bt.etree open torrent

[gsheston]

I can't get torrents to open in etree?

I have put uttorent in process

domain to bt.etree

what else....

 

[AdvancedSetup]

I'm sorry but we need a bit more information as to what you're issue is. Are you running MBAM and saying it's blocking sites for your torrent client?

Can you please post the protection log from MBAM as well as these other logs so we can see what's going on.

 

Please read the following and post back the 3 requested logs as an attachment.
 
Diagnostic Logs
 
Thanks

[gsheston]

i think this will cover what you wanted to see?

I am running Malwarebyes Anti-Malware Home Premium 2.2.1.1043

Anti Exploit Premium

 

1.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2016
Ran by abc1234 (2016-07-19 07:48:36)
Running from C:\Users\abc1234\Desktop
Windows 8.1 (Update) (X64) (2013-11-26 22:09:37)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

abc1234 (S-1-5-21-2625480065-3508373211-4195982266-1001 - Administrator - Enabled) => C:\Users\abc1234
Administrator (S-1-5-21-2625480065-3508373211-4195982266-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2625480065-3508373211-4195982266-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2625480065-3508373211-4195982266-1001\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
470_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Aimersoft DVD Ripper(Build 3.0.0.2) (HKLM-x32\...\Aimersoft DVD Ripper_is1) (Version:  - Aimersoft Software)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 9 - Illustrate)
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.4 - Illustrate)
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DISH Anywhere Video Player (HKLM-x32\...\{D180F2F3-9CD4-4867-A221-D81C725D8045}) (Version: 2.24.2 - DISH Anywhere)
DriverUpdate (HKLM-x32\...\{C85A8187-7E95-429D-9C9C-57C10268B3CF}) (Version: 2.2.38275 - SlimWare Utilities, Inc.)
Drobo Dashboard (HKLM-x32\...\{863885B3-7C05-421C-8817-568712778745}) (Version: 2.8.1 - Drobo)
Dropbox (HKU\S-1-5-21-2625480065-3508373211-4195982266-1001\...\Dropbox) (Version: 6.4.14 - Dropbox, Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Express Burn Disc Burning Software (HKLM-x32\...\ExpressBurn) (Version: 4.77 - NCH Software)
Express Rip CD Ripper Software (HKLM-x32\...\ExpressRip) (Version: 1.97 - NCH Software)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
Free Audio Converter version 5.0.29.925 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.29.925 - DVDVideoSoft Ltd.)
Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
H470 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{6821D775-9303-46DD-977A-2D97CA18B054}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1218 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{92E8BC5B-6023-4846-8151-415351A4FAFF}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Officejet 100 Mobile L411 14.0 Rel. 6 (HKLM\...\{10F8981F-4F44-4201-9654-1440AE3FE7FA}) (Version: 14.0 - HP)
HP Officejet H470 14.0 Rel. 6 (HKLM\...\{52DE907F-8A0B-47A2-A3CA-3653BEB3834B}) (Version: 14.0 - HP)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6433.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
L411 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
L411_Help (x32 Version: 1.000.000.000 - Hewlett-Packard) Hidden
L411_Software_Min (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Logitech Media Server 7.7.5 (HKLM-x32\...\Logitech Media Server_is1) (Version: 7.7.5 - Logitech)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2625480065-3508373211-4195982266-1001\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Mp3tag v2.57 (HKLM-x32\...\Mp3tag) (Version: v2.57 - Florian Heidenreich)
MPM (HKLM-x32\...\{00772F8B-37FF-4704-A47D-72B30BFAF126}) (Version: 1.00.0000 - Hewlett-Packard)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.20 - Portforward, LLC)
PPD Deutsch - Englisch (HKLM-x32\...\{74F3A101-F1FB-45EA-82A4-4D0AE7FB8119}) (Version: 3.3 - Sattler Reitsport-Hinderniss-Agentur)
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Serif DrawPlus Starter Edition (HKLM-x32\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Tag&Rename 3.9.8 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.9.8 - Softpointer Inc)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Trader's Little Helper 2.7.0 (HKLM-x32\...\TradersLittleHelper_is1) (Version: 2.7.0 - Robert Hoffmann)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
WaveLab 6 (HKLM-x32\...\WaveLabPro) (Version: 6.1.1.353 - Steinberg)
Waves Diamond Bundle v5.2 (HKLM-x32\...\Waves Diamond Bundle v5.2) (Version:  - )
WD SmartWare (HKLM\...\{B36AB323-9849-4486-AB8F-93E64A06E716}) (Version: 1.1.1.6 - Western Digital)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.7 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.64  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-2625480065-3508373211-4195982266-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.00 beta 7 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.7 - win.rar GmbH)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\abc1234\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\abc1234\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\abc1234\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\abc1234\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\abc1234\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\abc1234\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\abc1234\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\abc1234\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\abc1234\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\abc1234\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\abc1234\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\abc1234\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2625480065-3508373211-4195982266-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\abc1234\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {006D8EE8-D751-4BCE-A7A5-06E3A0A8CFA7} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-26] (Synaptics Incorporated)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {1B09E509-F559-405E-8893-90A2B6B38652} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {2454701D-F8BA-4BEF-9430-EA2E7F058C77} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {26C9F5D3-D0AE-4830-BFAC-53B620A9F880} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2625480065-3508373211-4195982266-1001 => C:\Users\abc1234\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-05-20] (Microsoft Corporation)
Task: {2D9048E4-9BA9-46C1-BD46-24C8A8903176} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {31ADB78D-1A16-4F13-9D9B-9AB023C6DC6B} - \MySearchDial -> No File <==== ATTENTION
Task: {365C02E8-890F-4513-A678-57CF7E88ACF1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {49A4754F-252F-4418-9AF9-042F103A2C8F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {53F48024-4542-4121-A19C-F8F743FD5770} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {6B70836E-DDF9-4AC1-9C20-349588D5C3C5} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)
Task: {6B9B05C7-5CFE-4319-AD0B-EFE0CA958732} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-10] (Microsoft Corporation)
Task: {6D77DCD7-F4BB-4F79-B1F9-01D020640470} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2625480065-3508373211-4195982266-1001UA => C:\Users\abc1234\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {6F27627E-03BF-458B-BF89-84287796C89B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {726178AD-20A6-4897-A756-C6162CB56EB4} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2012-09-17] ()
Task: {74F19CE6-93FE-403D-B29B-864A94D1FB58} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {7D28972D-38C2-4384-85EA-05EAC3A2B79D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)
Task: {8404F358-01D8-49E9-B09D-FC39124E0CFD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2625480065-3508373211-4195982266-1001Core => C:\Users\abc1234\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {88ED1BA7-1FF5-49AE-A59B-17D0C13A65D0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {8A570112-FCAA-48A5-89BB-41BA93F29582} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {948619B2-69A0-47B7-839C-700602089F27} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {9C07EB7B-F903-4B32-A64D-4D6996435EAC} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {A12D678B-51FD-423A-AEFA-06F844A512E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {AA58717D-E01C-4E56-B37A-0FB99D464E56} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {C13C25FE-80F3-4E71-8903-FA2DF318A12F} - System32\Tasks\HPCeeScheduleForabc1234 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C29D9C9F-8BEB-4F56-87D7-1FE481F965BF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {CAA234D9-2743-4841-B14C-B9FABC2069ED} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {EB6A8AE8-6181-464F-A3E7-60F4FE21D68F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-12] (CyberLink)
Task: {ED186483-5753-41B8-B957-5380AD5F0DFE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {F5C07E59-F686-4A6F-931F-C564AB106719} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-07-15] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2625480065-3508373211-4195982266-1001Core.job => C:\Users\abc1234\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2625480065-3508373211-4195982266-1001UA.job => C:\Users\abc1234\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForabc1234.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\abc1234\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html

==================== Loaded Modules (Whitelisted) ==============

2014-10-04 15:50 - 2012-08-31 15:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2014-10-04 15:51 - 2012-08-31 15:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2012-09-06 04:47 - 2012-09-06 04:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2016-05-19 09:55 - 2016-06-10 05:05 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-06-07 05:16 - 2013-06-07 05:16 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2012-10-12 21:22 - 2012-10-12 21:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-10-12 21:22 - 2012-10-12 21:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-10-12 21:22 - 2012-10-12 21:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2009-08-19 16:49 - 2009-08-19 16:49 - 00049152 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
2009-02-25 15:18 - 2009-02-25 15:18 - 01196032 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL
2013-11-26 18:10 - 2013-11-26 18:10 - 00120224 _____ () C:\Users\abc1234\AppData\Local\assembly\dl3\1TTNW3BR.2Y9\DD9LKO6B.C85\c6044ba0\00f33f28_e1a8cd01\HPItunesModule.DLL
2013-06-07 05:16 - 2013-06-07 05:16 - 00019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2013-10-17 18:33 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00028774 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00024679 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00032878 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00024701 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00028779 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00020601 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\4461f48e31bde5c56b31b973b773de09\List.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00118918 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00082048 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00020576 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00036964 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\f233f63b6654362865c7577442edb9e3\Win32.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00020590 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00082033 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00024676 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00061540 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\e56c61f7248672819579325af3387035\POSIX.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00094334 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\eb138ef0e4282611dbf485a302784646\LibYAML.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00053340 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00184414 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\bd5179a413bc0c4b82eedc22c6cab101\re.dll
2016-07-16 10:22 - 2016-07-16 10:22 - 00024701 ____R () C:\Users\abc1234\AppData\Local\Temp\pdk-abc1234-1828\93e7e3d6030f426844228042348210cf\Service.dll
2016-06-13 09:52 - 2016-06-06 21:58 - 00034768 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-07-11 21:18 - 2016-06-06 21:58 - 00134088 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-07-11 21:18 - 2016-06-06 21:59 - 00019408 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-07-11 21:18 - 2016-06-06 21:58 - 00116688 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-06-13 09:52 - 2016-06-06 21:58 - 00093640 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-06-13 09:52 - 2016-06-06 21:58 - 00018376 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\select.pyd
2016-06-13 09:52 - 2016-07-05 14:00 - 00019760 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-06-13 09:52 - 2016-06-06 22:00 - 00105928 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-07-11 21:18 - 2016-06-06 21:58 - 00392144 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-06-13 09:52 - 2016-07-05 14:00 - 00381752 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-06-13 09:52 - 2016-06-06 21:58 - 00692688 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-07-11 21:18 - 2016-07-05 13:59 - 00020816 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-06-13 09:52 - 2016-06-06 21:59 - 00123856 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-07-11 21:18 - 2016-07-05 13:59 - 01682760 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-07-11 21:18 - 2016-07-05 13:59 - 00020808 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-06-13 09:52 - 2016-07-05 14:00 - 00021840 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-07-11 21:18 - 2016-07-05 14:00 - 00052024 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-07-11 21:18 - 2016-07-05 14:00 - 00038696 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-07-11 21:18 - 2016-06-06 22:00 - 00020936 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-06-13 09:52 - 2016-06-06 22:00 - 00024528 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-06-13 09:52 - 2016-06-06 22:00 - 00114640 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-06-13 09:52 - 2016-06-06 22:00 - 00124880 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-06-13 09:52 - 2016-07-05 14:00 - 00021832 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-06-13 09:52 - 2016-06-06 22:00 - 00024016 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-06-13 09:52 - 2016-06-06 22:00 - 00175560 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-06-13 09:52 - 2016-06-06 22:00 - 00030160 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-06-13 09:52 - 2016-06-06 22:00 - 00043472 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-06-13 09:52 - 2016-06-06 22:00 - 00048592 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-06-13 09:52 - 2016-07-05 14:00 - 00023872 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-07-11 21:18 - 2016-07-05 14:00 - 00026456 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-06-13 09:52 - 2016-06-06 22:00 - 00057808 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-06-13 09:52 - 2016-06-06 22:00 - 00024016 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-07-11 21:18 - 2016-07-05 13:59 - 00246592 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-06-13 09:52 - 2016-06-06 22:00 - 00028616 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-06-13 09:52 - 2016-07-05 14:00 - 00020800 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-06-13 09:52 - 2016-07-05 14:00 - 00019776 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-06-13 09:52 - 2016-07-05 14:00 - 00020800 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-06-13 09:52 - 2016-06-06 21:58 - 00134608 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-07-11 21:18 - 2016-06-06 21:59 - 00240584 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-07-11 21:18 - 2016-07-05 13:59 - 00020280 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-06-13 09:52 - 2016-07-05 14:00 - 00023376 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-06-13 09:52 - 2016-06-06 22:00 - 00350152 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-06-13 09:52 - 2016-07-05 14:00 - 00022352 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-07-11 21:18 - 2016-07-05 14:00 - 00024392 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-07-11 21:18 - 2016-06-06 22:01 - 00036296 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\librsync.dll
2016-07-11 21:18 - 2016-07-05 14:00 - 00084280 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-07-11 21:18 - 2016-07-05 14:00 - 01826096 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-06-13 09:52 - 2016-06-06 21:59 - 00083912 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\sip.pyd
2016-07-11 21:18 - 2016-07-05 14:00 - 03928880 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-07-11 21:18 - 2016-07-05 14:00 - 01971504 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-07-11 21:18 - 2016-07-05 14:00 - 00531248 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-07-11 21:18 - 2016-07-05 14:00 - 00132912 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-07-11 21:18 - 2016-07-05 14:00 - 00223544 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-07-11 21:18 - 2016-07-05 14:00 - 00207672 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-06-13 09:52 - 2016-06-06 22:00 - 00060880 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-06-13 09:52 - 2016-07-05 14:00 - 00024904 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-07-11 21:18 - 2016-07-05 14:00 - 00546096 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-07-11 21:18 - 2016-07-05 14:00 - 00357680 _____ () C:\Users\abc1234\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2013-05-03 23:47 - 2012-06-25 14:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-2625480065-3508373211-4195982266-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2625480065-3508373211-4195982266-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2625480065-3508373211-4195982266-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\abc1234\Pictures\camera\IMAG0373.jpg
DNS Servers: 192.168.0.1 - 205.171.2.226
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Install Webroot FF RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install Webroot IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKU\S-1-5-21-2625480065-3508373211-4195982266-1001\...\StartupApproved\Run: => "Power2GoExpress8"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FA093B32-41B5-4EF6-9C60-9924A8BC9D55}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{9892BB4C-7A0A-4189-B8B7-574E3538F279}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{9BAC86C9-BA5F-4F4A-BB82-93146B45459D}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{7BA99707-BBC2-4DAD-9432-5F8DFB6EFD12}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{9D8EBA07-7FCE-4F6E-9AD5-BC5348F72324}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{99CF9525-155A-4F41-8F85-313B9E8569C0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{984B8AC8-8655-45FA-B7A6-31BEA3C3B344}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{C4446297-CF51-4640-A93B-849076C68FD1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{95A94AD1-F284-4133-8603-7A5D9A0810D7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{773A4C38-2DBC-48C7-AE3A-DAB273F2F4DB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{CD37A629-A354-42CA-8019-E0051EF10D77}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{E121CDE2-DE95-416F-B861-CB32F7F5F793}] => (Allow) C:\Users\abc1234\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4C506E06-6162-40B8-9AC7-0336AA13C3CF}] => (Allow) C:\Users\abc1234\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{DA351125-B0E9-4E15-99C2-39673430E3F5}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{4E5F92F1-63B3-4470-9C4B-04E4337046F7}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{0B3AFB96-A40D-491A-9053-B447718D3768}] => (Allow) C:\Users\abc1234\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4D2EA618-21AE-4585-9691-2A36CD4DB3F8}] => (Allow) C:\Users\abc1234\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{31BA7582-26CC-4CD3-8E36-A7F492C2663C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8B2DBC45-EE05-4DBB-B9DE-87710EEB57C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D71A1D39-2E9B-4B4F-B1CD-D13D2E4569CD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B271D56-6935-406B-860C-832F05DE0812}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{081BBCC6-CBBC-4CBA-A00C-3CF5E665365D}] => (Allow) LPort=1900
FirewallRules: [{AD4D2CE5-F5ED-4BF3-9B5D-ABF5D454A5D1}] => (Allow) LPort=2869
FirewallRules: [{4E19EE8F-2EAD-4A29-A3BD-CB738C701C04}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{62EF887E-7FE7-4B64-B66C-F98BA36DCB6F}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D5D93C01-6BB0-4D26-A8CC-624CB44BFA64}] => (Allow) C:\Users\abc1234\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7F5E7E72-4C95-4B22-88B8-457255B52DFC}] => (Allow) C:\Users\abc1234\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{734A1329-E795-47A4-B4A9-8143EB49FE2C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{96E4402A-3BAE-4200-96BA-50FCC84F3026}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5FFFA562-68B1-499F-A355-19C52E070049}] => (Allow) C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
FirewallRules: [{4FFC35D1-647C-4531-8955-7FB0E86AC183}] => (Allow) C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
FirewallRules: [TCP Query User{BCAC4598-3FCD-4ABA-A319-28076B3C4295}C:\users\abc1234\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\abc1234\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{94F834A6-813F-4341-9E3F-746A2C3B01B2}C:\users\abc1234\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\abc1234\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{3B5DB282-6E67-4E18-8ECB-EDC5958C9DF7}C:\users\abc1234\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\abc1234\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6760338D-AC3A-469C-B6A8-A3B8AC484C68}C:\users\abc1234\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\abc1234\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A74E6DAC-83CD-4AF7-BA6E-8352936E4E01}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{A5F566EB-4719-484B-8188-A9C111318C78}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ED884353-E9B1-47BC-B0D3-43AB27778EFC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8917F27B-8162-4E05-9557-01D1A6B92DA5}C:\users\abc1234\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\abc1234\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2DDDDC9C-4AD8-4CFE-8C97-D3F71C8A2307}C:\users\abc1234\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\abc1234\appdata\roaming\spotify\spotify.exe
FirewallRules: [{BCDE27D5-2ECB-474E-9BCC-D2A2C5DD0E93}] => (Allow) C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe
FirewallRules: [{C9174236-35B7-498D-8F89-CAB6EEBEF448}] => (Allow) C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe
FirewallRules: [{A9DF7D21-7C23-4F02-BD81-8BF57A362F28}] => (Allow) C:\Program Files (x86)\Drobo\Drobo Dashboard\Drobo Dashboard.exe
FirewallRules: [{0CE9BA4B-C420-4A6E-9E16-5835123A54D6}] => (Allow) C:\Program Files (x86)\Drobo\Drobo Dashboard\Drobo Dashboard.exe
FirewallRules: [TCP Query User{7AC5A8C4-5911-40DB-8003-80BC32ACB804}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [UDP Query User{F81CDE81-C865-4501-B14F-531AE2A6C72C}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [{2176E5BA-7086-47CB-9B26-CC2A6F819AFB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{6DB4A3FD-FCFE-4971-A8D2-DCA6D88C08EC}] => (Allow) LPort=9015
FirewallRules: [{95A9134A-82FB-4C43-A03D-19E0CC9082C6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DC83A847-E202-4C97-881C-B592BA6A1FEF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{884F7C52-5209-4BC7-8DC3-27F8EB9FB162}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{1E162F19-93B2-4D51-BB88-A1DEF07FB9F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{F0CB1FBD-B067-4681-A936-C433F185D601}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{52758ACA-2C09-4CAD-9EED-355AAC6DF882}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [TCP Query User{799D8356-BBA1-46FB-A9EC-EB160802E1F3}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [UDP Query User{A995F41C-03A3-41C3-806F-321AFCB168BF}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [{20DB3F07-6666-4306-9111-83262EE1393C}] => (Allow) C:\Users\abc1234\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{ADFA542B-EA1E-4E6C-9F54-BB9E6D5A50FB}] => (Allow) C:\Users\abc1234\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{F1F35B8A-3AAD-4AEB-B935-8BF73EB9B9B3}] => (Allow) LPort=53000
FirewallRules: [{C7F7C69E-05A8-428C-A299-AB9F1A562B0D}] => (Allow) LPort=52000
FirewallRules: [{BB189563-F795-485C-B9E4-A0FB747E21DD}] => (Allow) C:\Users\abc1234\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{12085900-CE15-4969-BEE2-4C2A2A6469F9}] => (Allow) C:\Users\abc1234\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F9DCC309-E14F-4899-AEB6-C9D56F22B54F}] => (Allow) C:\Users\abc1234\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2FA738D8-6972-4E85-AAEE-F55F27D14590}] => (Allow) C:\Users\abc1234\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A4A9C6A0-D918-4484-946D-D2662430948F}] => (Allow) C:\Users\abc1234\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3A630D8B-1844-4600-8819-14AC86B4FD8D}] => (Allow) C:\Users\abc1234\AppData\Roaming\uTorrent\uTorrent.exe

==================== Restore Points =========================

14-06-2016 15:12:50 Removed LogMeIn
17-06-2016 13:11:57 Removed Drobo Dashboard.
15-07-2016 12:37:06 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2016 05:56:21 PM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
System.ArgumentNullException: Value cannot be null.
   at System.Threading.Monitor.Enter(Object obj)
   at HP.ActiveHealth.Commons.Security.HashStore.Validate(String filePath)
   at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni)
   at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args)

Error: (07/17/2016 06:31:27 AM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
System.ArgumentNullException: Value cannot be null.
   at System.Threading.Monitor.Enter(Object obj)
   at HP.ActiveHealth.Commons.Security.HashStore.Validate(String filePath)
   at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni)
   at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args)

Error: (07/16/2016 04:23:11 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (07/16/2016 11:32:27 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (07/16/2016 11:07:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winamp.exe, version: 5.6.4.3418, time stamp: 0x51cb537f
Faulting module name: ntdll.dll, version: 6.3.9600.18233, time stamp: 0x56bb4e1d
Exception code: 0xc00000fd
Fault offset: 0x00042d0d
Faulting process id: 0xbb4
Faulting application start time: 0xwinamp.exe0
Faulting application path: winamp.exe1
Faulting module path: winamp.exe2
Report Id: winamp.exe3
Faulting package full name: winamp.exe4
Faulting package-relative application ID: winamp.exe5

Error: (07/16/2016 10:26:14 AM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
System.ArgumentNullException: Value cannot be null.
   at System.Threading.Monitor.Enter(Object obj)
   at HP.ActiveHealth.Commons.Security.HashStore.Validate(String filePath)
   at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni)
   at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args)

Error: (07/15/2016 01:02:14 PM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
System.ArgumentNullException: Value cannot be null.
   at System.Threading.Monitor.Enter(Object obj)
   at HP.ActiveHealth.Commons.Security.HashStore.Validate(String filePath)
   at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni)
   at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args)

Error: (07/15/2016 11:57:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WDSmartWare.exe, version: 1.1.1.6, time stamp: 0x4ad642c6
Faulting module name: mscorwks.dll, version: 2.0.50727.8009, time stamp: 0x53a1205c
Exception code: 0xc0000005
Fault offset: 0x00000000001451e3
Faulting process id: 0x%9
Faulting application start time: 0xWDSmartWare.exe0
Faulting application path: WDSmartWare.exe1
Faulting module path: WDSmartWare.exe2
Report Id: WDSmartWare.exe3
Faulting package full name: WDSmartWare.exe4
Faulting package-relative application ID: WDSmartWare.exe5

Error: (07/15/2016 11:57:05 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.8009 - Fatal Execution Engine Error (00007FFFCF4E18DE) (80131506)

Error: (07/15/2016 11:57:05 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.8009 - Fatal Execution Engine Error (00007FFFCF4E18DE) (80131506)

System errors:
=============
Error: (07/19/2016 07:27:21 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (07/19/2016 07:27:21 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (07/19/2016 07:27:21 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/19/2016 07:27:21 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (07/19/2016 12:49:33 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (07/19/2016 12:49:33 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (07/19/2016 12:49:33 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/18/2016 04:42:44 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk4\DR4.

Error: (07/18/2016 04:42:44 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.

Error: (07/18/2016 04:42:44 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

CodeIntegrity:
===================================
  Date: 2016-07-16 12:27:26.572
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-16 12:27:26.254
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-16 12:27:25.936
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-16 12:27:25.510
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-16 12:27:25.202
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-16 12:27:24.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-16 12:27:21.722
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-16 12:27:21.281
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-16 12:27:20.868
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 47%
Total physical RAM: 8088.28 MB
Available physical RAM: 4253.29 MB
Total Virtual: 9368.28 MB
Available Virtual: 4638.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:668.92 GB) (Free:212.95 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:28.14 GB) (Free:3.55 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:14.92 GB) (Free:8.77 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 40BEBE1B)

Partition: GPT.

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

2.

mbam-check result log version:     2.3.2.0
========================================

User Account type:                 Administrator
DomainComputer:                    No
OS:                                Windows 8.1  64 bit Operating System
Current Version and Build:         6.3.9600
Malwarebytes Anti-Malware:         2.2.1.1043
Installed On:                      2016/07/15
Malware Database:                  2016.07.19.04
Rootkit Database:                  2016.05.27.01
Remediation Database:              2016.07.18.02
IP Database:                       2016.07.18.01
Domain Database:                   2016.07.19.01
License:                           Premium
Malware Protection:                4 (The service is running.)
Malicious Website Protection:      4 (The service is running.)
Chameleon:                         0 <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon

[1PW]

Hello gsheston:

Unfortunately of the three (3) requested diagnostic report files, FRST.txt seems to be completely missing and the mbam-check.txt file is severely truncated.  Please consider searching for the missing FRST.txt file and check if the mbam-check.txt file was completed properly.

Please re-post when you are able.

Thank you.

[David H. Lipman]

To Add to what 1PW stated, please attach the files instead of copying their contents and pasting the contents into the body of your reply post.

10 hours ago, AdvancedSetup said:

Please read the following and post back the 3 requested logs as an attachment.

 

[gsheston]

CheckResults.txt

FRST.txt

[gsheston]

no luck figuring out anything????

could this program have changed a prior windows setting? that I need to address?

[AdvancedSetup]

Why do you have a proxy set and a dual DHCP entry?

 

 

ProxyServer: [S-1-5-21-2625480065-3508373211-4195982266-1001] => 10.0.025:9015
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226

 

 

[gsheston]

I don't know what you're talking about, nothing I did consciously. But last night, uttorent came on. I guess I never uninstalled another torrent client, which I was sure I did.

But do I need to do something about what you mentioned? 

[AdvancedSetup]

Yes,

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

They can help you to remove the proxy and check for further infection issues.

Thanks