 17:19 - 00000000 ____D C:\ProgramData\HP 2016-06-17 12:46 - 2011-12-16 10:59 - 00002366 _____ C:\Users\Mom_and_Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-17 12:46 - 2011-12-16 10:59 - 00002358 _____ C:\Users\Mom_and_Dad\Desktop\Google Chrome.lnk 2016-06-17 07:36 - 2013-12-11 23:13 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Local\GoPro 2016-06-17 07:34 - 2015-10-18 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro 2016-06-17 06:58 - 2013-06-06 19:56 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-06-16 16:59 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache 2016-06-16 11:20 - 2012-04-02 08:18 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-06-16 11:20 - 2011-09-20 17:57 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-06-16 09:38 - 2009-07-13 22:45 - 07603872 _____ C:\Windows\system32\FNTCACHE.DAT 2016-06-16 09:35 - 2014-12-14 12:03 - 00000000 ____D C:\Windows\system32\appraiser 2016-06-15 22:50 - 2013-07-15 08:50 - 00000000 ____D C:\Windows\system32\MRT 2016-06-15 22:37 - 2011-11-10 20:48 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-06-15 11:00 - 2016-05-10 16:56 - 00000000 ____D C:\Users\Mom_and_Dad\Desktop\Wilson 2016-06-13 09:10 - 2012-05-31 19:14 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Roaming\Dropbox 2016-06-13 09:09 - 2015-06-29 14:19 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Local\Dropbox 2016-06-12 10:21 - 2016-03-16 09:43 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Local\Tempdivxe4a2 ==================== Files in the root of some directories ======= 2016-03-19 10:41 - 2016-07-07 11:15 - 0000033 _____ () C:\Users\Mom_and_Dad\AppData\Roaming\AdobeWLCMCache.dat 2016-02-22 13:26 - 2016-03-11 11:44 - 0000177 _____ () C:\Users\Mom_and_Dad\AppData\Roaming\Camdata.ini 2016-02-22 13:26 - 2016-03-11 11:44 - 0000408 _____ () C:\Users\Mom_and_Dad\AppData\Roaming\CamLayout.ini 2016-02-22 13:26 - 2016-03-11 11:44 - 0000408 _____ () C:\Users\Mom_and_Dad\AppData\Roaming\CamShapes.ini 2016-02-22 13:26 - 2016-03-11 11:44 - 0004570 _____ () C:\Users\Mom_and_Dad\AppData\Roaming\CamStudio.cfg 2013-07-19 14:47 - 2013-07-19 14:47 - 0000037 ___SH () C:\Users\Mom_and_Dad\AppData\Local\70149b02515b3bb20dd492.47983420 2014-03-28 21:56 - 2014-09-23 16:39 - 0001456 _____ () C:\Users\Mom_and_Dad\AppData\Local\Adobe Save for Web 12.0 Prefs 2014-08-08 09:14 - 2014-09-16 07:36 - 0001832 _____ () C:\Users\Mom_and_Dad\AppData\Local\SLC_Mom_and_Dad.prx Files to move or delete: ==================== C:\Users\Administrator\en_res.dll C:\Users\Administrator\es_res.dll C:\Users\Administrator\fr_res.dll C:\Users\Administrator\grm_res.dll C:\Users\Administrator\it_res.dll C:\Users\Administrator\jp_res.dll C:\Users\Administrator\mfc80u.dll C:\Users\Administrator\msvcr80.dll C:\Users\Administrator\PCPE Setup.exe C:\Users\Administrator\pt_res.dll C:\Users\Administrator\ResourceReader.dll C:\Users\Administrator\ru_res.dll C:\Users\Administrator\zh_res.dll C:\Users\Mom_and_Dad\IP_Log_Data.js C:\Users\Mom_and_Dad\Network_Meter_Data.js Some files in TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\bzfclean.exe C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll C:\Users\Administrator\AppData\Local\Temp\Setup-Wacom.exe C:\Users\Administrator\AppData\Local\Temp\vcredist_x64.exe C:\Users\Mom_and_Dad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplh504n.dll C:\Users\Mom_and_Dad\AppData\Local\Temp\GarminExpressInstaller.exe C:\Users\Mom_and_Dad\AppData\Local\Temp\handbrake-setup.exe C:\Users\Mom_and_Dad\AppData\Local\Temp\mpa01308.exe C:\Users\Mom_and_Dad\AppData\Local\Temp\mpa01824.exe C:\Users\Mom_and_Dad\AppData\Local\Temp\RM7Setup.exe C:\Users\Mom_and_Dad\AppData\Local\Temp\Setup-Wacom.exe C:\Users\Mom_and_Dad\AppData\Local\Temp\uninst.exe Some zero byte size files/folders: ========================== C:\Windows\SysWOW64\atieclxx.exe C:\Windows\SysWOW64\conhost.exe C:\Windows\SysWOW64\csrss.exe C:\Windows\SysWOW64\dwm.exe C:\Windows\SysWOW64\lsm.exe C:\Windows\SysWOW64\services.exe C:\Windows\SysWOW64\smss.exe C:\Windows\SysWOW64\spoolsv.exe C:\Windows\SysWOW64\taskhost.exe C:\Windows\SysWOW64\winlogon.exe C:\Windows\SysWOW64\WUDFHost.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. The user is not administrator ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015 Ran by Mom_and_Dad (2016-07-12 10:14:10) Running from C:\Users\Mom_and_Dad\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2011-11-10 22:45:25) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-606606202-2619191921-1690171143-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-606606202-2619191921-1690171143-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-606606202-2619191921-1690171143-1002 - Limited - Enabled) Mom_and_Dad (S-1-5-21-606606202-2619191921-1690171143-1001 - Limited - Enabled) => C:\Users\Mom_and_Dad ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton AntiVirus (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton AntiVirus (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 123D Design R1.6 (HKLM\...\123D Design) (Version: 1.6.41 - Autodesk, Inc.) 2011 Hallmark Registration Bonus Pack (HKLM-x32\...\{E0570DE2-4B9D-47B6-A034-3B18829C0EAC}) (Version: 1.0.0.1 - Creative Home) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.272 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated) Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated) Adobe Illustrator CC 2015 (HKLM-x32\...\ILST_19_2_1) (Version: 19.2.1 - Adobe Systems Incorporated) Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.2.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.) Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.2.0 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.) Akamai NetSession Interface (HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Akamai) (Version: - Akamai Technologies, Inc) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden AntiLogger SDK version 1.7.6.367 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.7.6.367 - Zemana Ltd.) Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) AT&T Connect Participant Application v11.1.205 (HKLM-x32\...\{500C89CE-400B-4C33-9AF6-50BE8C512EEA}) (Version: 11.1.205 - AT&T Inc.) AT&T Connect Recording Converter Utility v1.0.51 (HKLM-x32\...\{71F8B03E-D6B6-416F-8BD3-A93ED8770F31}) (Version: 1.0.51 - AT&T Inc.) ATI Catalyst Install Manager (HKLM\...\{F580D12E-01E5-31A6-A321-7C8E6D5361A5}) (Version: 3.0.829.0 - ATI Technologies, Inc.) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Autodesk SketchBook (HKLM\...\{C0D41025-EDBF-4354-A5BA-86B27A78BC25}) (Version: 8.00.0001 - Autodesk) Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - ) Backblaze (HKLM-x32\...\Backblaze) (Version: - Backblaze, Inc) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation) Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blio (HKLM-x32\...\{AEDA8713-5521-4600-9AC2-81674A9EDC4F}) (Version: 2.2.7689 - K-NFB Reading Technology, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden CA Pest Patrol Realtime Protection (HKLM-x32\...\{F05A5232-CE5E-4274-AB27-44EB8105898D}) (Version: 001.001.0034 - Computer Associates Inc.) Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden CamStudio 2.7 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source) Camtasia Studio 8 (HKLM-x32\...\{56E884B5-B9B6-4432-B209-3A3EF41C7A01}) (Version: 8.0.3.1018 - TechSmith Corporation) Canon PowerShot SX280 HS and SX270 HS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX280HSandSX270HS) (Version: 1.0.0.1 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform) Check Point SSL Network Extender (HKLM-x32\...\{7110af2d-343a-4e30-b580-29a7b2ef9818}) (Version: 7.01.0000 - CheckPoint) Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.58 - DivX, LLC) Dropbox (HKLM-x32\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden Elevated Installer (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - ) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - ) Folder Size 2.0.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}}_is1) (Version: 2.0.0.0 - MindGems, Inc.) Garmin BaseCamp (HKLM-x32\...\{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}) (Version: 3.3.3 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin (HKLM-x32\...\{13F054F3-0B07-4D15-9E80-C55B496AB557}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{2639b4f0-83b4-4f3d-942f-e4ba22a40b9b}) (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries) Garmin TOPO U.S. 2008 (HKLM-x32\...\{47BA74C5-1890-4ED2-954A-AD11186D8E26}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries) Garmin Trip and Waypoint Manager v4 (HKLM-x32\...\{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Genie Timeline (HKLM-x32\...\Genie Timeline) (Version: 5.0 - Genie9) Google Chrome (HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden GoPro (Version: 0.1.2733 - GoPro, Inc.) Hidden GoPro for Desktop (HKLM-x32\...\{88734dc7-c200-4ad3-b29f-bb5e436cb30f}) (Version: 1.4.0.2733 - GoPro, Inc.) GoPro Studio (x32 Version: 5.9.2733 - GoPro, Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Hallmark Card Studio 2011 Deluxe (HKLM-x32\...\{62687EAC-F27D-49AC-A0E2-3899B0459113}) (Version: 12.0.5.1 - Hallmark Software) Hallmark Card Studio 2013 Deluxe (HKLM-x32\...\{A6E08FBC-FC99-4CEE-B645-83A42107BE89}) (Version: 14.0.1.1 - Creative Home) HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - ) HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard) HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{0308919C-E317-4293-8D3C-97EF307BCDBC}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{C43602FE-988C-47BA-9F9F-B95FDDAFB624}) (Version: 11.50.0031 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6349.0 - IDT) InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl) iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.) Japanese Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kerbal Space Program (HKLM-x32\...\{ED501254-06B8-4883-B7F3-4799C9EDD288}_is1) (Version: 1.0 - Squad) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech) Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - ) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MediaInfo 0.7.84 (HKLM\...\MediaInfo) (Version: 0.7.84 - MediaArea.net) Meshmixer (HKLM\...\Meshmixer_x64) (Version: 10.9.297 - Autodesk, Inc.) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4833.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Project Professional 2013 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 15.0.4833.1001 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.7.0.11 - Symantec Corporation) Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.1 - ) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.13.2 - OBS Project) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation) PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.310 - PDF Complete, Inc) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden PIXELA AAC LC CODEC (HKLM-x32\...\PIXELA AAC LC CODEC) (Version: 1.1.0.1 - Canon Inc.) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6305 - CyberLink Corp.) Power2Go (x32 Version: 6.1.6305 - CyberLink Corp.) Hidden PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric) PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.) PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden QuickBooks (x32 Version: 19.0.4014.705 - Intuit Inc.) Hidden QuickBooks Pro 2009 (HKLM-x32\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4014.705 - Intuit Inc.) RazorSQL 5.1.4 (HKLM-x32\...\RazorSQL 5.1.4_is1) (Version: - Richardson Software, LLC) Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - ) Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software) RootsMagic 7.0.11.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.0.11.0 - RootsMagic, Inc.) RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Screencast-O-Matic v2.0 (HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Screencast-O-Matic v2.0) (Version: v2.0 - Screencast-O-Matic) Sizer 3.34 (HKLM-x32\...\{DE43AA92-E8C0-4620-AFE2-FBD623C71643}) (Version: 3.3.4.0 - Brian Apps) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden Snapshot Viewer (HKLM-x32\...\Snapshot Viewer) (Version: - ) Spektrum Programmer (HKLM-x32\...\Spektrum Programmer) (Version: 2.0.0.0 - Horizon Hobby) Stellar Phoenix Outlook PST Repair (HKLM-x32\...\Stellar Phoenix Outlook PST Repair_is1) (Version: 4.5.0.0 - Stellar Information Systems Ltd.) SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Trend Micro RUBotted 2.0 Beta (HKLM-x32\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.) Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.6.7 - Tweaking.com) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-3 - Wacom Technology Corp.) WD My Cloud (HKLM\...\{BDB0A166-050E-4C36-8F89-3304DBDE3018}) (Version: 1.0.5.40 - Western Digital Technologies, Inc.) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro) Windows Driver Package - Horizon Hobby USB Interface AS3X Programmer Driver (03/09/2016 2.12.16) (HKLM\...\AF31292D759C0492C6EA53A117E414F0A74F3AD3) (Version: 03/09/2016 2.12.16 - Horizon Hobby) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinX DVD Ripper 5.6.0 (HKLM-x32\...\WinX DVD Ripper_is1) (Version: - Digiarty Software, Inc.) Wisdom-soft ScreenHunter 6.0 Pro (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Pro) (Version: - Wisdom Software Inc.) Xilisoft iPhone Ringtone Maker (HKLM-x32\...\Xilisoft iPhone Ringtone Maker) (Version: 3.2.0.20150324 - Xilisoft) Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.4) (Version: 1.3.4 - Xvid Team) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606606202-2619191921-1690171143-1001Core.job => C:\Users\Mom_and_Dad\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606606202-2619191921-1690171143-1001UA.job => C:\Users\Mom_and_Dad\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2016-05-22 19:33 - 2016-05-22 19:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2014-08-19 11:57 - 2013-11-20 01:39 - 00045568 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogging.gtl 2014-08-19 11:57 - 2013-12-02 07:29 - 00491008 _____ () C:\Program Files\Genie9\Genie Timeline\GSIndexDB.gtl 2014-08-19 11:57 - 2012-02-02 03:16 - 00740864 _____ () C:\Program Files\Genie9\Genie Timeline\sqlite3.gtl 2014-08-19 11:57 - 2012-04-24 03:29 - 00011264 _____ () C:\Program Files\Genie9\Genie Timeline\RWLock.gtl 2014-08-19 11:57 - 2013-12-02 07:29 - 00211456 _____ () C:\Program Files\Genie9\Genie Timeline\Settings.gtl 2014-08-19 11:57 - 2013-11-20 01:39 - 00089600 _____ () C:\Program Files\Genie9\Genie Timeline\GSEncryption.gtl 2014-08-19 11:57 - 2013-12-02 07:29 - 00722944 _____ () C:\Program Files\Genie9\Genie Timeline\GSBackupManager.gtl 2014-08-19 11:57 - 2013-12-02 07:29 - 00371200 _____ () C:\Program Files\Genie9\Genie Timeline\GSWatcher4.gtl 2014-08-19 11:57 - 2013-12-02 07:29 - 00332800 _____ () C:\Program Files\Genie9\Genie Timeline\OnlineHandler.gtl 2013-02-11 05:34 - 2013-02-11 05:34 - 00045056 _____ () C:\Program Files\Genie9\Genie Timeline\pcre.dll 2013-02-11 05:34 - 2013-02-11 05:34 - 00097792 _____ () C:\Program Files\Genie9\Genie Timeline\pcrebase.dll 2014-08-19 11:57 - 2013-12-02 07:29 - 00054784 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogManager.gtl 2014-08-19 11:57 - 2013-12-02 07:29 - 00087040 _____ () C:\Program Files\Genie9\Genie Timeline\QueueManager.gtl 2014-08-19 11:57 - 2012-02-02 03:16 - 00010752 _____ () C:\Program Files\Genie9\Genie Timeline\VSSEngine_Proxy.gtl 2014-08-19 11:57 - 2013-11-20 01:39 - 00058368 _____ () C:\Program Files\Genie9\Genie Timeline\GSLibrariesManager.gtl 2013-12-02 07:29 - 2013-12-02 07:29 - 00063488 _____ () C:\Program Files\Genie9\Genie Timeline\XBalloonMsgDll.dll 2013-12-02 07:29 - 2013-12-02 07:29 - 00087040 _____ () C:\Program Files\Genie9\Genie Timeline\QueueManager.dll 2012-02-02 03:16 - 2012-02-02 03:16 - 00740864 _____ () C:\Program Files\Genie9\Genie Timeline\sqlite3.dll 2013-11-20 01:39 - 2013-11-20 01:39 - 00045568 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogging.dll 2013-12-02 07:29 - 2013-12-02 07:29 - 00211456 _____ () C:\Program Files\Genie9\Genie Timeline\Settings.dll 2013-11-20 01:39 - 2013-11-20 01:39 - 00089600 _____ () C:\Program Files\Genie9\Genie Timeline\GSEncryption.dll 2013-12-02 07:29 - 2013-12-02 07:29 - 00491008 _____ () C:\Program Files\Genie9\Genie Timeline\GSIndexDB.dll 2012-04-24 03:29 - 2012-04-24 03:29 - 00011264 _____ () C:\Program Files\Genie9\Genie Timeline\RWLock.dll 2013-11-20 01:39 - 2013-11-20 01:39 - 00058368 _____ () C:\Program Files\Genie9\Genie Timeline\GSLibrariesManager.dll 2013-11-20 01:39 - 2013-11-20 01:39 - 00093696 _____ () C:\Program Files\Genie9\Genie Timeline\GSCurl.dll 2013-12-02 07:29 - 2013-12-02 07:29 - 00332800 _____ () C:\Program Files\Genie9\Genie Timeline\OnlineHandler.dll 2016-03-09 21:52 - 2016-01-11 11:30 - 01349824 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll 2016-05-12 00:39 - 2016-05-12 00:39 - 01088944 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe 2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-05-22 19:32 - 2016-05-22 19:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe 2011-07-04 02:20 - 2011-07-04 02:20 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-03-14 15:20 - 2011-03-14 15:20 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Program Files (x86)\Database Master:{71007400-4C00-7000-5000-370066004300} AlternateDataStreams: C:\ProgramData\Temp:054203E4 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\coair.com -> hxxps://pilotcbt.coair.com IE trusted site: HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\united.com -> hxxps://united.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mom_and_Dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{BDD20A01-9025-4182-9949-DAB3A8998D81}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{9C8E78AE-9729-4968-995E-1A13AB6F8BB2}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{6848940E-2000-421B-8803-426A80A70886}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{D8843734-D5FC-4FD9-ABB3-606B80AB29E5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{92624C2B-D16B-4E0C-B644-21706BBC259B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{7AEDC520-8A10-4723-B420-1A231533027B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{6281A576-6CEC-4F2D-AD0C-CD7BA3B70BC1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{C3618607-B8FC-4101-99FF-6C76CC5CE541}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{C6989E12-9B36-462A-9C39-929E3B8D2180}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{9915FD3A-BBDC-4676-8106-80D1B296706D}] => (Allow) LPort=2869 FirewallRules: [{3626AC65-C935-4DA2-855A-B569B854927F}] => (Allow) LPort=1900 FirewallRules: [{5A040BB0-E43C-4785-8209-BC2AE2F325A4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{CBE3839B-B0D1-4373-BFFD-22975A5D3E16}] => (Allow) C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe FirewallRules: [{5B575788-1005-4432-A454-B2A5BA7F3D61}] => (Allow) C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe FirewallRules: [{E3AD1262-ED52-412E-BCFB-55D55ACA6FF3}] => (Allow) C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe FirewallRules: [{200D35B6-D7B0-4512-8D5C-E8751ED73016}] => (Allow) C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe FirewallRules: [{3AC6A0BE-56E5-4CD0-90D1-7B158FE8118A}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{66ABE305-3C39-4F5A-9C1F-E9FEC110F556}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{EED02C0A-5309-48DB-A076-AA48D0530ECF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C66FD5E0-4189-48D6-93FF-1A989273BF99}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{393174BA-C7BE-4746-A5A6-7DB63762B66B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9283EA99-0A7C-4C16-A5D8-4E3EB5C73139}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{D998C31C-9B00-49EC-97B2-288CFFBAE413}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe FirewallRules: [UDP Query User{42CC3F93-F77A-479F-B38F-24FCA0B4D7B6}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe FirewallRules: [{0AF09C94-97C5-44C1-B3B2-BD149572008E}] => (Block) C:\program files (x86)\airport\aputil.exe FirewallRules: [{99A65044-B2DC-4C6A-9C1A-828E871C4440}] => (Block) C:\program files (x86)\airport\aputil.exe FirewallRules: [{18D29923-8F48-402E-AB77-2F9D47578B9C}] => (Allow) LPort=5353 FirewallRules: [{4EEE5257-5713-4C51-9FBF-CACE171871D3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{5967AD0F-D0EA-4297-845D-BF455EB1BDF1}] => (Allow) C:\Program Files (x86)\AirPort\APAgent.exe FirewallRules: [{0829B931-74B1-4923-AAAF-D4C3186DD8B7}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe FirewallRules: [{9A7887AB-606E-4853-AC46-BC0CF4F69A2A}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe FirewallRules: [{E0C7578A-F718-4823-90E9-C73B4D1BC6C8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [TCP Query User{B2C1F920-AA6E-424E-913A-C0FAE2F3F79B}C:\users\mom_and_dad\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mom_and_dad\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{252C70EC-ABB4-4892-A441-00F378D66B3E}C:\users\mom_and_dad\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mom_and_dad\appdata\local\akamai\netsession_win.exe FirewallRules: [{2B09FA3F-36D6-4A31-835D-795FDA159946}] => (Block) C:\users\mom_and_dad\appdata\local\akamai\netsession_win.exe FirewallRules: [{54D0ADFC-F69B-48D1-985B-8D47400547C5}] => (Block) C:\users\mom_and_dad\appdata\local\akamai\netsession_win.exe FirewallRules: [{BB1E08C8-F838-44AD-98FD-0E00AF4F04E1}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe FirewallRules: [{EAE38B78-9241-404C-B510-D22638C3539B}] => (Allow) C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe FirewallRules: [{8DF44189-C8D2-4DAF-964F-EF565B1E95CC}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{DDA2906A-BFDB-493C-A8A6-3FB7D623B88B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{CE1576E8-6252-4E82-81D3-F4391714A5BB}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [TCP Query User{5C0FD6A4-7154-4F67-AAB1-646948996B01}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe FirewallRules: [UDP Query User{9430A15A-631E-473B-94E5-636D07983F60}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe FirewallRules: [{1B21084E-7BC9-47F8-B678-88D9CFE3CF77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C3A82C37-CF6C-4D44-8A6F-19A3DE965F2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{74CC9DBE-5994-4590-941C-6CC3759F3D2B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{30EDC5EF-3A4F-411B-AACF-ACC174DE4AD4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E03F9D0C-384F-49DA-B94F-4CE66205B7CC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9A79D110-F581-4254-A881-3522C51F170E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{27F826F8-EFDD-408C-A781-1523B4F94290}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{3E099957-1786-45B1-BC7A-7F1A71D84DC0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{92A9C6DB-A1B1-47BC-9AEC-20E7690BBC3D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{2748C0AA-9AD6-47BE-B529-19A4DD8683B5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{A512249C-A83E-4102-A600-23299801308D}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro.exe FirewallRules: [{339F0A43-A74B-4396-8CDC-71925414A79C}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe FirewallRules: [{0F3B2505-31F8-493A-BC8F-CF85C8E3BFA2}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe FirewallRules: [{CA6B2F06-CFC9-401C-B4AD-9C348F286ED5}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe FirewallRules: [{FEE66BA8-DC0E-4E5E-9227-C70BFE908145}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{36CB0FEC-1D3D-4601-96F0-E7D941FD9501}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7 StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7 ==================== Faulty Device Manager Devices ============= Name: NetGroup Packet Filter Driver Description: NetGroup Packet Filter Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NPF Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (07/12/2016 09:17:27 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine OpenProcessToken. hr = 0x80070005, Access is denied. . Operation: Initializing Writer Gathering Writer Data Executing Asynchronous Operation Context: File Name: C:\Windows\Vss\Writers\System\D61D61C8-D73A-4EEE-8CDD-F6F9786B7124.xml File Path: C:\Windows\Vss\Writers\System\ Execution Context: Requestor Current State: GatherWriterMetadata Error-specific details: Error: AddExpressWriter failed, 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. Error: AddExpressWriter failed, 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. Error: (07/12/2016 09:17:27 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine OpenProcessToken. hr = 0x80070005, Access is denied. . Operation: Initializing Writer Gathering Writer Data Executing Asynchronous Operation Context: File Name: C:\Windows\Vss\Writers\System\75DFB225-E2E4-4d39-9AC9-FFAFF65DDF06.xml File Path: C:\Windows\Vss\Writers\System\ Execution Context: Requestor Current State: GatherWriterMetadata Error-specific details: Error: AddExpressWriter failed, 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. Error: (07/12/2016 09:17:27 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine OpenProcessToken. hr = 0x80070005, Access is denied. . Operation: Initializing Writer Gathering Writer Data Executing Asynchronous Operation Context: File Name: C:\Windows\Vss\Writers\System\0bada1de-01a9-4625-8278-69e735f39dd2.xml File Path: C:\Windows\Vss\Writers\System\ Execution Context: Requestor Current State: GatherWriterMetadata Error: (07/12/2016 07:05:24 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 13 Error: (07/11/2016 04:19:39 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Wacom_TouchUser.exe, version: 6.3.15.3, time stamp: 0x5693e579 Faulting module name: Wacom_TouchUser.exe, version: 6.3.15.3, time stamp: 0x5693e579 Exception code: 0xc0000005 Fault offset: 0x000000000020fe9e Faulting process id: 0x65a8 Faulting application start time: 0xWacom_TouchUser.exe0 Faulting application path: Wacom_TouchUser.exe1 Faulting module path: Wacom_TouchUser.exe2 Report Id: Wacom_TouchUser.exe3 Error: (07/11/2016 03:01:26 PM) (Source: Microsoft Office 15) (EventID: 2000) (User: ) Description: Microsoft Word: Accepted Safe Mode action : Word couldn't start last time. Safe mode could help you troubleshoot the problem, but some features might not be available in this mode. Do you want to start in safe mode?. Accepted Safe Mode action : Microsoft Word. Error: (07/11/2016 01:13:18 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(04:1e:64:53:36:77@fe80::61e:64ff:fe53:3677._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (07/11/2016 01:13:18 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(28:6a:ba:1c:7d:42@fe80::2a6a:baff:fe1c:7d42._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (07/11/2016 01:13:18 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(78:d7:5f:13:9e:ff@fe80::7ad7:5fff:fe13:9eff._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (07/11/2016 01:13:18 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(8c:29:37:24:c1:76@fe80::8e29:37ff:fe24:c176._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network. System errors: ============= Error: (07/12/2016 10:14:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 10:14:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 10:14:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 10:14:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 10:14:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 10:14:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 10:14:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 10:14:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 10:14:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 10:14:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 ==================== Memory info =========================== Processor: AMD A8-3800 APU with Radeon(tm) HD Graphics Percentage of memory in use: 30% Total physical RAM: 15856.58 MB Available physical RAM: 11060.25 MB Total Virtual: 31711.35 MB Available Virtual: 25893.7 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:919.77 GB) (Free:183.33 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:11.65 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive x: (GenieTimeII) (Fixed) (Total:1863.01 GB) (Free:578.18 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================ RogueKiller V12.3.7.0 (x64) [Jul 4 2016] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Administrator [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Scan -- Date : 07/12/2016 11:19:50 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 0 ¤¤¤ ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721010CLA632 SATA Disk Device +++++ --- User --- [MBR] 2302c34442e8836cd274ea17863192d0 [BSP] 429aef01d7a5c10466ddf1097d0a92a4 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 941842 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1929099264 | Size: 11925 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: WDC WD20 EARX-00PASB0 USB Device +++++ --- User --- [MBR] 3c41a83b6f1824d2e57b31777ba9a66a [BSP] 3c39610ca8b1a2f38e6c1745c557def0 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive6: HP Officejet Pro 85 USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) Link to post Share on other sites More sharing options...
kevinf80 Posted July 12, 2016 ID:1050636 Share Posted July 12, 2016 You`ve ran FRST again from a non Administrator account.. that is a pointles excercise... Link to post Share on other sites More sharing options...
dsenn Posted July 12, 2016 Author ID:1050682 Share Posted July 12, 2016 3 hours ago, kevinf80 said: You`ve ran FRST again from a non Administrator account.. that is a pointles excercise... Ooops...my apologies. Here is FRST.txt and Addition.txt run as Adminstrator: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015 Ran by Administrator (administrator) on MOM_AND_DAD-HP (12-07-2016 17:02:20) Running from C:\Users\Mom_and_Dad\Downloads Loaded Profiles: Mom_and_Dad & Administrator (Available Profiles: Mom_and_Dad & Administrator) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 10 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Backblaze\bzserv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe (CA, Inc.) C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\nav.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe (Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe (Genie9) C:\Program Files\Genie9\Genie Timeline\GenieTimeLineAgent.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\PTIM.exe (Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe (Akamai Technologies, Inc.) C:\Users\Mom_and_Dad\AppData\Local\Akamai\netsession_win.exe (Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\ptSrv.exe (AT&T) C:\Users\Mom_and_Dad\AppData\Local\ATT Connect\Participant\ConnectLauncher.exe (Creative Home) C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2013 Deluxe\Planner\PLNRnote.exe (Akamai Technologies, Inc.) C:\Users\Mom_and_Dad\AppData\Local\Akamai\netsession_win.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe (Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\nav.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe () C:\Program Files (x86)\Backblaze\x64\bztransmit64.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe (Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe () C:\Program Files\RogueKiller\RogueKiller64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe (Apple Inc.) C:\Program Files\iTunes\iTunes.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe () C:\Program Files (x86)\Backblaze\bzfilelist.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\51.0.2704.103\nacl64.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\51.0.2704.103\nacl64.exe (Google Inc.) C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe (Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coNatHst.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard ) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-05-05] (Adobe Systems Incorporated) HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [1088944 2016-05-12] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.) HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1532760 2011-06-14] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [567320 2011-02-08] (PDF Complete Inc) HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.) HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-05-27] (Adobe Systems Inc.) HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2380480 2016-06-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24204648 2016-07-05] (Dropbox, Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1010144 2016-05-31] (DivX, LLC) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-10] (Google Inc.) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [Google Update] => C:\Users\Mom_and_Dad\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [PTIM.exe] => C:\Program Files (x86)\WebEx\Productivity Tools\PTIM.exe [419344 2014-01-16] (Cisco WebEx LLC) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [371728 2014-01-16] (Cisco WebEx LLC) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1400224 2013-09-25] (Adobe Systems Incorporated) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Mom_and_Dad\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [Launch AT&T Connect Participant application] => C:\Users\Mom_and_Dad\AppData\Local\ATT Connect\Participant\ConnectLauncher.exe [312600 2015-04-22] (AT&T) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [] => [X] HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [882872 2016-05-27] (Adobe Systems Incorporated) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\RunOnce: [Application Restart #3] => C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation) HKU\S-1-5-21-606606202-2619191921-1690171143-500\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-11-10] (Google Inc.) HKU\S-1-5-21-606606202-2619191921-1690171143-500\...\Run: [ComcastAntispyClient] => "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide HKU\S-1-5-21-606606202-2619191921-1690171143-500\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe HKU\S-1-5-21-606606202-2619191921-1690171143-500\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.) HKU\S-1-5-21-606606202-2619191921-1690171143-500\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-04-22] (Apple Inc.) HKU\S-1-5-21-606606202-2619191921-1690171143-500\...\Run: [Wisdom-soft ScreenHunter 6.0 Free] => 0 HKU\S-1-5-21-606606202-2619191921-1690171143-500\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-04-22] (Apple Inc.) HKU\S-1-5-21-606606202-2619191921-1690171143-500\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-606606202-2619191921-1690171143-500\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.ps1 [16548 2015-06-16] () HKU\S-1-5-21-606606202-2619191921-1690171143-500\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [882872 2016-05-27] (Adobe Systems Incorporated) HKU\S-1-5-21-606606202-2619191921-1690171143-500\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [591528 2016-07-07] () HKU\S-1-5-18\...\Run: [Backblaze] => C:\Program Files (x86)\Backblaze\bzbui.exe [591528 2016-07-07] () HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2016-04-22] (Apple Inc.) AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(3).dll [88376 2013-07-24] (Zemana Ltd.) AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(3).dll [81160 2013-07-24] (Zemana Ltd.) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] () ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-BackedUp] -> {88A8B1ED-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\x86\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\Genie9\Genie Timeline\x86\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\Genie9\Genie Timeline\x86\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\x86\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\Genie9\Genie Timeline\x86\GSTimelineIconOverlay.gtl [2013-12-02] () ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-07-05] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation) Startup: C:\Users\Mom_and_Dad\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-07-01] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2015-11-29] ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk [2011-11-28] ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2013 Deluxe\Planner\PLNRnote.exe (Creative Home) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2011-11-28] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{A8035D7D-E835-41E2-AAEA-91001C7B38F1}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ HKU\S-1-5-21-606606202-2619191921-1690171143-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-606606202-2619191921-1690171143-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-606606202-2619191921-1690171143-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://hp-desktop.us.msn.com/ HKU\S-1-5-21-606606202-2619191921-1690171143-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/ SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {6CC66D7C-BD70-49AC-8C80-6BF8F94FCBC3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-606606202-2619191921-1690171143-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-606606202-2619191921-1690171143-1001 -> {6CC66D7C-BD70-49AC-8C80-6BF8F94FCBC3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-606606202-2619191921-1690171143-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = SearchScopes: HKU\S-1-5-21-606606202-2619191921-1690171143-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKU\S-1-5-21-606606202-2619191921-1690171143-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = SearchScopes: HKU\S-1-5-21-606606202-2619191921-1690171143-500 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADRA_enUS457 SearchScopes: HKU\S-1-5-21-606606202-2619191921-1690171143-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=349 SearchScopes: HKU\S-1-5-21-606606202-2619191921-1690171143-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADRA_enUS457 SearchScopes: HKU\S-1-5-21-606606202-2619191921-1690171143-500 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-606606202-2619191921-1690171143-500 -> {EB98D0C4-C0AA-44E9-B703-14F9C72FB959} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=bc260c40fdf541d18fb6eae728b9a65e&tu=10G9z009x2B0Ca0&sku=&tstsId=&ver=&&r=18 BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation) BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll [2014-01-16] (Cisco WebEx LLC) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.) BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-05-17] (Microsoft Corporation) BHO-x32: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\SysWOW64\CbFsMntNtf3.dll [2010-11-30] (EldoS Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-15] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll [2014-01-16] (Cisco WebEx LLC) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.) BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-04-12] (Microsoft Corporation) BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.425.1\NativeBHO.dll [2014-04-28] (WhiteSky) BHO-x32: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll No File BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-15] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll [2014-01-16] (Cisco WebEx LLC) Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.) Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll [2014-01-16] (Cisco WebEx LLC) Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.) Toolbar: HKU\S-1-5-21-606606202-2619191921-1690171143-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.) Toolbar: HKU\S-1-5-21-606606202-2619191921-1690171143-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-606606202-2619191921-1690171143-1001 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation) Toolbar: HKU\S-1-5-21-606606202-2619191921-1690171143-500 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.) Toolbar: HKU\S-1-5-21-606606202-2619191921-1690171143-500 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} hxxps://vpn.ual.com/CSHELL/extender.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2012-05-12] (Intuit, Inc.) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1209149.dll [No File] FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-05-13] (DivX, LLC) FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-05-30] (GARMIN Corp.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-15] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-15] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] () FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin HKU\S-1-5-21-606606202-2619191921-1690171143-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin HKU\S-1-5-21-606606202-2619191921-1690171143-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn [2016-07-12] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-17] FF HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Firefox\Extensions: [ocplugin@webex.com] - C:\Program Files (x86)\WebEx\Productivity Tools FF Extension: WebEx Productivity Tools - C:\Program Files (x86)\WebEx\Productivity Tools [2014-02-21] Chrome: ======= CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr CHR DefaultSearchKeyword: Default -> NortonSafe CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Norton Home Page for Chrome) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-03-21] CHR Extension: (Norton Identity Safe) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-05-23] CHR Extension: (Norton Safe) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-03-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-28] CHR Extension: (Norton Security Toolbar) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-03-02] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24] StartMenuInternet: Google Chrome - C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated) R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] () R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated) R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric) R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 bzserv; C:\Program Files (x86)\Backblaze\bzserv.exe [354984 2016-07-07] () R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009776 2016-05-27] (Microsoft Corporation) R2 cpextender; C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [368272 2014-01-16] (Check Point Software Technologies) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-29] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-29] (Dropbox, Inc.) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-11-10] (Macrovision Europe Ltd.) [File not signed] R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries) R2 GenieTimelineService; C:\Program Files\Genie9\Genie Timeline\GenieTimelineService.exe [678464 2013-12-08] (Genie9) R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-05-12] () R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [72992 2014-07-07] (Hewlett-Packard Company) R2 ITMRTSVC; C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe [283912 2007-09-26] (CA, Inc.) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\NAV.exe [262928 2015-03-07] (Symantec Corporation) R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [818712 2011-02-08] (PDF Complete Inc) R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-12-22] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed] R2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.) R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2016-03-22] () <==== ATTENTION (zero byte File/Folder) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2016-01-11] (Wacom Technology, Corp.) S4 IDVaultSvc; "C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-05-04] (Zemana Ltd.) R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.6.0.32\Definitions\BASHDefs\20160711.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation) R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [321424 2010-11-30] (EldoS Corporation) R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation) R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-03] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-03] (Symantec Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-06-02] () S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [46960 2016-07-07] () R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.6.0.32\Definitions\IPSDefs\20160711.001\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation) R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-24] (Zemana Ltd.) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-11] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.6.0.32\Definitions\VirusDefs\20160712.007\ENG64.SYS [138456 2016-06-29] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.6.0.32\Definitions\VirusDefs\20160712.007\EX64.SYS [2148056 2016-06-29] (Symantec Corporation) R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.) R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] () R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NAVx64\1507000.00B\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-03-02] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-07-12] () S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-03-29] (Texas Instruments) R3 VNA; C:\Windows\System32\DRIVERS\vna.sys [161256 2014-01-16] (Check Point Software Technologies) S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X] S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] S3 NPF; system32\drivers\NPF.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-12 11:36 - 2016-07-12 11:36 - 00005744 _____ C:\Users\Administrator\Desktop\RougueKiller.txt 2016-07-12 07:05 - 2016-07-12 07:44 - 00003872 _____ C:\Users\Administrator\Desktop\Rkill.txt 2016-07-12 06:58 - 2016-07-12 06:58 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Mom_and_Dad\Desktop\rkill.com 2016-07-12 06:57 - 2016-07-12 06:57 - 00000126 ___RH C:\Users\Mom_and_Dad\Downloads\Stinger.opt 2016-07-12 06:53 - 2016-07-12 06:53 - 00000612 _____ C:\Users\Mom_and_Dad\Desktop\Stinger.txt 2016-07-11 18:12 - 2016-07-11 18:12 - 00001203 _____ C:\Users\Mom_and_Dad\Desktop\MB_2.txt 2016-07-11 16:51 - 2016-07-11 16:51 - 00003579 _____ C:\Users\Mom_and_Dad\Downloads\Fixlist.txt 2016-07-11 16:50 - 2016-07-12 17:02 - 00056227 _____ C:\Users\Mom_and_Dad\Downloads\FRST.txt 2016-07-11 16:49 - 2016-07-11 16:49 - 02193920 _____ (Farbar) C:\Users\Mom_and_Dad\Downloads\FRST64.exe 2016-07-11 16:46 - 2016-07-12 10:14 - 00050327 _____ C:\Users\Mom_and_Dad\Downloads\Addition.txt 2016-07-11 16:45 - 2016-07-11 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-07-11 16:44 - 2016-07-11 16:44 - 00000098 _____ C:\Users\Mom_and_Dad\Desktop\MB Notes.txt 2016-07-11 16:30 - 2016-07-11 16:38 - 00007752 _____ C:\Users\Mom_and_Dad\Desktop\MB_1.txt 2016-07-11 16:21 - 2016-07-12 03:28 - 00000826 _____ C:\Users\Mom_and_Dad\Downloads\Stinger_11072016_162126.html 2016-07-11 16:14 - 2016-07-11 16:14 - 16620912 _____ (McAfee Inc) C:\Users\Mom_and_Dad\Downloads\stinger32.exe 2016-07-10 11:31 - 2016-07-10 11:31 - 00000266 _____ C:\Users\Mom_and_Dad\Downloads\Items_masterlist (1).vcf 2016-07-10 11:29 - 2016-07-10 11:29 - 00000266 _____ C:\Users\Mom_and_Dad\Downloads\Items_masterlist.vcf 2016-07-07 10:31 - 2016-07-12 15:55 - 00000000 ____D C:\Program Files (x86)\Backblaze 2016-07-07 10:31 - 2016-07-07 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backblaze 2016-07-07 10:31 - 2016-07-07 10:31 - 00000000 ____D C:\ProgramData\Backblaze 2016-07-07 10:19 - 2016-07-07 10:19 - 00046960 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2016-07-07 10:05 - 2016-07-07 11:50 - 00000000 ____D C:\Users\Mom_and_Dad\Desktop\Wandering Boy 2016-07-06 22:16 - 2016-07-06 22:16 - 06433376 _____ C:\Users\Mom_and_Dad\Downloads\install_backblaze_senn.family1c47c.exe 2016-07-06 21:40 - 2016-07-06 21:41 - 00064733 _____ C:\Users\Administrator\Downloads\Addition.txt 2016-07-06 21:39 - 2016-07-06 21:41 - 00083753 _____ C:\Users\Administrator\Downloads\FRST.txt 2016-07-06 21:38 - 2016-07-12 17:02 - 00000000 ____D C:\FRST 2016-07-06 21:36 - 2016-07-06 21:36 - 02390016 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe 2016-07-06 21:14 - 2016-07-06 21:49 - 00000000 ____D C:\EEK 2016-07-06 21:13 - 2016-07-06 21:14 - 241629552 _____ C:\Users\Administrator\Downloads\EmsisoftEmergencyKit.exe 2016-07-06 21:07 - 2016-07-06 21:07 - 00000860 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2016-07-06 21:07 - 2016-07-06 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2016-07-06 21:07 - 2016-07-06 21:07 - 00000000 ____D C:\Program Files\RogueKiller 2016-07-06 21:06 - 2016-07-06 21:07 - 29003664 _____ (Adlice Software ) C:\Users\Administrator\Downloads\setup.exe 2016-07-06 21:04 - 2016-07-06 21:05 - 24204360 _____ C:\Users\Administrator\Downloads\RogueKillerX64.exe 2016-07-06 21:03 - 2016-07-12 10:16 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2016-07-06 21:02 - 2016-07-06 21:02 - 00000000 ____D C:\ProgramData\RogueKiller 2016-07-06 21:01 - 2016-07-06 21:01 - 19921992 _____ C:\Users\Administrator\Downloads\RogueKiller.exe 2016-07-06 20:56 - 2016-07-06 20:56 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe 2016-07-06 20:51 - 2016-07-06 20:51 - 03411640 _____ (Symantec Corporation) C:\Users\Administrator\Downloads\NPE (5).exe 2016-07-06 20:50 - 2016-07-06 20:50 - 03411640 _____ (Symantec Corporation) C:\Users\Administrator\Downloads\NPE (4).exe 2016-07-06 20:50 - 2016-07-06 20:50 - 00184768 _____ (trend_company_name) C:\Windows\system32\Drivers\tmrkb.sys 2016-07-06 20:50 - 2016-07-06 20:50 - 00173504 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys 2016-07-06 20:50 - 2016-07-06 20:50 - 00000000 ____D C:\Users\Administrator\Downloads\log 2016-07-06 20:43 - 2016-07-06 20:43 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Mom_and_Dad\Downloads\tdsskiller.exe 2016-07-06 16:31 - 2016-07-06 16:31 - 00000826 _____ C:\Users\Mom_and_Dad\Desktop\Handbrake.lnk 2016-07-06 16:31 - 2016-07-06 16:31 - 00000826 _____ C:\Users\Administrator\Desktop\Handbrake.lnk 2016-07-06 16:31 - 2016-07-06 16:31 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake 2016-07-06 16:18 - 2016-07-06 16:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mom_and_Dad\Downloads\revosetup (2).exe 2016-07-06 11:33 - 2016-07-06 11:33 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mom_and_Dad\Downloads\revosetup (1).exe 2016-07-06 11:32 - 2016-07-06 11:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mom_and_Dad\Downloads\revosetup.exe 2016-06-30 17:17 - 2016-06-30 17:17 - 00001151 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk 2016-06-30 17:17 - 2016-06-30 17:17 - 00001139 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk 2016-06-29 12:33 - 2016-06-29 12:33 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-06-29 12:33 - 2016-06-29 12:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-06-29 12:32 - 2016-06-29 12:33 - 00000000 ____D C:\Program Files\iTunes 2016-06-29 12:32 - 2016-06-29 12:32 - 00000000 ____D C:\Program Files\iPod 2016-06-29 12:32 - 2016-06-29 12:32 - 00000000 ____D C:\Program Files (x86)\iTunes 2016-06-29 12:27 - 2016-06-29 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2016-06-26 16:46 - 2016-06-26 16:46 - 00000000 ____D C:\Users\Mom_and_Dad\Downloads\DXe_Setups 2016-06-26 16:35 - 2016-06-26 16:35 - 00097151 _____ C:\Users\Mom_and_Dad\Downloads\DXe_Setups.zip 2016-06-25 21:03 - 2016-06-25 21:03 - 12916946 _____ C:\Users\Mom_and_Dad\Downloads\EFLU4850_Hi.wmv 2016-06-25 17:11 - 2016-06-25 17:11 - 11023608 _____ C:\Users\Mom_and_Dad\Downloads\EFLU4780.wmv 2016-06-25 16:45 - 2016-06-26 16:50 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Roaming\Horizon Hobby 2016-06-25 16:41 - 2016-06-25 16:41 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spektrum Programmer.lnk 2016-06-25 16:41 - 2016-06-25 16:41 - 00001111 _____ C:\Users\Public\Desktop\Spektrum Programmer.lnk 2016-06-25 16:37 - 2016-06-25 16:41 - 00000000 ____D C:\Program Files (x86)\Spektrum Programmer 2016-06-25 16:32 - 2016-06-25 16:32 - 15408536 _____ C:\Users\Mom_and_Dad\Downloads\Spektrum_Programmer-installer-2.0.0.0.exe 2016-06-17 07:34 - 2016-06-17 07:34 - 00000810 _____ C:\Users\Public\Desktop\GoPro Studio.lnk 2016-06-17 07:34 - 2016-06-17 07:34 - 00000000 ____D C:\Program Files (x86)\GoPro 2016-06-17 07:33 - 2016-06-17 07:33 - 00000860 _____ C:\Users\Public\Desktop\GoPro.lnk 2016-06-17 07:32 - 2016-06-17 07:32 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2016-06-17 07:32 - 2016-06-17 07:32 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2016-06-17 07:32 - 2016-06-17 07:32 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2016-06-17 07:32 - 2016-06-17 07:32 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2016-06-17 07:32 - 2016-06-17 07:32 - 00000000 ____D C:\Program Files\GoPro 2016-06-17 07:32 - 2016-06-17 07:32 - 00000000 ____D C:\Program Files (x86)\OpenAL 2016-06-16 15:42 - 2016-06-16 15:42 - 00316352 _____ (FTDI Ltd.) C:\Windows\system32\ftd2xx.dll 2016-06-16 15:42 - 2016-06-16 15:42 - 00274880 _____ (FTDI Ltd.) C:\Windows\system32\FTLang.dll 2016-06-16 15:42 - 2016-06-16 15:42 - 00274368 _____ (FTDI Ltd.) C:\Windows\SysWOW64\ftd2xx.dll 2016-06-16 15:42 - 2016-06-16 15:42 - 00168384 _____ (FTDI Ltd.) C:\Windows\system32\ftbusui.dll 2016-06-16 15:42 - 2016-06-16 15:42 - 00108352 _____ (FTDI Ltd.) C:\Windows\system32\Drivers\ftdibus.sys 2016-06-16 14:16 - 2016-06-16 14:16 - 00000000 ____D C:\Users\Mom_and_Dad\Documents\MaxCut Jobs 2016-06-16 13:56 - 2016-06-20 16:50 - 00000000 ____D C:\ProgramData\Maxima Software 2016-06-16 13:56 - 2016-06-16 13:56 - 00000000 ____D C:\Users\Administrator\AppData\Local\IsolatedStorage 2016-06-16 13:53 - 2016-06-16 13:54 - 52120560 _____ (Maxima Software (Pty) Ltd) C:\Users\Mom_and_Dad\Downloads\maxcutsetup.exe 2016-06-16 09:45 - 2016-06-16 09:48 - 196443168 _____ (GoPro, Inc.) C:\Users\Mom_and_Dad\Downloads\GoProStudioPC-2.5.9.2658.exe 2016-06-15 09:01 - 2016-06-06 10:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-06-15 09:01 - 2016-06-06 10:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-06-15 09:01 - 2016-06-03 07:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-06-15 09:01 - 2016-05-27 07:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-06-15 09:01 - 2016-05-27 07:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-06-15 09:01 - 2016-05-27 07:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-06-15 09:01 - 2016-05-27 07:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2016-06-15 09:01 - 2016-05-22 07:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-06-15 09:01 - 2016-05-18 10:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-06-15 09:01 - 2016-05-18 10:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-06-15 09:01 - 2016-05-13 16:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2016-06-15 09:01 - 2016-05-13 16:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2016-06-15 09:01 - 2016-05-13 16:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2016-06-15 09:01 - 2016-05-13 16:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2016-06-15 09:01 - 2016-05-13 16:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2016-06-15 09:01 - 2016-05-13 15:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2016-06-15 09:01 - 2016-05-13 15:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2016-06-15 09:01 - 2016-05-13 15:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2016-06-15 09:01 - 2016-05-13 15:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2016-06-15 09:01 - 2016-05-13 15:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2016-06-15 09:01 - 2016-05-12 11:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-06-15 09:01 - 2016-05-12 11:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-06-15 09:01 - 2016-05-12 11:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-06-15 09:01 - 2016-05-12 11:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-06-15 09:01 - 2016-05-12 11:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll 2016-06-15 09:01 - 2016-05-12 11:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-06-15 09:01 - 2016-05-12 11:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-06-15 09:01 - 2016-05-12 11:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL 2016-06-15 09:01 - 2016-05-12 11:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-06-15 09:01 - 2016-05-12 11:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-06-15 09:01 - 2016-05-12 09:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-06-15 09:01 - 2016-05-12 09:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-06-15 09:01 - 2016-05-12 09:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-06-15 09:01 - 2016-05-12 08:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2016-06-15 09:01 - 2016-05-12 08:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2016-06-15 09:01 - 2016-05-12 08:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-06-15 09:01 - 2016-05-12 08:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2016-06-15 09:01 - 2016-05-12 08:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-06-15 09:01 - 2016-05-12 08:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-06-15 09:01 - 2016-05-12 08:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-06-15 09:01 - 2016-05-12 08:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-06-15 09:01 - 2016-05-12 08:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-06-15 09:01 - 2016-05-12 07:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2016-06-15 09:01 - 2016-05-12 07:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2016-06-15 09:01 - 2016-05-12 07:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2016-06-15 09:01 - 2016-05-11 11:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll 2016-06-15 09:01 - 2016-05-11 11:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll 2016-06-15 09:01 - 2016-05-11 11:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2016-06-15 09:01 - 2016-05-11 11:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll 2016-06-15 09:01 - 2016-05-11 09:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll 2016-06-15 09:01 - 2016-05-11 09:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll 2016-06-15 09:01 - 2016-05-11 09:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2016-06-15 09:01 - 2016-05-11 09:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll 2016-06-15 09:01 - 2016-05-11 09:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe 2016-06-15 09:01 - 2016-05-11 09:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe 2016-06-15 09:01 - 2016-05-11 08:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys 2016-06-15 09:01 - 2016-04-14 10:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2016-06-15 09:01 - 2016-04-14 10:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2016-06-15 09:01 - 2016-04-14 10:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-06-15 09:01 - 2016-04-14 10:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2016-06-15 09:01 - 2016-04-14 10:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2016-06-15 09:01 - 2016-04-14 10:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2016-06-15 09:01 - 2016-04-14 09:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2016-06-15 09:01 - 2016-04-14 09:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-06-15 09:01 - 2016-04-14 09:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2016-06-15 09:01 - 2016-04-14 09:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2016-06-15 09:01 - 2016-04-14 09:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2016-06-15 09:01 - 2016-04-14 09:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2016-06-15 09:01 - 2016-04-09 00:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2016-06-15 09:01 - 2016-04-09 00:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2016-06-15 09:01 - 2016-04-09 00:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2016-06-15 09:01 - 2016-04-09 00:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2016-06-15 09:01 - 2016-04-08 23:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2016-06-15 09:01 - 2016-04-08 23:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-12 17:01 - 2015-07-31 08:48 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2016-07-12 17:01 - 2013-07-22 11:31 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Local\A1F1CFB1-510C-49B3-A73A-E446CD26EA6C.aplzod 2016-07-12 16:44 - 2011-11-10 19:57 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-12 16:44 - 2011-11-10 19:57 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-12 16:43 - 2011-12-16 10:59 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606606202-2619191921-1690171143-1001UA.job 2016-07-12 16:32 - 2015-06-29 14:19 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-07-12 16:20 - 2012-04-02 08:18 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-07-12 15:55 - 2015-03-29 14:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2016-07-12 15:25 - 2011-09-20 17:48 - 01720796 _____ C:\Windows\WindowsUpdate.log 2016-07-12 14:20 - 2012-04-02 08:18 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-07-12 14:20 - 2012-04-02 08:18 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-07-12 14:20 - 2011-09-20 17:57 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-07-12 13:20 - 2012-03-09 10:22 - 00000000 ____D C:\Windows\system32\Macromed 2016-07-12 13:20 - 2011-09-20 17:57 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-07-12 12:12 - 2011-11-10 16:51 - 00003974 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{25AE6BF1-2E00-4FE3-BF15-E42AE6633E8E} 2016-07-12 10:32 - 2015-06-29 14:19 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-07-12 10:10 - 2015-03-29 14:44 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-07-12 09:08 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-12 09:08 - 2009-07-13 22:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-12 09:05 - 2015-11-15 17:54 - 00000000 ___RD C:\Users\Mom_and_Dad\Creative Cloud Files 2016-07-12 09:05 - 2015-11-15 16:26 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-07-12 09:05 - 2011-11-10 22:00 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Local\Adobe 2016-07-12 09:04 - 2012-05-31 19:18 - 00000000 ___RD C:\Users\Mom_and_Dad\Dropbox 2016-07-12 08:53 - 2011-09-20 17:59 - 00000000 ____D C:\ProgramData\PDFC 2016-07-12 08:52 - 2014-05-11 17:52 - 00032302 _____ C:\Windows\setupact.log 2016-07-12 08:52 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-07-12 08:51 - 2014-05-11 17:51 - 00009912 _____ C:\Windows\errord.log 2016-07-12 08:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\tracing 2016-07-12 07:17 - 2014-05-11 17:52 - 00735418 _____ C:\Windows\PFRO.log 2016-07-12 07:15 - 2013-10-09 09:25 - 00000000 ____D C:\Users\Administrator\AppData\Local\9FE687CB-5E9E-4F44-8CA5-343257504280.aplzod 2016-07-12 07:10 - 2011-09-20 18:02 - 00000000 ____D C:\ProgramData\Norton 2016-07-11 18:44 - 2011-09-20 17:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-07-11 17:54 - 2011-11-12 09:18 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4DAC397C-3001-4825-958B-1E0DBC935276} 2016-07-11 17:43 - 2011-12-16 10:59 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606606202-2619191921-1690171143-1001Core.job 2016-07-11 17:05 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF 2016-07-11 16:45 - 2015-06-29 14:19 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-07-11 16:19 - 2016-04-26 12:08 - 00000000 ___RD C:\Users\Administrator\Creative Cloud Files 2016-07-11 16:19 - 2014-09-16 07:44 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe 2016-07-11 16:19 - 2011-11-28 11:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps 2016-07-11 16:18 - 2015-11-27 11:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-07-11 16:18 - 2014-12-03 11:26 - 00000000 ___RD C:\Users\Administrator\iCloudDrive 2016-07-11 08:15 - 2015-06-24 19:56 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-07-07 11:15 - 2016-03-19 10:41 - 00000033 _____ C:\Users\Mom_and_Dad\AppData\Roaming\AdobeWLCMCache.dat 2016-07-07 10:31 - 2012-05-09 17:29 - 00000000 ___HD C:\.bzvol 2016-07-06 22:06 - 2011-11-29 11:24 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Local\CrashDumps 2016-07-06 21:01 - 2011-11-28 12:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2016-07-06 20:55 - 2013-07-12 15:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\NPE 2016-07-06 20:51 - 2013-10-28 10:45 - 00000000 ____D C:\Users\Administrator\Downloads\TMRBLog 2016-07-06 20:47 - 2011-11-12 09:17 - 00000000 ____D C:\Users\Administrator 2016-07-06 20:42 - 2013-09-09 17:14 - 00000000 ____D C:\Users\Mom_and_Dad\Downloads\ZoneAlarm 2016-07-06 20:42 - 2013-07-19 14:38 - 00000000 ____D C:\Users\Mom_and_Dad\Downloads\inSSIDer 2016-07-06 16:31 - 2014-01-07 17:44 - 00000000 ____D C:\Program Files\Handbrake 2016-07-06 16:22 - 2012-04-24 14:15 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Roaming\HandBrake 2016-07-06 11:37 - 2014-06-22 11:38 - 00000286 _____ C:\Windows\system32\.crusader 2016-06-30 17:23 - 2016-02-17 10:09 - 00000000 ____D C:\Users\Public\Documents\AdobeInstalledCodecs 2016-06-30 17:18 - 2014-03-28 21:30 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2016-06-30 17:15 - 2014-09-23 10:52 - 00000000 ____D C:\ProgramData\Package Cache 2016-06-30 17:15 - 2011-09-20 17:58 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-06-29 12:32 - 2011-11-11 07:29 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-06-28 21:02 - 2015-03-30 21:30 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Roaming\avidemux 2016-06-28 20:30 - 2016-03-19 18:26 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Roaming\OBS 2016-06-26 16:34 - 2009-07-13 23:13 - 00791808 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-25 16:41 - 2015-04-27 21:22 - 00009196 _____ C:\Windows\DPINST.LOG 2016-06-24 07:27 - 2013-05-25 20:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-06-24 07:26 - 2013-05-25 20:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-06-23 21:54 - 2013-05-25 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-06-23 21:44 - 2016-03-20 15:57 - 00000000 ____D C:\Users\Mom_and_Dad\Documents\Illustrator Projects 2016-06-23 11:31 - 2012-01-21 14:46 - 00000000 ____D C:\Users\Public\Downloads\Norton 2016-06-22 13:49 - 2015-03-29 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2016-06-21 12:52 - 2011-11-10 17:19 - 00000000 ____D C:\ProgramData\HP 2016-06-17 12:46 - 2011-12-16 10:59 - 00002366 _____ C:\Users\Mom_and_Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-17 12:46 - 2011-12-16 10:59 - 00002358 _____ C:\Users\Mom_and_Dad\Desktop\Google Chrome.lnk 2016-06-17 07:36 - 2013-12-11 23:13 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Local\GoPro 2016-06-17 07:34 - 2015-10-18 16:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro 2016-06-17 06:58 - 2013-06-06 19:56 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-06-16 16:59 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache 2016-06-16 09:38 - 2009-07-13 22:45 - 07603872 _____ C:\Windows\system32\FNTCACHE.DAT 2016-06-16 09:35 - 2014-12-14 12:03 - 00000000 ____D C:\Windows\system32\appraiser 2016-06-15 22:50 - 2013-07-15 08:50 - 00000000 ____D C:\Windows\system32\MRT 2016-06-15 22:37 - 2011-11-10 20:48 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-06-15 11:00 - 2016-05-10 16:56 - 00000000 ____D C:\Users\Mom_and_Dad\Desktop\Wilson 2016-06-13 09:10 - 2012-05-31 19:14 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Roaming\Dropbox 2016-06-13 09:09 - 2015-06-29 14:19 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Local\Dropbox 2016-06-12 10:21 - 2016-03-16 09:43 - 00000000 ____D C:\Users\Mom_and_Dad\AppData\Local\Tempdivxe4a2 ==================== Files in the root of some directories ======= 2013-10-28 11:08 - 2013-10-28 11:08 - 0146744 _____ () C:\Users\Administrator\AppData\Local\ars.cache 2013-10-28 11:08 - 2013-10-28 11:08 - 0245454 _____ () C:\Users\Administrator\AppData\Local\census.cache 2013-10-28 10:47 - 2013-10-28 10:47 - 0000036 _____ () C:\Users\Administrator\AppData\Local\housecall.guid.cache 2012-03-14 09:35 - 2015-06-05 20:36 - 0007606 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg Files to move or delete: ==================== C:\Users\Administrator\en_res.dll C:\Users\Administrator\es_res.dll C:\Users\Administrator\fr_res.dll C:\Users\Administrator\grm_res.dll C:\Users\Administrator\it_res.dll C:\Users\Administrator\jp_res.dll C:\Users\Administrator\mfc80u.dll C:\Users\Administrator\msvcr80.dll C:\Users\Administrator\PCPE Setup.exe C:\Users\Administrator\pt_res.dll C:\Users\Administrator\ResourceReader.dll C:\Users\Administrator\ru_res.dll C:\Users\Administrator\zh_res.dll C:\Users\Mom_and_Dad\IP_Log_Data.js C:\Users\Mom_and_Dad\Network_Meter_Data.js Some files in TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\bzfclean.exe C:\Users\Administrator\AppData\Local\Temp\dllnt_dump.dll C:\Users\Administrator\AppData\Local\Temp\Setup-Wacom.exe C:\Users\Administrator\AppData\Local\Temp\vcredist_x64.exe C:\Users\Mom_and_Dad\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplh504n.dll C:\Users\Mom_and_Dad\AppData\Local\Temp\GarminExpressInstaller.exe C:\Users\Mom_and_Dad\AppData\Local\Temp\handbrake-setup.exe C:\Users\Mom_and_Dad\AppData\Local\Temp\mpa01308.exe C:\Users\Mom_and_Dad\AppData\Local\Temp\mpa01824.exe C:\Users\Mom_and_Dad\AppData\Local\Temp\RM7Setup.exe C:\Users\Mom_and_Dad\AppData\Local\Temp\Setup-Wacom.exe C:\Users\Mom_and_Dad\AppData\Local\Temp\uninst.exe Some zero byte size files/folders: ========================== C:\Windows\SysWOW64\atieclxx.exe C:\Windows\SysWOW64\conhost.exe C:\Windows\SysWOW64\csrss.exe C:\Windows\SysWOW64\dwm.exe C:\Windows\SysWOW64\lsm.exe C:\Windows\SysWOW64\services.exe C:\Windows\SysWOW64\smss.exe C:\Windows\SysWOW64\spoolsv.exe C:\Windows\SysWOW64\taskhost.exe C:\Windows\SysWOW64\winlogon.exe C:\Windows\SysWOW64\WUDFHost.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-07 00:04 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015 Ran by Administrator (2016-07-12 17:03:36) Running from C:\Users\Mom_and_Dad\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2011-11-10 22:45:25) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-606606202-2619191921-1690171143-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-606606202-2619191921-1690171143-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-606606202-2619191921-1690171143-1002 - Limited - Enabled) Mom_and_Dad (S-1-5-21-606606202-2619191921-1690171143-1001 - Limited - Enabled) => C:\Users\Mom_and_Dad ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton AntiVirus (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton AntiVirus (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 123D Design R1.6 (HKLM\...\123D Design) (Version: 1.6.41 - Autodesk, Inc.) 2011 Hallmark Registration Bonus Pack (HKLM-x32\...\{E0570DE2-4B9D-47B6-A034-3B18829C0EAC}) (Version: 1.0.0.1 - Creative Home) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.01.18.0 - Ralink) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.272 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated) Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Illustrator CC 2015 (HKLM-x32\...\ILST_19_2_1) (Version: 19.2.1 - Adobe Systems Incorporated) Adobe Media Encoder CC 2015 (HKLM-x32\...\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}) (Version: 9.2.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 6.0 (HKLM-x32\...\Adobe Photoshop Elements 6) (Version: 6.0 - Adobe Systems Inc.) Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.2.0 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.) Akamai NetSession Interface (HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Akamai) (Version: - Akamai Technologies, Inc) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden AntiLogger SDK version 1.7.6.367 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.7.6.367 - Zemana Ltd.) Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) AT&T Connect Participant Application v11.1.205 (HKLM-x32\...\{500C89CE-400B-4C33-9AF6-50BE8C512EEA}) (Version: 11.1.205 - AT&T Inc.) AT&T Connect Recording Converter Utility v1.0.51 (HKLM-x32\...\{71F8B03E-D6B6-416F-8BD3-A93ED8770F31}) (Version: 1.0.51 - AT&T Inc.) ATI Catalyst Install Manager (HKLM\...\{F580D12E-01E5-31A6-A321-7C8E6D5361A5}) (Version: 3.0.829.0 - ATI Technologies, Inc.) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Autodesk SketchBook (HKLM\...\{C0D41025-EDBF-4354-A5BA-86B27A78BC25}) (Version: 8.00.0001 - Autodesk) Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - ) Backblaze (HKLM-x32\...\Backblaze) (Version: - Backblaze, Inc) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation) Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Blio (HKLM-x32\...\{AEDA8713-5521-4600-9AC2-81674A9EDC4F}) (Version: 2.2.7689 - K-NFB Reading Technology, Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden CA Pest Patrol Realtime Protection (HKLM-x32\...\{F05A5232-CE5E-4274-AB27-44EB8105898D}) (Version: 001.001.0034 - Computer Associates Inc.) Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden CamStudio 2.7 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source) Camtasia Studio 8 (HKLM-x32\...\{56E884B5-B9B6-4432-B209-3A3EF41C7A01}) (Version: 8.0.3.1018 - TechSmith Corporation) Canon PowerShot SX280 HS and SX270 HS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSX280HSandSX270HS) (Version: 1.0.0.1 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform) Check Point SSL Network Extender (HKLM-x32\...\{7110af2d-343a-4e30-b580-29a7b2ef9818}) (Version: 7.01.0000 - CheckPoint) Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.58 - DivX, LLC) Dropbox (HKLM-x32\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden Elevated Installer (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - ) Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - ) Folder Size 2.0.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}}_is1) (Version: 2.0.0.0 - MindGems, Inc.) Garmin BaseCamp (HKLM-x32\...\{22613FA5-4D3B-4EE5-8E4A-39EBE649324E}) (Version: 3.3.3 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin (HKLM-x32\...\{13F054F3-0B07-4D15-9E80-C55B496AB557}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{2639b4f0-83b4-4f3d-942f-e4ba22a40b9b}) (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries) Garmin TOPO U.S. 2008 (HKLM-x32\...\{47BA74C5-1890-4ED2-954A-AD11186D8E26}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries) Garmin Trip and Waypoint Manager v4 (HKLM-x32\...\{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}) (Version: 4.0.0.0 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Genie Timeline (HKLM-x32\...\Genie Timeline) (Version: 5.0 - Genie9) Google Chrome (HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden GoPro (Version: 0.1.2733 - GoPro, Inc.) Hidden GoPro for Desktop (HKLM-x32\...\{88734dc7-c200-4ad3-b29f-bb5e436cb30f}) (Version: 1.4.0.2733 - GoPro, Inc.) GoPro Studio (x32 Version: 5.9.2733 - GoPro, Inc.) Hidden Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Hallmark Card Studio 2011 Deluxe (HKLM-x32\...\{62687EAC-F27D-49AC-A0E2-3899B0459113}) (Version: 12.0.5.1 - Hallmark Software) Hallmark Card Studio 2013 Deluxe (HKLM-x32\...\{A6E08FBC-FC99-4CEE-B645-83A42107BE89}) (Version: 14.0.1.1 - Creative Home) HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - ) HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.265 - SurfRight B.V.) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{EE7C94CC-BECB-4000-B5E3-D895307B9D5E}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Officejet Pro 8500 A910 Help (HKLM-x32\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard) HP Officejet Pro 8500 A910 Product Improvement Study (HKLM\...\{0308919C-E317-4293-8D3C-97EF307BCDBC}) (Version: 22.50.231.0 - Hewlett-Packard Co.) HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard) HP Support Solutions Framework (HKLM-x32\...\{C43602FE-988C-47BA-9F9F-B95FDDAFB624}) (Version: 11.50.0031 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard) I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6349.0 - IDT) InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl) iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.) Japanese Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Kerbal Space Program (HKLM-x32\...\{ED501254-06B8-4883-B7F3-4799C9EDD288}_is1) (Version: 1.0 - Squad) LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech) Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - ) Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MediaInfo 0.7.84 (HKLM\...\MediaInfo) (Version: 0.7.84 - MediaArea.net) Meshmixer (HKLM\...\Meshmixer_x64) (Version: 10.9.297 - Autodesk, Inc.) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4833.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Project Professional 2013 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 15.0.4833.1001 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.7.0.11 - Symantec Corporation) Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.1 - ) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.13.2 - OBS Project) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4833.1001 - Microsoft Corporation) Hidden Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation) PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.310 - PDF Complete, Inc) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden PIXELA AAC LC CODEC (HKLM-x32\...\PIXELA AAC LC CODEC) (Version: 1.1.0.1 - Canon Inc.) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.6305 - CyberLink Corp.) Power2Go (x32 Version: 6.1.6305 - CyberLink Corp.) Hidden PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric) PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.10.1217.0 - NewspaperDirect Inc.) PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden QuickBooks (x32 Version: 19.0.4014.705 - Intuit Inc.) Hidden QuickBooks Pro 2009 (HKLM-x32\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4014.705 - Intuit Inc.) RazorSQL 5.1.4 (HKLM-x32\...\RazorSQL 5.1.4_is1) (Version: - Richardson Software, LLC) Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - ) Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software) RootsMagic 7.0.11.0 (HKLM-x32\...\{D6286873-A757-4A4D-A6EF-0081B3EE32CA}_is1) (Version: RootsMagic 7.0.11.0 - RootsMagic, Inc.) RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Screencast-O-Matic v2.0 (HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\Screencast-O-Matic v2.0) (Version: v2.0 - Screencast-O-Matic) Sizer 3.34 (HKLM-x32\...\{DE43AA92-E8C0-4620-AFE2-FBD623C71643}) (Version: 3.3.4.0 - Brian Apps) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden Snapshot Viewer (HKLM-x32\...\Snapshot Viewer) (Version: - ) Spektrum Programmer (HKLM-x32\...\Spektrum Programmer) (Version: 2.0.0.0 - Horizon Hobby) Stellar Phoenix Outlook PST Repair (HKLM-x32\...\Stellar Phoenix Outlook PST Repair_is1) (Version: 4.5.0.0 - Stellar Information Systems Ltd.) SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Trend Micro RUBotted 2.0 Beta (HKLM-x32\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.) Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.6.7 - Tweaking.com) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-3 - Wacom Technology Corp.) WD My Cloud (HKLM\...\{BDB0A166-050E-4C36-8F89-3304DBDE3018}) (Version: 1.0.5.40 - Western Digital Technologies, Inc.) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.) WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro) Windows Driver Package - Horizon Hobby USB Interface AS3X Programmer Driver (03/09/2016 2.12.16) (HKLM\...\AF31292D759C0492C6EA53A117E414F0A74F3AD3) (Version: 03/09/2016 2.12.16 - Horizon Hobby) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinX DVD Ripper 5.6.0 (HKLM-x32\...\WinX DVD Ripper_is1) (Version: - Digiarty Software, Inc.) Wisdom-soft ScreenHunter 6.0 Pro (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Pro) (Version: - Wisdom Software Inc.) Xilisoft iPhone Ringtone Maker (HKLM-x32\...\Xilisoft iPhone Ringtone Maker) (Version: 3.2.0.20150324 - Xilisoft) Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.4) (Version: 1.3.4 - Xvid Team) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-606606202-2619191921-1690171143-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-606606202-2619191921-1690171143-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-606606202-2619191921-1690171143-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-606606202-2619191921-1690171143-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-606606202-2619191921-1690171143-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-606606202-2619191921-1690171143-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-606606202-2619191921-1690171143-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-606606202-2619191921-1690171143-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net) CustomCLSID: HKU\S-1-5-21-606606202-2619191921-1690171143-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-606606202-2619191921-1690171143-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-606606202-2619191921-1690171143-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-606606202-2619191921-1690171143-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-606606202-2619191921-1690171143-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-606606202-2619191921-1690171143-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-606606202-2619191921-1690171143-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mom_and_Dad\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-606606202-2619191921-1690171143-500_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) ==================== Restore Points ========================= 06-07-2016 11:33:48 Checkpoint by HitmanPro 11-07-2016 18:42:24 Removed ToolBook Neuron ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {014DBB1B-4359-406B-A662-982AF9AF8A67} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-04-08] () Task: {03ECB3EF-A797-4995-9201-1BC9E641FE87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company) Task: {057997E5-A670-4B5E-BF6E-CAB512FCE9E6} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-06-06] (Microsoft Corporation) Task: {059B76E9-A779-4004-8039-13FFA3B3C30E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-05-20] (Microsoft Corporation) Task: {082E3588-FEB0-41EC-A007-E856B93E02F4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {0ECE0D13-6AEF-4BBD-8F36-6BD6021F1D62} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-05-20] (Microsoft Corporation) Task: {1168444C-2B9C-4E90-B2D3-74D96756451B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.) Task: {143CC7FD-55A5-4C5E-9C01-C7D736C3D50E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-606606202-2619191921-1690171143-1001UA => C:\Users\Mom_and_Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.) Task: {1D8CB416-DA7C-44DB-8BE7-F84FD1D963CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-606606202-2619191921-1690171143-1001Core => C:\Users\Mom_and_Dad\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.) Task: {33E5E399-A0C9-4C44-9AAD-915BCA6AE275} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {35E4442B-4628-4050-9E64-086E8F10BBB9} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton AntiVirus\Upgrade.exe [2015-07-27] (Symantec Corporation) Task: {37035880-9A80-4D88-9C81-4512A2D021D3} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-29] (Dropbox, Inc.) Task: {37E02B51-1701-4040-9A57-4D9CE07AC6FA} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {4F997877-6883-4209-9D80-21DDC1E5D5A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd) Task: {55466F2C-8BEA-4657-853A-C893B4C4D505} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated) Task: {62394C38-FAA6-405F-B657-B044A54AA523} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) Task: {67203E5A-66E7-405D-BCDC-0253F2545464} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation) Task: {6B49BC61-78E6-4124-BEFB-8212B48C3C46} - System32\Tasks\Accessories => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe [2011-06-21] (Microsoft) Task: {7F00C3D5-2AE6-49FD-BD75-C89AC0ED26FC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {7F56FA94-E8F3-43B1-97B1-1FB23E3FA6BE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\WSCStub.exe [2015-07-27] (Symantec Corporation) Task: {8BA51F8C-9B27-4556-BDE1-161497D0B3F0} - System32\Tasks\FileTransfer => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe [2011-06-21] (Microsoft) Task: {94AA438A-B4C9-4FB0-A090-AAEFEC66270C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {A7752EA5-70F1-460E-B63A-651AF9C545C7} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {AF99D173-6719-41E3-88B9-5DAC9C33680B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-29] (Dropbox, Inc.) Task: {B460ABD9-92F7-4BE8-A12D-2288C5A6EDA5} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {B61E2260-16C1-448D-BAF2-48DB85692B18} - System32\Tasks\AdobeAAMUpdater-1.0-Mom_and_Dad-HP-Mom_and_Dad => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-05-05] (Adobe Systems Incorporated) Task: {B96B2446-0DDE-4271-A735-63C15E95E203} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe [2016-05-20] (Microsoft Corporation) Task: {BAC1E649-A3B1-4F74-9762-212D14E4143A} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe [2011-06-21] (Microsoft) Task: {BAF3E4E0-805A-415A-8425-333900CC2161} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation) Task: {CE253E94-47E6-46F9-B093-8BC62164D72F} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-07-20] (CyberLink) Task: {CEFFDF1E-1218-45E1-BCC6-DB092FF72B4E} - System32\Tasks\HPCustParticipation HP Officejet Pro 8500 A910 => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.) Task: {D18E6B6F-A3F4-470D-862E-1D8F246CF6CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.) Task: {ED71FA50-B4C4-41D8-A77F-A3FC15549A2A} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-04-13] (DivX, LLC) Task: {F043735B-F936-4BA9-8362-66AC22EFB787} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation) Task: {FB758E13-2D81-4139-A5FA-DB737454A93B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606606202-2619191921-1690171143-1001Core.job => C:\Users\Mom_and_Dad\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606606202-2619191921-1690171143-1001UA.job => C:\Users\Mom_and_Dad\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2007-09-11 01:45 - 2007-09-11 01:45 - 00124832 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-07-07 10:31 - 2016-07-07 10:31 - 00354984 _____ () C:\Program Files (x86)\Backblaze\bzserv.exe 2014-03-25 11:23 - 2016-04-19 19:26 - 00114888 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-12-02 07:29 - 2013-12-02 07:29 - 00332800 _____ () C:\Program Files\Genie9\Genie Timeline\OnlineHandler.dll 2013-11-20 01:39 - 2013-11-20 01:39 - 00045568 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogging.dll 2013-12-02 07:29 - 2013-12-02 07:29 - 00491008 _____ () C:\Program Files\Genie9\Genie Timeline\GSIndexDB.dll 2012-02-02 03:16 - 2012-02-02 03:16 - 00740864 _____ () C:\Program Files\Genie9\Genie Timeline\sqlite3.dll 2012-04-24 03:29 - 2012-04-24 03:29 - 00011264 _____ () C:\Program Files\Genie9\Genie Timeline\RWLock.dll 2013-12-02 07:29 - 2013-12-02 07:29 - 00211456 _____ () C:\Program Files\Genie9\Genie Timeline\Settings.dll 2013-11-20 01:39 - 2013-11-20 01:39 - 00089600 _____ () C:\Program Files\Genie9\Genie Timeline\GSEncryption.dll 2013-12-02 07:29 - 2013-12-02 07:29 - 00087040 _____ () C:\Program Files\Genie9\Genie Timeline\QueueManager.dll 2013-12-02 07:29 - 2013-12-02 07:29 - 00722944 _____ () C:\Program Files\Genie9\Genie Timeline\GSBackupManager.dll 2013-12-02 07:29 - 2013-12-02 07:29 - 00371200 _____ () C:\Program Files\Genie9\Genie Timeline\GSWatcher4.dll 2013-02-11 05:34 - 2013-02-11 05:34 - 00045056 _____ () C:\Program Files\Genie9\Genie Timeline\pcre.dll 2013-02-11 05:34 - 2013-02-11 05:34 - 00097792 _____ () C:\Program Files\Genie9\Genie Timeline\pcrebase.dll 2013-12-02 07:29 - 2013-12-02 07:29 - 00054784 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogManager.dll 2012-02-02 03:16 - 2012-02-02 03:16 - 00010752 _____ () C:\Program Files\Genie9\Genie Timeline\VSSEngine_Proxy.dll 2013-11-20 01:39 - 2013-11-20 01:39 - 00058368 _____ () C:\Program Files\Genie9\Genie Timeline\GSLibrariesManager.dll 2016-05-12 00:39 - 2016-05-12 00:39 - 00037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe 2016-05-22 19:33 - 2016-05-22 19:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2014-08-19 11:57 - 2013-11-20 01:39 - 00045568 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogging.gtl 2014-08-19 11:57 - 2013-12-02 07:29 - 00491008 _____ () C:\Program Files\Genie9\Genie Timeline\GSIndexDB.gtl 2014-08-19 11:57 - 2012-02-02 03:16 - 00740864 _____ () C:\Program Files\Genie9\Genie Timeline\sqlite3.gtl 2014-08-19 11:57 - 2012-04-24 03:29 - 00011264 _____ () C:\Program Files\Genie9\Genie Timeline\RWLock.gtl 2014-08-19 11:57 - 2013-12-02 07:29 - 00211456 _____ () C:\Program Files\Genie9\Genie Timeline\Settings.gtl 2014-08-19 11:57 - 2013-11-20 01:39 - 00089600 _____ () C:\Program Files\Genie9\Genie Timeline\GSEncryption.gtl 2014-08-19 11:57 - 2013-12-02 07:29 - 00722944 _____ () C:\Program Files\Genie9\Genie Timeline\GSBackupManager.gtl 2014-08-19 11:57 - 2013-12-02 07:29 - 00371200 _____ () C:\Program Files\Genie9\Genie Timeline\GSWatcher4.gtl 2014-08-19 11:57 - 2013-12-02 07:29 - 00332800 _____ () C:\Program Files\Genie9\Genie Timeline\OnlineHandler.gtl 2014-08-19 11:57 - 2013-12-02 07:29 - 00054784 _____ () C:\Program Files\Genie9\Genie Timeline\GSLogManager.gtl 2014-08-19 11:57 - 2013-12-02 07:29 - 00087040 _____ () C:\Program Files\Genie9\Genie Timeline\QueueManager.gtl 2014-08-19 11:57 - 2012-02-02 03:16 - 00010752 _____ () C:\Program Files\Genie9\Genie Timeline\VSSEngine_Proxy.gtl 2014-08-19 11:57 - 2013-11-20 01:39 - 00058368 _____ () C:\Program Files\Genie9\Genie Timeline\GSLibrariesManager.gtl 2011-07-18 15:04 - 2011-07-18 15:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll 2013-12-02 07:29 - 2013-12-02 07:29 - 00063488 _____ () C:\Program Files\Genie9\Genie Timeline\XBalloonMsgDll.dll 2013-11-20 01:39 - 2013-11-20 01:39 - 00093696 _____ () C:\Program Files\Genie9\Genie Timeline\GSCurl.dll 2016-03-09 21:52 - 2016-01-11 11:30 - 01349824 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll 2016-05-12 00:39 - 2016-05-12 00:39 - 01088944 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe 2016-07-07 10:31 - 2016-07-07 10:31 - 04434600 _____ () C:\Program Files (x86)\Backblaze\x64\bztransmit64.exe 2016-05-22 19:32 - 2016-05-22 19:32 - 31680176 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe 2011-07-04 02:20 - 2011-07-04 02:20 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2011-03-14 15:20 - 2011-03-14 15:20 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2016-07-06 21:07 - 2016-07-04 13:47 - 24204360 _____ () C:\Program Files\RogueKiller\RogueKiller64.exe 2016-04-22 01:07 - 2016-04-22 01:07 - 00313656 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll 2016-07-07 10:31 - 2016-07-07 10:31 - 00518312 _____ () C:\Program Files (x86)\Backblaze\bzfilelist.exe 2013-10-28 11:15 - 2010-08-24 19:06 - 00085840 _____ () C:\Program Files (x86)\Trend Micro\RUBotted\hc_help.dll 2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 00244024 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2015-04-22 13:06 - 2015-04-22 13:06 - 00041472 _____ () C:\Users\Mom_and_Dad\AppData\Local\ATT Connect\Participant\IwRegVC90.dll 2015-04-22 12:25 - 2015-04-22 12:25 - 01121792 _____ () C:\Users\Mom_and_Dad\AppData\Local\ATT Connect\Participant\ACE.dll 2016-02-22 17:41 - 2016-02-22 17:41 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2016-06-03 03:36 - 2016-06-03 03:36 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll 2016-07-11 16:45 - 2016-06-06 19:58 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2016-07-11 16:44 - 2016-06-06 19:58 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2016-07-11 16:44 - 2016-06-06 19:59 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2016-07-11 16:44 - 2016-06-06 19:58 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2016-07-11 16:45 - 2016-06-06 19:58 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2016-07-11 16:45 - 2016-06-06 19:58 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2016-07-11 16:45 - 2016-07-05 12:00 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2016-07-11 16:45 - 2016-06-06 20:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2016-07-11 16:44 - 2016-06-06 19:58 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2016-07-11 16:45 - 2016-07-05 12:00 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2016-07-11 16:45 - 2016-06-06 19:58 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2016-07-11 16:44 - 2016-07-05 11:59 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2016-07-11 16:45 - 2016-06-06 19:59 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2016-07-11 16:44 - 2016-07-05 11:59 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2016-07-11 16:44 - 2016-07-05 11:59 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2016-07-11 16:45 - 2016-07-05 12:00 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-07-11 16:44 - 2016-07-05 12:00 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2016-07-11 16:44 - 2016-07-05 12:00 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2016-07-11 16:44 - 2016-06-06 20:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2016-07-11 16:45 - 2016-06-06 20:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2016-07-11 16:45 - 2016-06-06 20:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2016-07-11 16:45 - 2016-06-06 20:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2016-07-11 16:45 - 2016-07-05 12:00 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd 2016-07-11 16:45 - 2016-06-06 20:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2016-07-11 16:45 - 2016-06-06 20:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2016-07-11 16:45 - 2016-06-06 20:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2016-07-11 16:45 - 2016-06-06 20:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2016-07-11 16:45 - 2016-06-06 20:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2016-07-11 16:45 - 2016-07-05 12:00 - 00023872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd 2016-07-11 16:44 - 2016-07-05 12:00 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-07-11 16:45 - 2016-06-06 20:00 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2016-07-11 16:45 - 2016-06-06 20:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2016-07-11 16:44 - 2016-07-05 11:59 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2016-07-11 16:45 - 2016-06-06 20:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2016-07-11 16:45 - 2016-07-05 12:00 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-07-11 16:45 - 2016-07-05 12:00 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd 2016-07-11 16:45 - 2016-07-05 12:00 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd 2016-07-11 16:45 - 2016-06-06 19:58 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2016-07-11 16:44 - 2016-06-06 19:59 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd 2016-07-11 16:44 - 2016-07-05 11:59 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2016-07-11 16:45 - 2016-07-05 12:00 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2016-07-11 16:45 - 2016-06-06 20:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2016-07-11 16:45 - 2016-07-05 12:00 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2016-07-11 16:44 - 2016-07-05 12:00 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2016-07-11 16:44 - 2016-06-06 20:01 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2016-07-11 16:44 - 2016-07-05 12:00 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2016-07-11 16:44 - 2016-07-05 12:00 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2016-07-11 16:45 - 2016-06-06 19:59 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2016-07-11 16:44 - 2016-07-05 12:00 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2016-07-11 16:44 - 2016-07-05 12:00 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2016-07-11 16:44 - 2016-07-05 12:00 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2016-07-11 16:44 - 2016-07-05 12:00 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2016-07-11 16:44 - 2016-07-05 12:00 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2016-07-11 16:44 - 2016-07-05 12:00 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2016-07-11 16:45 - 2016-06-06 20:00 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2016-07-11 16:45 - 2016-07-05 12:00 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2016-07-11 16:44 - 2016-07-05 12:00 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2016-07-11 16:44 - 2016-07-05 12:00 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2016-07-11 16:44 - 2016-06-06 20:02 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll 2016-07-11 16:44 - 2016-06-06 20:02 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2016-07-11 16:45 - 2016-06-06 20:04 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2016-06-08 00:10 - 2016-06-08 00:10 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node 2016-06-08 00:10 - 2016-06-08 00:10 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2016-06-08 00:10 - 2016-06-08 00:10 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node 2016-06-08 00:10 - 2016-06-08 00:10 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node 2016-06-08 00:41 - 2016-06-08 00:41 - 00109760 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin7.dll 2016-06-08 00:10 - 2016-06-08 00:10 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node 2016-05-20 17:30 - 2016-05-20 17:30 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node 2016-05-20 17:30 - 2016-05-20 17:30 - 00121344 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node 2016-05-20 17:31 - 2016-05-20 17:31 - 00126464 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node 2016-05-20 17:31 - 2016-05-20 17:31 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2016-06-03 03:20 - 2016-06-03 03:20 - 00109760 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin7.dll 2016-05-20 17:30 - 2016-05-20 17:30 - 00121856 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node 2016-05-20 17:29 - 2016-05-20 17:29 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node 2016-05-03 08:41 - 2016-05-03 08:41 - 00322232 _____ () C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\sqlite.dll 2016-06-17 12:46 - 2016-06-15 03:15 - 01745560 _____ () C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-17 12:46 - 2016-06-15 03:15 - 00091288 _____ () C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\51.0.2704.103\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Program Files (x86)\Database Master:{71007400-4C00-7000-5000-370066004300} AlternateDataStreams: C:\ProgramData\Temp:054203E4 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\coair.com -> hxxps://pilotcbt.coair.com IE trusted site: HKU\S-1-5-21-606606202-2619191921-1690171143-1001\...\united.com -> hxxps://united.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-606606202-2619191921-1690171143-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mom_and_Dad\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-606606202-2619191921-1690171143-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{BDD20A01-9025-4182-9949-DAB3A8998D81}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{9C8E78AE-9729-4968-995E-1A13AB6F8BB2}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe FirewallRules: [{6848940E-2000-421B-8803-426A80A70886}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{D8843734-D5FC-4FD9-ABB3-606B80AB29E5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe FirewallRules: [{92624C2B-D16B-4E0C-B644-21706BBC259B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{7AEDC520-8A10-4723-B420-1A231533027B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{6281A576-6CEC-4F2D-AD0C-CD7BA3B70BC1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{C3618607-B8FC-4101-99FF-6C76CC5CE541}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{C6989E12-9B36-462A-9C39-929E3B8D2180}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{9915FD3A-BBDC-4676-8106-80D1B296706D}] => (Allow) LPort=2869 FirewallRules: [{3626AC65-C935-4DA2-855A-B569B854927F}] => (Allow) LPort=1900 FirewallRules: [{5A040BB0-E43C-4785-8209-BC2AE2F325A4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{CBE3839B-B0D1-4373-BFFD-22975A5D3E16}] => (Allow) C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe FirewallRules: [{5B575788-1005-4432-A454-B2A5BA7F3D61}] => (Allow) C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe FirewallRules: [{E3AD1262-ED52-412E-BCFB-55D55ACA6FF3}] => (Allow) C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe FirewallRules: [{200D35B6-D7B0-4512-8D5C-E8751ED73016}] => (Allow) C:\Program Files\hp\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe FirewallRules: [{3AC6A0BE-56E5-4CD0-90D1-7B158FE8118A}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{66ABE305-3C39-4F5A-9C1F-E9FEC110F556}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe FirewallRules: [{EED02C0A-5309-48DB-A076-AA48D0530ECF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C66FD5E0-4189-48D6-93FF-1A989273BF99}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{393174BA-C7BE-4746-A5A6-7DB63762B66B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9283EA99-0A7C-4C16-A5D8-4E3EB5C73139}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{D998C31C-9B00-49EC-97B2-288CFFBAE413}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe FirewallRules: [UDP Query User{42CC3F93-F77A-479F-B38F-24FCA0B4D7B6}C:\program files (x86)\airport\aputil.exe] => (Allow) C:\program files (x86)\airport\aputil.exe FirewallRules: [{0AF09C94-97C5-44C1-B3B2-BD149572008E}] => (Block) C:\program files (x86)\airport\aputil.exe FirewallRules: [{99A65044-B2DC-4C6A-9C1A-828E871C4440}] => (Block) C:\program files (x86)\airport\aputil.exe FirewallRules: [{18D29923-8F48-402E-AB77-2F9D47578B9C}] => (Allow) LPort=5353 FirewallRules: [{4EEE5257-5713-4C51-9FBF-CACE171871D3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{5967AD0F-D0EA-4297-845D-BF455EB1BDF1}] => (Allow) C:\Program Files (x86)\AirPort\APAgent.exe FirewallRules: [{0829B931-74B1-4923-AAAF-D4C3186DD8B7}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe FirewallRules: [{9A7887AB-606E-4853-AC46-BC0CF4F69A2A}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe FirewallRules: [{E0C7578A-F718-4823-90E9-C73B4D1BC6C8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [TCP Query User{B2C1F920-AA6E-424E-913A-C0FAE2F3F79B}C:\users\mom_and_dad\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mom_and_dad\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{252C70EC-ABB4-4892-A441-00F378D66B3E}C:\users\mom_and_dad\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\mom_and_dad\appdata\local\akamai\netsession_win.exe FirewallRules: [{2B09FA3F-36D6-4A31-835D-795FDA159946}] => (Block) C:\users\mom_and_dad\appdata\local\akamai\netsession_win.exe FirewallRules: [{54D0ADFC-F69B-48D1-985B-8D47400547C5}] => (Block) C:\users\mom_and_dad\appdata\local\akamai\netsession_win.exe FirewallRules: [{BB1E08C8-F838-44AD-98FD-0E00AF4F04E1}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe FirewallRules: [{EAE38B78-9241-404C-B510-D22638C3539B}] => (Allow) C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe FirewallRules: [{8DF44189-C8D2-4DAF-964F-EF565B1E95CC}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{DDA2906A-BFDB-493C-A8A6-3FB7D623B88B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{CE1576E8-6252-4E82-81D3-F4391714A5BB}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [TCP Query User{5C0FD6A4-7154-4F67-AAB1-646948996B01}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe FirewallRules: [UDP Query User{9430A15A-631E-473B-94E5-636D07983F60}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe FirewallRules: [{1B21084E-7BC9-47F8-B678-88D9CFE3CF77}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C3A82C37-CF6C-4D44-8A6F-19A3DE965F2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{74CC9DBE-5994-4590-941C-6CC3759F3D2B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{30EDC5EF-3A4F-411B-AACF-ACC174DE4AD4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{E03F9D0C-384F-49DA-B94F-4CE66205B7CC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{9A79D110-F581-4254-A881-3522C51F170E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{27F826F8-EFDD-408C-A781-1523B4F94290}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{3E099957-1786-45B1-BC7A-7F1A71D84DC0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{92A9C6DB-A1B1-47BC-9AEC-20E7690BBC3D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{2748C0AA-9AD6-47BE-B529-19A4DD8683B5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{A512249C-A83E-4102-A600-23299801308D}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro.exe FirewallRules: [{339F0A43-A74B-4396-8CDC-71925414A79C}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe FirewallRules: [{0F3B2505-31F8-493A-BC8F-CF85C8E3BFA2}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe FirewallRules: [{CA6B2F06-CFC9-401C-B4AD-9C348F286ED5}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe FirewallRules: [{FEE66BA8-DC0E-4E5E-9227-C70BFE908145}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{36CB0FEC-1D3D-4601-96F0-E7D941FD9501}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7 StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7 ==================== Faulty Device Manager Devices ============= Name: H:\ Description: SM/xD-Picture Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: G:\ Description: Compact Flash Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: F:\ Description: Officejet Pro 85 Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: HP Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: J:\ Description: MS/MS-Pro Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: NetGroup Packet Filter Driver Description: NetGroup Packet Filter Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NPF Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: I:\ Description: SD/MMC Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (07/12/2016 04:21:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(04:1e:64:53:36:77@fe80::61e:64ff:fe53:3677._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (07/12/2016 04:21:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(28:6a:ba:1c:7d:42@fe80::2a6a:baff:fe1c:7d42._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (07/12/2016 04:21:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(78:d7:5f:13:9e:ff@fe80::7ad7:5fff:fe13:9eff._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (07/12/2016 04:21:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(8c:29:37:24:c1:76@fe80::8e29:37ff:fe24:c176._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (07/12/2016 04:21:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(d8:9e:3f:17:6a:7d@fe80::da9e:3fff:fe17:6a7d._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (07/12/2016 04:21:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(e0:c9:7a:39:10:17@fe80::e2c9:7aff:fe39:1017._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (07/12/2016 04:21:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Client application bug: DNSServiceResolve(28:6a:ba:c3:f8:25@fe80::2a6a:baff:fec3:f825._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (07/12/2016 04:19:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 24 Error: (07/12/2016 04:19:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 23 Error: (07/12/2016 04:19:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: ERROR: handle_resolve_request bad interfaceIndex 22 System errors: ============= Error: (07/12/2016 05:05:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 05:05:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 05:05:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 05:05:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 05:05:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 05:05:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 05:05:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 05:05:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 05:05:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 Error: (07/12/2016 05:05:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error: %%2 ==================== Memory info =========================== Processor: AMD A8-3800 APU with Radeon(tm) HD Graphics Percentage of memory in use: 49% Total physical RAM: 15856.58 MB Available physical RAM: 8003.28 MB Total Virtual: 31711.35 MB Available Virtual: 24659.06 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:919.77 GB) (Free:182.49 GB) NTFS Drive d: (HP_RECOVERY) (Fixed) (Total:11.65 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive x: (GenieTimeII) (Fixed) (Total:1863.01 GB) (Free:578.16 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted July 13, 2016 ID:1050722 Share Posted July 13, 2016 Thanks for the logs, continue as follows: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Go here: https://www.zemana.com/Download download and install Zemana Anti-malware. Allow a shortcut to be saved to your Desktop.. The tool will be active with a 15 day trial.... Right click on Zemana Antimalware and select "Run as Administrator" From the GUI select "Settings" In the new window Select 1. Updates, when complete Select 2. Real Time Protection. In the next window make sure 1. all boxes are checkmarked and the action is "Quarantine" and then " 2. Select the home icon. In the new window select "Scan" When the scan completes check each found entry (if any). For "Suspicious Browser Settings" choose REPAIR for all other entries choose QUARANTINE then select the "Next" tab The action complete window will open, from there select the "Back" tab. That will take you back to the home screen... On that screen select the "Reports" tab. (Looks like 3 chimneys) On that screen select and highlite the scan details line, then select "Open Report" Copy and paste that log to your reply... Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Next, Download Sophos Free Virus Removal Tool and save it to your desktop. Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... Let me see those logs, also give an update on any remaining issues or concerns... Thank you, Kevin... Fixlist.txt Link to post Share on other sites More sharing options...
dsenn Posted July 13, 2016 Author ID:1050777 Share Posted July 13, 2016 Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015 Ran by Administrator (2016-07-13 07:15:53) Run:1 Running from C:\Users\Mom_and_Dad\Downloads Loaded Profiles: Mom_and_Dad & Administrator (Available Profiles: Mom_and_Dad & Administrator) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: HKLM\...\Winlogon: [Userinit] userinit.exe,,C:\Users\X.Kate.X\AppData\Local\ssdcvpis\byuogprj.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\Run: [ByuOgprj] => C:\Users\X.Kate.X\AppData\Local\ssdcvpis\byuogprj.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\...\MountPoints2: {2d20980a-94da-11df-acd0-0024542a0220} - F:\AutoRun.exe R2 vToolbarUpdater19.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\19.4.0\ToolbarUpdater.exe [1888328 2016-05-03] (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search U0 bydg; C:\windows\System32\drivers\kkqmxg.sys [52440 2016-06-19] (Malwarebytes) C:\windows\System32\drivers\kkqmxg.sys U4 MpsSvc; no ImagePath S3 RimUsb; System32\Drivers\RimUsb.sys [X] 2012-12-17 20:12 - 2012-12-17 20:12 - 0000000 _____ () C:\Users\X.Kate.X\AppData\Roaming\wklnhst.dat 2012-10-28 18:21 - 2012-10-28 18:21 - 0002001 ____H () C:\Users\X.Kate.X\AppData\Local\54a91719a.log 2012-10-28 18:12 - 2016-06-18 12:36 - 0192639 _____ () C:\Users\X.Kate.X\AppData\Local\atqdnlkp.log 2012-10-24 21:57 - 2016-06-19 17:56 - 0000028 _____ () C:\Users\X.Kate.X\AppData\Local\cchhcomd.log 2012-10-24 21:57 - 2014-06-01 10:02 - 0432624 _____ () C:\Users\X.Kate.X\AppData\Local\dsluulta.log 2012-10-24 21:57 - 2012-10-24 21:57 - 0000000 _____ () C:\Users\X.Kate.X\AppData\Local\ekstorfo.log 2012-10-24 21:58 - 2016-06-19 15:43 - 0286369 _____ () C:\Users\X.Kate.X\AppData\Local\esbnsvtt.log 2012-10-24 21:57 - 2014-08-16 12:20 - 0000025 _____ () C:\Users\X.Kate.X\AppData\Local\hlcfehdu.log 2014-01-11 15:43 - 2014-08-16 12:21 - 0002675 _____ () C:\Users\X.Kate.X\AppData\Local\jiwuuhqk.log 2014-01-11 15:43 - 2014-08-16 12:21 - 0515740 _____ () C:\Users\X.Kate.X\AppData\Local\lbnrhguq.log 2012-10-24 21:58 - 2012-10-24 21:58 - 0000307 _____ () C:\Users\X.Kate.X\AppData\Local\nimkrkoa.log 2013-01-10 20:39 - 2013-12-17 15:14 - 0000004 _____ () C:\Users\X.Kate.X\AppData\Local\nuybkggq.log 2012-10-24 21:59 - 2014-01-11 15:42 - 0003605 _____ () C:\Users\X.Kate.X\AppData\Local\ouflveuq.log 2014-01-11 15:43 - 2014-08-16 12:21 - 0003472 _____ () C:\Users\X.Kate.X\AppData\Local\ppghmpro.log 2012-10-24 21:59 - 2014-01-11 15:42 - 0538676 _____ () C:\Users\X.Kate.X\AppData\Local\qnyiidxi.log 2012-10-24 21:59 - 2014-01-11 15:42 - 0003288 _____ () C:\Users\X.Kate.X\AppData\Local\ucoxkmyr.log 2012-10-24 21:57 - 2013-08-11 11:52 - 0000670 _____ () C:\Users\X.Kate.X\AppData\Local\xfhjnosw.log C:\ProgramData\0tbpw.pad 2010-07-20 17:51 - 2009-08-17 05:16 - 0131368 _____ () C:\ProgramData\FullRemove.exe 2012-10-24 21:57 - 2012-10-24 21:57 - 0000064 _____ () C:\ProgramData\pgpfadqe.log 2009-12-05 03:52 - 2009-12-05 03:52 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2009-12-05 03:50 - 2009-12-05 03:50 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log 2009-12-05 03:47 - 2009-12-05 03:47 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2009-12-05 03:51 - 2009-12-05 03:51 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log 2009-12-05 03:46 - 2009-12-05 03:46 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2009-12-05 03:47 - 2009-12-05 03:50 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log C:\Program Files\AVG Secure Search Hosts: CMD: ipconfig /flushdns EmptyTemp: end ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value restored successfully HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ByuOgprj => value not found. HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => key not found. HKU\S-1-5-21-1871111397-3539990770-1974983793-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2d20980a-94da-11df-acd0-0024542a0220} => key not found. HKCR\CLSID\{2d20980a-94da-11df-acd0-0024542a0220} => key not found. vToolbarUpdater19.4.0 => service not found. "C:\Program Files\Common Files\AVG Secure Search" => File/Folder not found. bydg => service not found. "C:\windows\System32\drivers\kkqmxg.sys" => File/Folder not found. MpsSvc => Unable to stop service. MpsSvc => service removed successfully RimUsb => service not found. "C:\Users\X.Kate.X\AppData\Roaming\wklnhst.dat" => File/Folder not found. "C:\Users\X.Kate.X\AppData\Local\54a91719a.log" => File/Folder not found. "C:\Users\X.Kate.X\AppData\Local\atqdnlkp.log" => File/Folder not found. "C:\Users\X.Kate.X\AppData\Local\cchhcomd.log" => File/Folder not found. "C:\Users\X.Kate.X\AppData\Local\dsluulta.log" => File/Folder not found. "C:\Users\X.Kate.X\AppData\Local\ekstorfo.log" => File/Folder not found. "C:\Users\X.Kate.X\AppData\Local\esbnsvtt.log" => File/Folder not found. "C:\Users\X.Kate.X\AppData\Local\hlcfehdu.log" => File/Folder not found. "C:\Users\X.Kate.X\AppData\Local\jiwuuhqk.log" => File/Folder not found. "C:\Users\X.Kate.X\AppData\Local\lbnrhguq.log" => File/Folder not found. "C:\Users\X.Kate.X\AppData\Local\nimkrkoa.log" => File/Folder not found. "C:\Users\X.Kate.X\AppData\Local\nuybkggq.log" => File/Folder not found. "C:\Users\X.Kate.X\AppData\Local\ouflveuq.log" => File/Folder not found. "C:\Users\X.Kate.X\AppData\Local\ppghmpro.log" => File/Folder not found. "C:\Users\X.Kate.X\AppData\Local\qnyiidxi.log" => File/Folder not found. "C:\Users\X.Kate.X\AppData\Local\ucoxkmyr.log" => File/Folder not found. "C:\Users\X.Kate.X\AppData\Local\xfhjnosw.log" => File/Folder not found. "C:\ProgramData\0tbpw.pad" => File/Folder not found. "C:\ProgramData\FullRemove.exe" => File/Folder not found. "C:\ProgramData\pgpfadqe.log" => File/Folder not found. "C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log" => File/Folder not found. "C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log" => File/Folder not found. "C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log" => File/Folder not found. "C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log" => File/Folder not found. "C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log" => File/Folder not found. "C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log" => File/Folder not found. "C:\Program Files\AVG Secure Search" => File/Folder not found. C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => 5.5 GB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 07:25:26 ==== Zemana AntiMalware 2.21.2.139 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2016/7/13 Operating System : Windows 7 64-bit Processor : 4X AMD A8-3800 APU with Radeon(tm) HD Graphics BIOS Mode : Legacy CUID : 12A54F2EBCC276A026C428 Scan Type : Smart Scan Duration : 2m 36s Scanned Objects : 14891 Detected Objects : 1 Excluded Objects : 0 Read Level : Normal Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- Internet Explorer Search Status : Scanned Object : Search By ZoneAlarm - http://search.zonealarm.com MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Related Objects : Browser Setting - Internet Explorer Search Cleaning Result ------------------------------------------------------- Cleaned : 1 Reported as safe : 0 Failed : 0 MORE TO FOLLOW Link to post Share on other sites More sharing options...
dsenn Posted July 13, 2016 Author ID:1050779 Share Posted July 13, 2016 # AdwCleaner v5.201 - Logfile created 13/07/2016 at 09:00:42 # Updated 30/06/2016 by ToolsLib # Database : 2016-07-13.1 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (X64) # Username : Administrator - MOM_AND_DAD-HP # Running from : C:\Users\Mom_and_Dad\Desktop\AdwCleaner.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Users\Mom_and_Dad\AppData\Roaming\download Manager [-] Folder Deleted : C:\Users\Administrator\AppData\Local\eSupport.com [-] Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Check Point Software Technologies LTD ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F} [-] Key Deleted : HKCU\Software\Check Point Software Technologies LTD [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\Updater By Sweetpacks [-] Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal ***** [ Web browsers ] ***** [-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com [-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* \AdwCleaner\AdwCleaner[C1].txt - [3505 bytes] - [13/07/2016 09:00:42] \AdwCleaner\AdwCleaner[R0].txt - [7080 bytes] - [11/05/2014 16:24:13] \AdwCleaner\AdwCleaner[S1].txt - [3661 bytes] - [13/07/2016 08:55:59] ########## EOF - \AdwCleaner\AdwCleaner[C1].txt - [3718 bytes] ########## Link to post Share on other sites More sharing options...
kevinf80 Posted July 13, 2016 ID:1050789 Share Posted July 13, 2016 Thanks for those logs, post JRT and Sophos logs when ready, also give an update on any remaining issues or concerns.. Thank you, Kevin.... Link to post Share on other sites More sharing options...
dsenn Posted July 13, 2016 Author ID:1050831 Share Posted July 13, 2016 Kevin, Sophos showed clean, and here is JRT log. I have seen no MB alerts about the virus. I will shut down tonight and reboot in the AM and let you know. I will also contribute a donation via the link on your posts in the near future. Thank you very much for your assistance! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 7 Home Premium x64 Ran by Administrator (Limited) on Wed 07/13/2016 at 17:09:42.16 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 07/13/2016 at 17:20:27.35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Going forward, I had NAV and MB running as my primary anti-malware protection. Do you have any recommendations for which software a person should be using in these times? Cost is no object because you can pay now or later, and since I had these systems running I thought (incorrectly) that I was protected. Thank you again for your assistance! David Link to post Share on other sites More sharing options...
dsenn Posted July 14, 2016 Author ID:1050842 Share Posted July 14, 2016 Well, I was premature in my jubilation to be rid of Trojan.Agent.ENM. I left my computer for a few hours (no open programs) to run errands, and found MalwareBytes had alerted me of another quarentine event of the same virus. I quarentined it, ran Zemana with a clean report. Any ideas? Link to post Share on other sites More sharing options...
kevinf80 Posted July 14, 2016 ID:1050884 Share Posted July 14, 2016 Can you post the log from Malwarebytes that shows the found entry. Or open Malwarebytes, maximize the screen so the GUI is full screen, Select > History > Quarantine.. Under "Location" you will see the list of quarantine items, the most recent will be at the bottom. Can you give the navigational address of the Trojan entries, or better still take a screen shot and attach the image to your reply.... Thank you, Kevin.... Link to post Share on other sites More sharing options...
dsenn Posted July 14, 2016 Author ID:1050930 Share Posted July 14, 2016 Here are both screen shots. Link to post Share on other sites More sharing options...
kevinf80 Posted July 14, 2016 ID:1050948 Share Posted July 14, 2016 Those last entries are related to Norton AV program, each time Malwarebytes removes that file Norton will put it back... You could restore the file from the Quarantine folder, then add it as exclusion so that Malwarebytes ignores it for now.... When you have that done upload that file to VirusTotal for a re-check. lets see if the file is safe... https://virustotal.com/ Let me know the outcome... Thank you, Kevin... Link to post Share on other sites More sharing options...
dsenn Posted July 15, 2016 Author ID:1051065 Share Posted July 15, 2016 VirusTotal analysis tab showed all green checkmarks. The file I uploaded to virustotal has a timestamp of 6/29/16 1:22PM and is there right now. I did not release it from quarentine. When I trie, it produced an error "Unable to restore quarantined item (filename) The handle is invalid" Here is protection log for today from MB: Malwarebytes Anti-Malware www.malwarebytes.org Update, 7/14/2016 7:25 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Malware Database, 2016.7.14.3, 2016.7.14.6, Protection, 7/14/2016 7:25 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Starting, Protection, 7/14/2016 7:25 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopping, Protection, 7/14/2016 7:25 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopped, Protection, 7/14/2016 7:27 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Success, Protection, 7/14/2016 7:27 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/14/2016 7:27 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, Update, 7/14/2016 8:19 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, IP Database, 2016.7.12.2, 2016.7.14.1, Update, 7/14/2016 8:19 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Domain Database, 2016.7.13.3, 2016.7.14.1, Protection, 7/14/2016 8:19 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Starting, Protection, 7/14/2016 8:19 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopping, Protection, 7/14/2016 8:19 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopped, Protection, 7/14/2016 8:19 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Success, Protection, 7/14/2016 8:19 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/14/2016 8:19 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, Update, 7/14/2016 8:22 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Domain Database, 2016.7.14.1, 2016.7.14.2, Protection, 7/14/2016 8:22 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Starting, Protection, 7/14/2016 8:22 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopping, Protection, 7/14/2016 8:22 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopped, Protection, 7/14/2016 8:22 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Success, Protection, 7/14/2016 8:22 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/14/2016 8:22 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, Update, 7/14/2016 9:19 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Domain Database, 2016.7.14.2, 2016.7.14.3, Update, 7/14/2016 9:19 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Malware Database, 2016.7.14.6, 2016.7.14.7, Protection, 7/14/2016 9:19 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Starting, Protection, 7/14/2016 9:19 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopping, Protection, 7/14/2016 9:19 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopped, Protection, 7/14/2016 9:19 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Success, Protection, 7/14/2016 9:19 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/14/2016 9:19 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, Update, 7/14/2016 10:49 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Domain Database, 2016.7.14.3, 2016.7.14.4, Protection, 7/14/2016 10:49 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Starting, Protection, 7/14/2016 10:49 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopping, Protection, 7/14/2016 10:49 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopped, Protection, 7/14/2016 10:49 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Success, Protection, 7/14/2016 10:49 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/14/2016 10:49 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, Update, 7/14/2016 11:34 AM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Domain Database, 2016.7.14.4, 2016.7.14.5, Protection, 7/14/2016 11:34 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Starting, Protection, 7/14/2016 11:34 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopping, Protection, 7/14/2016 11:34 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopped, Protection, 7/14/2016 11:34 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Success, Protection, 7/14/2016 11:34 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/14/2016 11:34 AM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, Detection, 7/14/2016 12:35 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Domain, 169.55.70.244, ap.lijit.com, 59328, Outbound, C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe, Detection, 7/14/2016 12:35 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Domain, 169.55.70.244, ap.lijit.com, 59328, Outbound, C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe, Detection, 7/14/2016 12:35 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Domain, 169.55.70.244, ap.lijit.com, 59330, Outbound, C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe, Update, 7/14/2016 12:49 PM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Malware Database, 2016.7.14.7, 2016.7.14.8, Protection, 7/14/2016 12:49 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Starting, Protection, 7/14/2016 12:49 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopping, Protection, 7/14/2016 12:49 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopped, Protection, 7/14/2016 12:49 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Success, Protection, 7/14/2016 12:49 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/14/2016 12:49 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, Update, 7/14/2016 1:49 PM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Malware Database, 2016.7.14.8, 2016.7.14.9, Protection, 7/14/2016 1:49 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Starting, Protection, 7/14/2016 1:49 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopping, Protection, 7/14/2016 1:49 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopped, Protection, 7/14/2016 1:49 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Success, Protection, 7/14/2016 1:49 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/14/2016 1:49 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, Update, 7/14/2016 2:34 PM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Malware Database, 2016.7.14.9, 2016.7.14.10, Protection, 7/14/2016 2:34 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Starting, Protection, 7/14/2016 2:34 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopping, Protection, 7/14/2016 2:34 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopped, Protection, 7/14/2016 2:34 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Success, Protection, 7/14/2016 2:34 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/14/2016 2:34 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, Update, 7/14/2016 3:04 PM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Domain Database, 2016.7.14.5, 2016.7.14.6, Protection, 7/14/2016 3:04 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Starting, Protection, 7/14/2016 3:04 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopping, Protection, 7/14/2016 3:04 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopped, Protection, 7/14/2016 3:04 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Success, Protection, 7/14/2016 3:04 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/14/2016 3:04 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, Update, 7/14/2016 3:19 PM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Malware Database, 2016.7.14.10, 2016.7.14.11, Protection, 7/14/2016 3:19 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Starting, Protection, 7/14/2016 3:19 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopping, Protection, 7/14/2016 3:19 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopped, Protection, 7/14/2016 3:19 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Success, Protection, 7/14/2016 3:19 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/14/2016 3:19 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, Update, 7/14/2016 3:52 PM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Domain Database, 2016.7.14.6, 2016.7.14.7, Protection, 7/14/2016 3:52 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Starting, Protection, 7/14/2016 3:52 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopping, Protection, 7/14/2016 3:52 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopped, Protection, 7/14/2016 3:52 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Success, Protection, 7/14/2016 3:52 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/14/2016 3:52 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, Scan, 7/14/2016 5:34 PM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Start:7/14/2016 4:46 PM, Duration:48 min 19 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, Update, 7/14/2016 7:19 PM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Malware Database, 2016.7.14.11, 2016.7.15.1, Protection, 7/14/2016 7:19 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Starting, Protection, 7/14/2016 7:19 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopping, Protection, 7/14/2016 7:19 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Stopped, Protection, 7/14/2016 7:19 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Refresh, Success, Protection, 7/14/2016 7:19 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Starting, Protection, 7/14/2016 7:19 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Started, (end) Link to post Share on other sites More sharing options...
kevinf80 Posted July 15, 2016 ID:1051082 Share Posted July 15, 2016 What is the current status of your system now, are there any remaining issues or concerns.. I see tha latest record from Malwarebytes list no findings... Quote Scan, 7/14/2016 5:34 PM, SYSTEM, MOM_AND_DAD-HP, Scheduler, Start:7/14/2016 4:46 PM, Duration:48 min 19 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, One other point of note is outbound calls from Chrome being blocked... Quote Detection, 7/14/2016 12:35 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Domain, 169.55.70.244, ap.lijit.com, 59328, Outbound, C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe, Detection, 7/14/2016 12:35 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Domain, 169.55.70.244, ap.lijit.com, 59328, Outbound, C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe, Detection, 7/14/2016 12:35 PM, SYSTEM, MOM_AND_DAD-HP, Protection, Malicious Website Protection, Domain, 169.55.70.244, ap.lijit.com, 59330, Outbound, C:\Users\Mom_and_Dad\AppData\Local\Google\Chrome\Application\chrome.exe, Those quoted may possibly be down to a browser hijacker, i`d like you to make a clean install of Chrome, see if that issue clears up..... If your Chrome Bookmarks are important do this first: Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks..... Continue for a clean install: Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions... It is essntial that any/all synced data is removed when the browser is hijacked or exploited in anyway... Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!! Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata) For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb Install DrWeb Link Ant-virus Link Checker: https://chrome.google.com/webstore/detail/drweb-anti-virus-link-che/aleggpabliehgbeagmfhnodcijcmbonb?hl=en Thank you, Kevin... Link to post Share on other sites More sharing options...
dsenn Posted July 15, 2016 Author ID:1051240 Share Posted July 15, 2016 Kevin, Did all the above with fresh Chrome install. Added the Chrome apps you recommended. Will run Malware Scan again tonight. I ran one before Chrome remove/replace and system showed clean EVEN WITH that temp file MB was catching earlier. Let me watch the system and I'll keep you posted. Thanks again for your help. Link to post Share on other sites More sharing options...
kevinf80 Posted July 15, 2016 ID:1051242 Share Posted July 15, 2016 Hello dsenn, Thanks for the update, let me know if there are any remaining issues or concerns whenever you`re ready... Cheers, Kevin... Link to post Share on other sites More sharing options...
dsenn Posted July 22, 2016 Author ID:1052253 Share Posted July 22, 2016 Ran MalwarBytes and Zemana deep scan this morning after a few days of normal use of the computer. Both scans came up clean. MB quarantine is empty protection logs for last few day show 0 malware detected. I think things are going OK now. Thanks again! Link to post Share on other sites More sharing options...
kevinf80 Posted July 22, 2016 ID:1052280 Share Posted July 22, 2016 Excellent news, thanks for the update.... I guess we can clean up. To remove Zemana and Sophos download and run the following uninstaller: Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information) Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required. Run the tool, the main GUI will populate with installed programs list, Left click on Program name to highlight that entry. Select Action from the Menu bar, then Uninstall from there follow the prompts. If Uninstall fails open the "Action" menu one more time and use "Force Removal" option Next, Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down:"Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Remove disinfection tools <----- this will remove tools we have used. Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 26, 2016 Root Admin ID:1052765 Share Posted July 26, 2016 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts